Tag: macOS
-
Apple Releases iOS 26, macOS Tahoe 26 and 50+ Security Fixes
Apple just fixed more than 50 security flaws across iPhone, iPad, Mac, Watch, TV, and Vision Pro. The post Apple Releases iOS 26, macOS Tahoe 26 and 50+ Security Fixes appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-apple-ios26-macos26-release-security-fixes/
-
VirtualBox 7.2.2 Update Released with Fix for Guest GUI Crashes
Oracle has released VirtualBox 7.2.2, a critical maintenance update that addresses multiple GUI crashes and stability issues affecting users across Windows, Linux, and macOS platforms. Released on September 10, 2025, this update represents a significant improvement in the virtualization software’s reliability and user experience. Critical GUI Crash Fixes Implemented The most significant improvements in VirtualBox…
-
Breach Roundup: Vidar Strikes Back
Also, Akira Ransomware Resumes Attacks Via SonicWall Flaws. This week, the Vidar infostealer, BlackDB admin, Akira ransomware hackers and Patch Tuesday. A warning for British bankers, a Cursor flaw, a Brazilian dating app shut down. KazMunayGas said it wasn’t hacked. Wealthsimple and Hello Gym data breaches. A macOS backdoor hid in plain sight for years.…
-
ChillyHell macOS Malware Resurfaces, Using Google.com as a Decoy
A previously dormant macOS threat, ChillyHell, is reviving. Read how this malware can bypass security checks, remain hidden,… First seen on hackread.com Jump to article: hackread.com/chillyhell-macos-malware-resurfaces-google-com-decoy/
-
ChillyHell macOS Malware: Three Methods of Compromise and Persistence
A new wave of macOS-targeted malware has emerged under the radar”, despite employing advanced process reconnaissance and maintaining successful notarization status for years. Jamf Threat Labs recently uncovered a developer-signed sample on VirusTotal that used sophisticated endpoint profiling and established persistence using several different mechanisms. The malware, dubbed ChillyHell, has evaded popular antivirus detections even…
-
Apple slips up on ChillyHell macOS malware, lets it past security . . . for 4 years
‘We do believe that this was likely the creation of a cybercrime group,’ threat hunter tells The Reg First seen on theregister.com Jump to article: www.theregister.com/2025/09/10/chillyhell_modular_macos_malware/
-
Dormant macOS Backdoor ChillyHell Resurfaces
With multiple persistence mechanisms, the modular malware can brute-force passwords, drop payloads, and communicate over different protocols. First seen on darkreading.com Jump to article: www.darkreading.com/endpoint-security/dormant-macos-backdoor-chillyhell-resurfaces
-
Cursor’s autorun lets hackers execute arbitrary code
Security Debt in the Cursor Ecosystem: The disclosure isn’t an isolated scenario. Earlier this year, Cursor was already targeted by campaigns like CurXecute and MCPoison, along with npm package tampering aimed at macOS users. Barr warned that the .vscode/tasks.json issue is “just another piece of the same puzzle: attackers are looking deep into Cursor’s ecosystem…
-
CHILLYHELL macOS Backdoor and ZynorRAT RAT Threaten macOS, Windows, and Linux Systems
Cybersecurity researchers have discovered two new malware families, including a modular Apple macOS backdoor called CHILLYHELL and a Go-based remote access trojan (RAT) named ZynorRAT that can target both Windows and Linux systems.According to an analysis from Jamf Threat Labs, ChillyHell is written in C++ and is developed for Intel architectures.CHILLYHELL is the name assigned…
-
CHILLYHELL macOS Backdoor and ZynorRAT RAT Threaten macOS, Windows, and Linux Systems
Cybersecurity researchers have discovered two new malware families, including a modular Apple macOS backdoor called CHILLYHELL and a Go-based remote access trojan (RAT) named ZynorRAT that can target both Windows and Linux systems.According to an analysis from Jamf Threat Labs, ChillyHell is written in C++ and is developed for Intel architectures.CHILLYHELL is the name assigned…
-
CHILLYHELL macOS Backdoor and ZynorRAT RAT Threaten macOS, Windows, and Linux Systems
Cybersecurity researchers have discovered two new malware families, including a modular Apple macOS backdoor called CHILLYHELL and a Go-based remote access trojan (RAT) named ZynorRAT that can target both Windows and Linux systems.According to an analysis from Jamf Threat Labs, ChillyHell is written in C++ and is developed for Intel architectures.CHILLYHELL is the name assigned…
-
Smart GPUGate malware exploits GitHub and Google Ads for evasive targeting
GPU-Gated decryption evades detection: The malware itself is delivered as a large Microsoft Software Installer (MSI) file, approximately 128 MB in size. It features a GPU-gated decryption mechanism that keeps the payload encrypted unless it detects the presence of a real GPU on the system. Researchers noted that this design allows GPUGate to remain dormant…
-
Smart GPUGate malware exploits GitHub and Google Ads for evasive targeting
GPU-Gated decryption evades detection: The malware itself is delivered as a large Microsoft Software Installer (MSI) file, approximately 128 MB in size. It features a GPU-gated decryption mechanism that keeps the payload encrypted unless it detects the presence of a real GPU on the system. Researchers noted that this design allows GPUGate to remain dormant…
-
macOS Under Attack: Atomic Stealer Hidden in Pirated Software
