Tag: macOS

Zunehmende Bedrohung durch Infostealer auf macOS-Systemen

Apr 30, 2026 9:42 AM

Tags: macOS, software, supply-chain

Von Account-Übernahmen bis hin zu Supply-Chain-Angriffen: Viele Nutzer installieren Software über das Terminal und umgehen damit bewusst Sicherheitsmechanismen von macOS. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/zunehmende-bedrohung-durch-infostealer-auf-macos-systemen/a44831/
Lazarus Targets macOS Users With New “Mach-O Man” Malware Kit

Apr 29, 2026 4:39 PM

Tags: access, corporate, credentials, crypto, cyber, fintech, group, intelligence, lazarus, macOS, malware, social-engineering, threat

Lazarus Group is abusing “ClickFix” social engineering to push a new macOS malware kit dubbed “Mach-O Man,” giving attackers a direct path to credentials, Keychain secrets, and corporate access in fintech and crypto environments. This research is authored by Mauro Eldritch, an offensive security expert and founder of BCA LTD, a company focused on threat intelligence and…
Crypto-Targeting North Koreans Wield Fake Zoom Meetings

Apr 27, 2026 11:39 PM

Tags: crypto, hacker, macOS, north-korea, social-engineering, windows

Video of Industry Figures Harvested During Meetings and Used to Lure Future Victims. North Korean hackers are pretending to be cryptocurrency insiders, in an attempt to trick targets into accepting Calendly calendar invites. The social engineering ruse is designed to infect Windows and macOS systems with crypto stealers, and to harvest video of real-life people…
Researchers Warn macOS textutil, KeePassXC Can Fuel Automation Attacks

Apr 27, 2026 1:39 PM

Tags: attack, automation, cyber, data-breach, macOS, risk, tool, vulnerability

Researchers are warning that widely trusted local tools such as macOS’s textutil and KeePassXC can pose unexpected security risks when used within automated workflows. The issue is not traditional vulnerabilities such as memory corruption or code execution, but how normal features behave when exposed to attacker-controlled input. Many engineering teams treat built-in utilities as safe…
Product showcase: LuLu reveals unauthorized outbound connections from Mac apps

Apr 27, 2026 6:38 AM

Tags: control, data, firewall, macOS, open-source, unauthorized

LuLu is a free, open-source firewall for macOS that lets you control which apps are allowed to send data from your computer. macOS includes a built-in firewall, but it mainly … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/27/product-showcase-lulu-macos-firewall/
Introducing Proactive Hardening and Attack Surface Reduction (PHASR) for Linux and macOS

Apr 26, 2026 5:38 AM

Tags: attack, cloud, detection, infrastructure, linux, macOS, malicious, windows

<div cla As Linux dominates cloud-native infrastructure and macOS becomes the standard for high-value targets in development and executive leadership, the attack surface is no longer Windows-centric. Modern attack playbooks weaponize Living off the Land (LOTL) binariespre-installed, legitimate system toolsto blend malicious activity with normal operations and bypass standard detection telemetry. First seen on securityboulevard.com…
North Korea’s Lazarus Targets macOS Users via ClickFix

Apr 24, 2026 3:39 PM

Tags: access, data, korea, lazarus, macOS, north-korea, theft

Lazarus continues leveraging ClickFix for initial access and data theft, in this case, against Mac-centric organizations and their high-value leaders. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/north-koreas-lazarus-targets-macos-users-clickfix
Claude Desktop Reportedly Adds Browser Access Bridge for Chromium Browsers

Apr 24, 2026 1:38 PM

Tags: access, application-security, automation, cyber, cybersecurity, macOS, privacy, risk

A detailed cybersecurity report published by privacy expert Alexander Hanff on April 18, 2026, reveals that Anthropic’s Claude Desktop application for macOS silently installs a Native Messaging bridge across multiple Chromium-based browsers. This unprompted installation establishes out-of-sandbox browser automation hooks that pose significant privacy and security risks, bypassing explicit user consent and standard application security…
Claude Desktop Reportedly Adds Browser Access Bridge for Chromium Browsers

Apr 24, 2026 1:38 PM

Tags: access, application-security, automation, cyber, cybersecurity, macOS, privacy, risk

A detailed cybersecurity report published by privacy expert Alexander Hanff on April 18, 2026, reveals that Anthropic’s Claude Desktop application for macOS silently installs a Native Messaging bridge across multiple Chromium-based browsers. This unprompted installation establishes out-of-sandbox browser automation hooks that pose significant privacy and security risks, bypassing explicit user consent and standard application security…
(g+) Backdoor in Claude-Desktop-App: Stille Brücke aus dem Browser

