ThreatsDay Bulletin: PAN-OS RCE, Mythos cURL Bug, AI Tokenizer Attacks, and 10+ Stories
The Hacker News
May 14, 2026
A VBScript loader prepares the system and silently installs the components needed to run Python-based code. This is where the attack becomes more flexible. Rather than relying on a single static payload, the attackers now have a programmable environment. Once the Python script is running, it connects to a remote server.
New CRPx0 malware campaign uses OnlyFans lure for crypto theft and ransomware
SC Media
May 13, 2026
A complex and stealthy malware campaign dubbed CRPx0 is targeting MacOS and Windows systems, with potential Linux capabilities in development. The campaign begins with a social engineering lure offering free access to OnlyFans, aiming to trick users into downloading malicious files.
Free OnlyFans Lure Used to Spread Cross-Platform CRPx0 Malware
SecurityWeek
May 12, 2026
CRPx0 is a complex, stealthy and persistent malware campaign. It currently targets macOS and Windows systems, and appears to have Linux capabilities in development. It currently comprises cryptocurrency theft followed by large scale data exfiltration and ransomware.
Russian hackers target HR departments with vicious new ‘BlackSanta’ malware
Tech Radar
March 11, 2026
Russian hackers have been targeting Human Resources (HR) departments at various organizations around the world with a never-before seen piece of malware called BlackSanta.
HR departments are being targeted with fake resumes that disable security protection
Cybernews
March 11, 2026
A threat campaign against human resource (HR) departments has recently been launched. What seems like a decent resume actually is malicious software that kills security defenses, including antivirus programs and Endpoint Detection and Response (EDR) tools.
‘BlackSanta’ Malware Activates EDR and AV Killer Before Detonating Payload
Security Week
March 11, 2026
The malware disables antivirus and EDR protections at the kernel level, clearing the path for credential harvesting, system reconnaissance, and eventual data exfiltration.
BlackSanta ‘EDR-killer’ malware targets HR departments
SC Media
March 11, 2026
A specialized “EDR-killer” malware module known as BlackSanta has been discovered operated by a Russian-speaking threat actor that primarily targets human resource and recruitment personnel.
BlackSanta Malware Targets HR Staff with Fake CV Downloads
Hack Read
March 11, 2026
Aryaka researchers have identified a new threat from a Russian-speaking group using ‘BlackSanta’ malware. By disguising attacks as job applications, hackers are bypassing security to target recruitment workflows.
BlackSanta EDR-Killer Targets HR Teams in CV-Themed Campaign
InfoSecurity Magazine
March 11, 2026
A new malware campaign targeting human resources and recruiting staff has seen attackers distribute malicious files disguised as job applications.
HR Departments Targeted by Multi-Layered BlackSanta EDR Killer Malware
GBHackers
March 11, 2026
Threat actors are increasingly targeting human resources (HR) departments by disguising malware as job application documents.
BlackSanta Malware Shuts Down Protections, Targets HR and Recruiting Operations
Security Boulevard
March 11, 2026
Russian threat actors have targeted HR employees and recruiters for more than a year with a sophisticated campaign that includes seemingly legitimate files disguised as resumes and new a malware component that can disable endpoint detection and response (EDR) and antivirus protections.
Resumés with malicious ISO attachments are circulating, says Aryaka
csoonline
March 11, 2026
HR staff need to understand that these unfamiliar files execute commands and shouldn’t be opened.
