Breaking News – Cyber Threats (last 6h)
Generated: 2026-05-08 13:00 PDT
- TCLBANKER Banking Trojan Targets Financial Platforms via WhatsApp and Outlook Worms
The Hacker News • 2026-05-08 11:12 • thehackernews.com
Threat hunters have flagged a previously undocumented Brazilian banking trojan dubbed TCLBANKER that’s capable of targeting 59 banking, fintech, and cryptocurrency platforms.
The activity is being tracked by Elastic Security Labs under the moniker REF3076. The malware family is assessed to be a major update of the Maverick, which is known to leverage a worm called SORVEPOTEL to spread via
https://thehackernews.com/2026/05/tclbanker-banking-trojan-targets.html - Insider Betting on Polymarket
Schneier on Security • 2026-05-08 10:49 • www.schneier.comInsider trading is rife on Polymarket:
Analysis by the Anti-Corruption Data Collective, a non-profit research and advocacy group, found that long-shot bets—defined as wagers of $2,500 or more at odds of 35 percent or less—on the platform had an average win rate of around 52 percent in markets on military and defense actions.
That compares with a win rate of 25 percent across all politics-focused markets and just 14 percent for all m…
https://www.schneier.com/blog/archives/2026/05/insider-betting-on-polymarket.html - NVIDIA confirms GeForce NOW data breach affecting Armenian users
BleepingComputer • 2026-05-08 09:18 • www.bleepingcomputer.com
NVIDIA has confirmed in a statement for BleepingComputer that GeForce NOW user information has been exposed in a data breach. […]
https://www.bleepingcomputer.com/news/security/nvidia-confirms-geforce-now-data-breach-affecting-armenian-users/ - One in eight UK workers has sold their company passwords, and bosses think it’s fine
Graham Cluley • 2026-05-08 08:20 • www.fortra.com
One in eight UK workers admits to selling their company login credentials – or knowing someone who has – in the past 12 months.The really alarming bit? Their bosses are even more relaxed about it.
Read more in my article on the Fortra blog.
https://www.fortra.com/blog/one-eight-uk-workers-has-sold-their-company-passwords-and-bosses-think-its-fine - Fake Call History Apps Stole Payments From Users After 7.3 Million Play Store Downloads
The Hacker News • 2026-05-08 08:08 • thehackernews.com
Cybersecurity researchers have discovered fraudulent apps on the official Google Play Store for Android that falsely claimed to offer access to call histories for any phone number, only to trick users into joining a subscription that provided fake data and incurred financial loss.
The 28 apps have collectively racked up more than 7.3 million downloads, with one of them alone accounting for over
https://thehackernews.com/2026/05/fake-call-history-apps-stole-payments.html - Another Universal Linux Local Privilege Escalation (LPE) Vulnerability: Dirty Frag, (Fri, May 8th)
SANS ISC Diary (full) • 2026-05-08 07:57 • isc.sans.eduLess than two weeks after the public disclosure of the Copy Fail vulnerability (CVE-2026-31431), another local privilege escalation (LPE) vulnerability in the Linux kernel has been revealed. Referred to as “Dirty Frag,” this vulnerability was discovered and reported by Hyunwoo Kim (@v4bel) [1]. In this diary, I will provide a brief background on Dirty Frag, and discuss its relationship to Copy Fail. I will then discuss how to mitigate Dirty Frag and outline recommended next steps for system owners.
- Inside Department 4: Russia’s secret school for hackers
Graham Cluley • 2026-05-08 07:36 • www.bitdefender.com
Most universities have a careers fair. At Bauman Moscow State Technical University, however, an elite group of students appear to have something rather more unusual: a direct pipeline into some of the world’s most notorious state-sponsored hacking groups.Read more in my article on the Hot for Security blog.
https://www.bitdefender.com/en-us/blog/hotforsecurity/inside-department-4-russias-secret-school-for-hackers - Why More Analysts Won’t Solve Your SOC’s Alert Problem
BleepingComputer • 2026-05-08 07:02 • www.bleepingcomputer.com
Attackers move faster than overwhelmed SOC teams can realistically investigate alerts. Prophet Security breaks down how AI can help analysts investigate alerts faster and focus on real threats. […]
https://www.bleepingcomputer.com/news/security/why-more-analysts-wont-solve-your-socs-alert-problem/ - One Click, Total Shutdown: The "Patient Zero" Webinar on Killing Stealth Breaches
The Hacker News • 2026-05-08 07:01 • thehackernews.com
The hardest part of cybersecurity isn’t the technology, it’s the people.
Every major breach you’ve read about lately usually starts the same way: one employee, one clever email, and one “Patient Zero” infection.
In 2026, hackers are using AI to make these “first clicks” nearly impossible to spot. If a single laptop gets compromised on your watch, do you have a plan to stop it from taking down
https://thehackernews.com/2026/05/one-click-total-shutdown-patient-zero.html
Sources: BleepingComputer, The Hacker News, KrebsOnSecurity, SANS ISC, CISA.