Apr 23, 2026 9:39 PM

Tags: backdoor, macOS

Claude Desktop legt auf MacOS Native Messaging Hosts in jeden Chromium-Browser, sogar in noch nicht installierte. Das ist nicht harmlos – was nun zu tun ist. First seen on golem.de Jump to article: www.golem.de/news/backdoor-in-claude-desktop-app-stille-bruecke-aus-dem-browser-2604-207881.html
ThreatsDay Bulletin: $290M DeFi Hack, macOS LotL Abuse, ProxySmart SIM Farms +25 New Stories

Apr 23, 2026 5:39 PM

Tags: backdoor, data, exploit, macOS, supply-chain

You scroll past one incident and see another that feels familiar, like it should have been fixed years ago, but it still works with small changes. Same bugs. Same mistakes.The supply chain is messy. Packages you did not check are stealing data, adding backdoors, and spreading. Attacking the systems behind apps is easier than breaking…
Fake Wallpaper App, YouTube Channel Used to Spread notnullOSX Malware

Apr 23, 2026 10:39 AM

Tags: crypto, cyber, hacker, macOS, malware

Hackers are abusing a fake macOS wallpaper app and a hijacked YouTube channel to quietly deliver notnullOSX, a new crypto-focused stealer that targets Macs via ClickFix commands and weaponized DMG installers. The campaign is highly selective, going after victims with crypto holdings above 10,000 USD and using polished lures that closely mimic legitimate apps and workflows.…
prompted 2026 macOS Vulnerability Research: Augmenting Apple’s Source Code And OS Logs With AI Agents

Apr 22, 2026 10:39 PM

Tags: ai, apple, macOS, vulnerability

Author, Creator & Presenter: Olivia Gallucci, Security Engineer, Datadog Our thanks to [un]prompted for publishing their Creators, Authors and Presenter’s outstanding [un]prompted 2026 AI Security Practitioner content on the Organizations’ YouTube Channel. Permalink First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/unprompted-2026-macos-vulnerability-research-augmenting-apples-source-code-and-os-logs-with-ai-agents/
Microsoft issues emergency update for macOS and Linux ASP.NET threat

Apr 22, 2026 10:39 PM

Tags: authentication, linux, macOS, microsoft, threat, update

When authentication fails, things can go very, very wrong. First seen on arstechnica.com Jump to article: arstechnica.com/security/2026/04/microsoft-issues-emergency-update-for-macos-and-linux-asp-net-threat/
Microsoft issues emergency update for macOS and Linux ASP.NET threat

Apr 22, 2026 10:39 PM

Tags: authentication, linux, macOS, microsoft, threat, update

When authentication fails, things can go very, very wrong. First seen on arstechnica.com Jump to article: arstechnica.com/security/2026/04/microsoft-issues-emergency-update-for-macos-and-linux-asp-net-threat/
Microsoft issues emergency update for macOS and Linux ASP.NET threat

Apr 22, 2026 10:39 PM

Tags: authentication, linux, macOS, microsoft, threat, update

When authentication fails, things can go very, very wrong. First seen on arstechnica.com Jump to article: arstechnica.com/security/2026/04/microsoft-issues-emergency-update-for-macos-and-linux-asp-net-threat/
MacOS Native Tools Enable Stealthy Enterprise Attacks

Apr 22, 2026 7:39 PM

Tags: attack, detection, macOS, tool

macOS LOTL techniques bypass detection using native tools and metadata abuse First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/macos-lotl-techniques-enterprise/
Researcher claims Claude Desktop installs “spyware” on macOS

Apr 22, 2026 5:39 PM

Tags: macOS, spyware

A security researcher claims Claude Desktop installed spyware on his Mac. We examine the findings. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/researcher-claims-claude-desktop-installs-spyware-on-macos/
Backdoor in Claude-Desktop-App: Stille Brücke aus dem Browser

Apr 22, 2026 5:39 PM

Tags: backdoor, macOS

Claude Desktop legt auf MacOS Native Messaging Hosts in jeden Chromium-Browser, sogar in noch nicht installierte. Das ist nicht harmlos – was nun zu tun ist. First seen on golem.de Jump to article: www.golem.de/news/backdoor-in-claude-desktop-app-stille-bruecke-aus-dem-browser-2604-207881.html
Tencent’s QClaw AI agent app arrives on Windows and macOS

Apr 22, 2026 1:39 PM

Tags: ai, international, korea, macOS, windows

Tencent has opened an international beta of QClaw, an AI agent application aimed at consumers in Canada, Japan, Singapore, South Korea, and the United States. The first wave … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/04/22/tencent-qclaw-ai-agent-windows-macos/
macOS ClickFix attacks deliver AppleScript stealers to snarf credentials, wallets

