Cybercrime/malcode – Lifeboat News: The Blog

May 12
2026

JDownloader site hacked to replace installers with Python RAT malware

The website for the popular JDownloader download manager was compromised earlier this week to distribute malicious Windows and Linux installers, with the Windows payload found deploying a Python-based remote access trojan.

The supply chain attack affects those who downloaded installers from the official website between May 6 and May 7, 2026 via the Windows “Download Alternative Installer” links or the Linux shell installer.

According to the developers, the attackers modified the website’s download links to point to malicious third-party payloads rather than legitimate installers.

May 12
2026

Instructure confirms hackers used Canvas flaw to deface portals

Education technology giant Instructure has confirmed that a security vulnerability allowed hackers to modify Canvas login portals and leave an extortion message.

BleepingComputer has learned that both the breach and defacements involved multiple cross-site scripting (XSS) vulnerabilities that enabled the attacker to obtain authenticated admin sessions.

The second hack was to draw attention and to pressure Instructure into entering negotiations to pay a ransom following an initial breach disclosed a week before.

May 12
2026

Webinar this week: Prevention alone is not enough against modern attacks

This upcoming webinar explores how organizations need to combine security, backups, and recovery planning to reduce the impact of modern cyberattacks.

May 12
2026

TrickMo Android banker adopts TON blockchain for covert comms

A new variant of the TrickMo Android banking malware, delivered in campaigns targeting users across Europe, introduces new commands and uses The Open Network (TON) for stealthy command-and-control communications.

The TrickMo banker was first spotted in September 2019 and has remained in active development, constantly receiving updates since then.

In October 2024, Zimperium analyzed 40 variants of the malware delivered via 16 droppers, communicating with 22 distinct command-and-control (C2) infrastructures, and targeting sensitive data belonging to users worldwide.

May 12
2026

Hackers abuse Google ads, Claude.ai chats to push Mac malware

Attackers are abusing Google Ads and legitimate Claude.ai shared chats in an active malvertising campaign.

Users searching for “Claude mac download” may come across sponsored search results that list claude.ai as the target website, but lead to instructions that install malware on their Mac.

The campaign was spotted by Berk Albayrak, a security engineer at Trendyol Group, who shared his findings on LinkedIn.

May 8
2026

TCLBANKER Banking Trojan Targets Financial Platforms via WhatsApp and Outlook Worms

TCLBANKER targets 59 financial platforms using WhatsApp worms and Outlook phishing, increasing banking credential theft risks. (.

May 8
2026

Fake Call History Apps Stole Payments From Users After 7.3 Million Play Store Downloads

Cybersecurity researchers have discovered fraudulent apps on the official Google Play Store for Android that falsely claimed to offer access to call histories for any phone number, only to trick users into joining a subscription that provided fake data and incurred financial loss.

The 28 apps have collectively racked up more than 7.3 million downloads, with one of them alone accounting for over 3 million downloads, before they were taken down from the official app storefront. The activity, codenamed CallPhantom by Slovakian cybersecurity company ESET, primarily targeted Android users in India and the broader Asia-Pacific region.

“The offending apps, which we named CallPhantom based on their false claims, purport to provide access to call histories, SMS records, and even WhatsApp call logs for any phone number,” ESET security researcher Lukáš Štefanko said in a report shared with The Hacker News. “To unlock this supposed feature, users are asked to pay — but all they get in return is randomly generated data.”

May 8
2026

NVIDIA confirms GeForce NOW data breach affecting Armenian users

NVIDIA has confirmed in a statement for BleepingComputer that GeForce NOW user information has been exposed in a data breach.

The gaming and hardware giant has clarified that the impact is limited to Armenia, and was caused by a compromise of the infrastructure operated by a regional partner.

The company added that its own network was not impacted by the incident.

May 8
2026

Agentic AI: Navigating The Evolving Frontier

Link:

#artificialIntelligence #agenticai #ai #cybersecurity #governance #tech Forbes

Kindly see my latest article: By Chuck Brooks.

The Strategic Inflection Point: From Automation to Autonomy. This moment is characterized by operational autonomy and technical innovation. Agentic AI is increasingly establishing itself as the standard decision-making framework in critical systems. This transition resembles cloud computing and mobile networks, yet it possesses agency. Incorporating intent into machines.

May 8
2026

Anthropic research warns AI could build itself by 2028

In this exclusive interview, Axios co-founder Mike Allen sits down with Anthropic co-founder Jack Clark to discuss his warning that by 2028, AI systems may be able to improve and build better versions of themselves.

Clark explains why Anthropic is preparing for the possibility of an “intelligence explosion,” how advanced AI could accelerate breakthroughs in science and medicine, and why governments, companies and researchers need new plans for cyber threats, bio risks, economic disruption and the future of work.

Timestamps:
00:00 — Introduction: the future of AI
00:41 — The 2028 prediction: AI building itself.
01:49 — The risks of rapid acceleration.
03:11 — The 3D printer metaphor.
05:21 — Intelligence explosion and fire drill scenarios.
06:55 — Building a \.