The cybersecurity landscape for macOS users has taken a dangerous turn as cybercriminals increasingly target Apple’s ecosystem with sophisticated malware campaigns. Atomic macOS Stealer (AMOS), a specialized data-theft malware, has emerged as one of the most significant threats to Mac users, particularly those seeking cracked software applications. While macOS has historically maintained a reputation as…
-
Hackers Exploit Fake Microsoft Teams Site to Spread Odyssey macOS Stealer
Cybercriminals have escalated their attacks against macOS users by deploying a sophisticated new campaign that leverages a fraudulent Microsoft Teams download site to distribute the dangerous Odyssey stealer malware. This development represents a significant evolution from earlier attacks that primarily targeted users through fake trading platforms. The malicious campaign first came to light in early…
-
macOS Stealer Campaign Uses “Cracked” App Lures to Bypass Apple Security
Trend Micro observed the attackers using terminal-based installation methods for the AMOS malware, luring macOS users into installing cracked versions of apps First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/macos-stealer-cracked-apps-bypass/
-
macOS Stealer Campaign Uses “Cracked” App Lures to Bypass Apple Security
Trend Micro observed the attackers using terminal-based installation methods for the AMOS malware, luring macOS users into installing cracked versions of apps First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/macos-stealer-cracked-apps-bypass/
-
macOS vulnerability allowed Keychain and iOS app decryption without a password
Today at Nullcon Berlin, a researcher disclosed a macOS vulnerability that allowed attackers to read the memory of any process, even with System Integrity Protection (SIP) … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/09/04/macos-gcore-vulnerability-cve-2025-24204/
-
Zero-Click Spyware Hits WhatsApp on iOS and macOS
A WhatsApp zero-click flaw exploited in spyware attacks has been patched on iOS and macOS. Update now to protect your devices. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/news/zero-day-spyware-hits-whatsapp/
-
Unter iOS und macOS Click-Sicherheitslücke in WhatsApp
First seen on security-insider.de Jump to article: www.security-insider.de/whatsapp-sicherheitsluecke-update-ios-macos-a-b7b6ebf685cf60e3c88666f696263bc7/
-
Hackers Exploit macOS Security Features to Spread Malware
A growing wave of sophisticated attacks is turning macOS’s built-in security defenses into avenues for malware distribution, according to recent security research. As macOS continues to gain market share, cybercriminals are adapting their strategies to exploit even the most robust Apple protections. Analysts warn that relying solely on native safeguards may leave organizations vulnerable to…
-
Bei Digital-Produkten auch auf Ausfallrisiken achten
Das BSI empfiehlt Nutzern von digitalen Produkten darauf zu achten, wie der Hersteller mit Sicherheitsrisiken umgeht.Das Bundesamt für Sicherheit in der Informationstechnik (BSI) rät bei der Auswahl digitaler Produkte darauf zu achten, ob es Ausfallrisiken gibt. Eine Sprecherin der Behörde sagte der Deutschen Presse-Agentur auf die Frage, worauf Nutzer bei der Auswahl von Online-Bezahlsystemen achten…
-
Ohne Nutzerinteraktion: Apple-Nutzer über gefährliche Whatsapp-Lücke attackiert
Angreifer haben über Whatsapp für iOS und MacOS ohne Zutun der Zielperson Malware eingeschleust. Meta liefert Patches und alarmiert Betroffene. First seen on golem.de Jump to article: www.golem.de/news/ohne-nutzerinteraktion-apple-nutzer-ueber-gefaehrliche-whatsapp-luecke-attackiert-2509-199670.html
-
WhatsApp 0-Day Exploited in Attacks on Targeted iOS and macOS Users
WhatsApp has patched a critical 0-day (CVE-2025-55177) that allowed zero-click spyware attacks on iOS and Mac users. The… First seen on hackread.com Jump to article: hackread.com/whatsapp-0-day-exploit-attack-targeted-ios-macos-users/
-
WhatsApp Patches Zero-Click Exploit Targeting iOS and macOS Devices
WhatsApp has addressed a security vulnerability in its messaging apps for Apple iOS and macOS that it said may have been exploited in the wild in conjunction with a recently disclosed Apple flaw in targeted zero-day attacks.The vulnerability, CVE-2025-55177 (CVSS score: 8.0 [CISA-ADP]/5.4 [Facebook]), relates to a case of insufficient authorization of linked device synchronization…
-
WhatsApp Issues Emergency Update for Zero-Click Exploit Targeting iOS and macOS Devices
WhatsApp has addressed a security vulnerability in its messaging apps for Apple iOS and macOS that it said may have been exploited in the wild in conjunction with a recently disclosed Apple flaw in targeted zero-day attacks.The vulnerability, CVE-2025-55177 (CVSS score: 8.0), relates to a case of insufficient authorization of linked device synchronization messages. Internal…
-
WhatsApp patches vulnerability exploited in zero-day attacks
WhatsApp has patched a security vulnerability in its iOS and macOS messaging clients that was exploited in targeted zero-day attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/whatsapp-patches-vulnerability-exploited-in-zero-day-attacks/
-
Thousands of Developer Credentials Stolen in macOS “s1ngularity” Attack
A supply chain attack called “s1ngularity” on Nx versions 20.9.0-21.8.0 stole thousands of developer credentials. The attack targeted… First seen on hackread.com Jump to article: hackread.com/developer-credentials-stolen-macos-s1ngularity-attack/