Apr 21, 2026 6:39 PM

Tags: attack, credentials, crypto, data, macOS

Data from browsers, cryptocurrency wallets, 200+ extensions hoovered up First seen on theregister.com Jump to article: www.theregister.com/2026/04/21/macos_clickfix_attacks_deliver_applescript/
macOS ClickFix attacks deliver AppleScript stealers to snarf credentials, wallets

Apr 21, 2026 6:39 PM

Tags: attack, credentials, crypto, data, macOS

Data from browsers, cryptocurrency wallets, 200+ extensions hoovered up First seen on theregister.com Jump to article: www.theregister.com/2026/04/21/macos_clickfix_attacks_deliver_applescript/
Bad Apples: Weaponizing native macOS primitives for movement and execution

Apr 21, 2026 12:39 PM

Tags: apple, cisco, macOS

Cisco Talos documents several macOS living-off-the-land (LOTL) techniques, demonstrating that native pathways for movement and execution remain accessible to those who understand the underlying architecture. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/bad-apples-weaponizing-native-macos-primitives-for-movement-and-execution/
Microsoft spots Sapphire Sleet macOS attack using AppleScript and social engineering

Apr 21, 2026 12:39 PM

Tags: attack, cyber, exploit, flaw, macOS, microsoft, north-korea, social-engineering, software, threat, vulnerability

A new macOS-focused cyber campaign linked to the North Korean threat actor Sapphire Sleet, highlighting how attackers are increasingly relying on social engineering rather than software vulnerabilities to compromise systems. Rather than exploiting security flaws, the attackers manipulate user trust, allowing them to bypass built-in macOS protections. The attack begins with carefully crafted social engineering…
North Korea-Linked UNC1069 Hacks Crypto Pros via Fake Meetings

Apr 20, 2026 2:38 PM

Tags: access, crypto, cyber, google, korea, linux, macOS, malware, microsoft, north-korea, social-engineering, theft, threat, windows

North Korea-linked threat actor UNC1069 is running a highly targeted campaign that abuses fake Zoom, Google Meet, and Microsoft Teams meetings to compromise cryptocurrency and Web3 professionals across Windows, macOS, and Linux systems. The goal is long-term access and large-scale theft of digital assets through stealthy social engineering and multi-stage malware deployment. Attackers often hijack…
iTerm2 Flaw Turns SSH Escape Sequences Into Arbitrary Code Execution

Apr 20, 2026 12:38 PM

Tags: cyber, cybersecurity, flaw, macOS, openai

In the cybersecurity community, we often assume that simply reading a text file using a command like cat is a perfectly safe operation. However, security researchers have recently demonstrated that doing so inside the popular iTerm2 macOS terminal emulator can cross the line into arbitrary code execution. This alarming discovery, made in partnership with OpenAI, highlights a…
North Korean social engineering campaign targets macOS users

Apr 17, 2026 8:40 PM

Tags: data-breach, intelligence, korea, macOS, microsoft, north-korea, social-engineering, threat

A MacOS-focused social engineering campaign orchestrated by North Korea-based threat actor Sapphire Sleet has been exposed by Microsoft’s Threat Intelligence Unit. First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366641953/North-Korean-social-engineering-campaign-targets-macOS-users
Fake Zoom SDK Update Spreads Sapphire Sleet Malware in New macOS Attack Chain

Apr 17, 2026 12:38 PM

Tags: apple, attack, cyber, macOS, malicious, malware, north-korea, social-engineering, software, threat, update, vulnerability

A sophisticated macOS-focused cyber campaign orchestrated by the North Korean threat actor Sapphire Sleet, revealing a shift toward social engineering over traditional software exploitation. Instead of relying on vulnerabilities, the attackers trick users into executing malicious files disguised as legitimate software updates, effectively bypassing Apple’s built-in security protections. The campaign centers on a fake file…
North Korea targets macOS users in latest heist

Apr 17, 2026 12:48 AM

Tags: korea, macOS, north-korea, social-engineering, update

Social engineering: ‘low-cost, hard to patch, and scales well’ First seen on theregister.com Jump to article: www.theregister.com/2026/04/16/north_korea_social_engineering_macos/
North Korea Uses ClickFix to Target macOS Users’ Data

Apr 17, 2026 12:48 AM

Tags: attack, credentials, data, jobs, korea, macOS, north-korea, update

Sapphire Sleet uses fake job offers and phony Zoom updates to deliver ClickFix attacks that steal credentials and sensitive data from Macs. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/north-korea-clickfix-target-macos-users-data