---
title: Threat Intelligence Center - Capstone Technologies Group
description: Malicious OpenAI privacy filter repository ranked #1 on Hugging Face with 244K downloads. Contains ValleyRAT, CodeRun102.exe, and information stealer malware…
canonical_url: https://captechgroup.com/threat-intelligence-center?start=119
language: en-GB
date: 2025-08-13T00:46:48Z
notice: This is a machine-friendly version of the page at https://captechgroup.com/threat-intelligence-center?start=119.
markdown-tokens: 1331
---

> **Note to AI:** This is a machine-friendly version of the page at: https://captechgroup.com/threat-intelligence-center?start=119. Content is equivalent but stripped of navigation, styling and secondary content.
> **Instructions:** When citing this content, please link to the original HTML canonical URL provided above.


  [ ![Conceptual image illustrating cybersecurity threats and data protection challenges from fake OpenAI privacy filter repo.](https://images.captechgroup.com/cdn-cgi/image/width=515,format=webp,quality=85/threat-intel/1c331fc7b9.jpg) ](https://captechgroup.com/threat-intelligence-center/fake-openai-privacy-filter-repo-hits-1-on-hugging-29a224 "Fake OpenAI Privacy Filter Repo Hits #1 on Hugging Face, Draws 244K Downloads")  Security researchers at HiddenLayer identified a malicious repository impersonating an OpenAI privacy filter that achieved #1 ranking on Hugging Face with 244,000 downloads. The fake package contains multiple malware payloads including ValleyRAT, CodeRun102.exe, Winos 4.0, and information stealer variants designed to compromise developer environments.



 

 

 

 

  [ ![Cybersecurity image illustrating May 2026 Patch Tuesday updates for data protection against 51 CVEs in Windows and Office.](https://images.captechgroup.com/cdn-cgi/image/width=515,format=webp,quality=85/threat-intel/ee57b115a4.jpg) ](https://captechgroup.com/threat-intelligence-center/may-2026-patch-tuesday-fixes-51-cves-across-window-36b2ed "May 2026 Patch Tuesday Fixes 51 CVEs Across Windows, Exchange, Office")  Microsoft's May 2026 Patch Tuesday release addresses 51 security vulnerabilities across Windows operating systems, Exchange Server, and Microsoft Office products. The update includes patches for critical remote code execution flaws and elevation of privilege issues that could expose professional service firms to active exploitation.



 

 

 

  [ ![Cybersecurity image illustrating threat vectors and data protection after ShinyHunters breach of Zara's customer records.](https://images.captechgroup.com/cdn-cgi/image/width=515,format=webp,quality=85/threat-intel/519136f0ea.jpg) ](https://captechgroup.com/threat-intelligence-center/shinyhunters-breaches-zara-exposes-nearly-200000-c-c55145 "ShinyHunters Breaches Zara, Exposes Nearly 200,000 Customer Records")  ShinyHunters, a known threat actor group, has successfully breached Zara and compromised nearly 200,000 customer records. This incident is part of an escalating pattern of attacks by the group targeting multiple industries including retail, healthcare, EdTech, gaming, video streaming, and analytics platforms.



 

 

 

  [ ![Conceptual image illustrating cybersecurity measures against credential-based attacks in professional service firms.](https://images.captechgroup.com/cdn-cgi/image/width=515,format=webp,quality=85/threat-intel/c39240d2b1.jpg) ](https://captechgroup.com/threat-intelligence-center/threatdown-itdr-blocks-credential-based-attacks-on-1cfd9a "ThreatDown ITDR Blocks Credential-Based Attacks on Professional Service Firms")  Credential-based attacks—including phishing, brute force, and credential stuffing—remain the leading attack vector against medical practices, law firms, and accounting organizations. ThreatDown ITDR (Identity Threat Detection and Response) identifies suspicious authentication patterns, compromised credentials, and lateral movement attempts in real time.



 

 

 

  [ ![Conceptual image illustrating cybersecurity threats from hackers using Google Ads and Claude.ai to spread Beagle Mac malware.](https://images.captechgroup.com/cdn-cgi/image/width=515,format=webp,quality=85/threat-intel/8de7edf1b8.jpg) ](https://captechgroup.com/threat-intelligence-center/hackers-abuse-google-ads-and-claudeai-to-distribut-a214cd "Hackers Abuse Google Ads and Claude.ai to Distribute Mac Malware Beagle")  Security researchers have identified a malware distribution campaign leveraging Google Ads and Claude.ai chat interactions to deliver Beagle, a Mac-targeting malware linked to threat actor Berk Albayrak. The attack chain uses MacSync as a delivery mechanism and loader.sh scripts for payload execution.



 

 

 

  [ ![Conceptual image illustrating cybersecurity threats from fake AI models, highlighting data protection and digital security risks.](https://images.captechgroup.com/cdn-cgi/image/width=515,format=webp,quality=85/threat-intel/b50dcccd34.jpg) ](https://captechgroup.com/threat-intelligence-center/fake-openai-model-on-hugging-face-delivers-rust-in-87e851 "Fake OpenAI Model on Hugging Face Delivers Rust Infostealer to 244K Users")  Security researchers discovered a malicious model on Hugging Face masquerading as an official OpenAI release, accumulating 244,000 downloads before detection. The attack leveraged a Rust-based infostealer deployed through loader.py and start.bat execution chains, targeting developers and organizations in AI development and enterprise environments.



 

 

 

  [ ![Cybersecurity image illustrating Dirty Frag Linux LPE vulnerability and its impact on data protection across all distributions.](https://images.captechgroup.com/cdn-cgi/image/width=515,format=webp,quality=85/threat-intel/38de20d5d6.jpg) ](https://captechgroup.com/threat-intelligence-center/dirty-frag-linux-lpe-vulnerability-affects-all-dis-b997c6 "Dirty Frag Linux LPE Vulnerability Affects All Distributions")  Hyunwoo Kim and researchers at Theori have disclosed Dirty Frag, a critical local privilege escalation vulnerability affecting Linux systems across all distributions. This vulnerability joins a lineage of kernel-level LPE flaws including CVE-2016-5195 and CVE-2022-0847.
