Cybersecurity News | Daily Recap [09 May 2026]

Malware & Apps

• A fake OpenAI repository on Hugging Face delivered an infostealer, while the TCLBANKER banking trojan spread via WhatsApp and Outlook worms, and fake call-history apps racked up 7.3 million Play Store downloads before stealing payments – OpenAI Repo, TCLBANKER, Fake Apps
• A new PamDOORa Linux backdoor surfaced alongside other threat updates, including a train-hacker arrest and the latest CISA leadership race – PamDOORa

Vulnerabilities & Breaches

• cPanel and WHM released fixes for 3 new vulnerabilities, urging immediate patching – cPanel Fixes
• Braintrust disclosed a data breach and prompted API key rotation, while NVIDIA confirmed a GeForce NOW breach affecting Armenian users – Braintrust Breach, NVIDIA Breach
• ShinyHunters claimed a second attack against Instructure, extending its campaign of high-profile compromises – ShinyHunters Attack

Critical Infrastructure & Government

• Poland’s security agency reported ICS breaches at 5 water treatment plants, highlighting risks to essential services – Water Breaches
• A Virginia man was found guilty of deleting 96 government databases, underscoring insider-damage concerns – Gov Databases
• Sen. Schumer pressed the DHS for a plan to coordinate AI cyber efforts with state and local governments amid growing policy pressure – AI Coordination

Law Enforcement & Policy

• The Kingdom Market administrator received a 16-year sentence as authorities continued to target dark-web marketplaces – Kingdom Market
• GM agreed to pay over $12 million in a California privacy settlement tied to driver-data handling – GM Settlement

Cybersecurity News | Daily Recap – hendryadrian.com