Tag: macOS
-
Claude Mythos: Prepare for your board’s cybersecurity questions about the latest AI model from Anthropic
Tags: ai, api, application-security, attack, authentication, automation, best-practice, business, ceo, cisa, cloud, compliance, container, control, cve, cvss, cyber, cybersecurity, data, data-breach, endpoint, exploit, fedramp, finance, flaw, framework, governance, group, HIPAA, identity, injection, insurance, kev, law, linkedin, linux, LLM, macOS, network, PCI, risk, service, soc, software, strategy, technology, threat, update, vulnerability, vulnerability-management, windows, zero-day, zero-trustWith the Federal Reserve Chairman meeting with bank CEOs to discuss the security implications of Claude Mythos, you can bet that your board of directors will ask you about the impact of the AI model on your cybersecurity strategy. Here’s how to prepare. Key takeaways Anthropic announced Claude Mythos Preview, its most powerful general-purpose frontier…
-
Fake Ledger Live app on Apple’s App Store stole $9.5M in crypto
A malicious Ledger Live app for macOS available from Apple’s App Store has drained approximately $9.5 million in cryptocurrency from 50 victims in just a few days this month. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fake-ledger-live-app-on-apples-app-store-stole-95m-in-crypto/
-
Q1 2026 Open Source Malware Index: Adaptive Attacks, Familiar Weaknesses
Tags: access, ai, api, attack, automation, cloud, credentials, crypto, data, github, guide, intelligence, kubernetes, linux, macOS, malicious, malware, open-source, pypi, risk, software, supply-chain, tactics, theft, tool, update, windows, worm<div cla TL;DR Sonatype identified 21,764 open source malware packages in Q1 2026, bringing the total logged since 2017 to 1,346,867. npm accounted for 75% of malicious packages this quarter. Trojans dominated, with most activity focused on credential theft, host reconnaissance, and staged payload delivery. The quarter’s defining pattern was trust abuse: attackers succeeded by…
-
OpenAI Rotates macOS Certificates Following Axios Supply Chain Breach
OpenAI rotates macOS certificates after downloading a compromised Axios version, urging users to update apps before revoked certificates are blocked in May 2026. First seen on hackread.com Jump to article: hackread.com/openai-macos-certificates-axios-supply-chain-breach/
-
OpenAI rotates macOS certs after Axios attack hit code-signing workflow
OpenAI is rotating potentially exposed macOS code-signing certificates after a GitHub Actions workflow executed a malicious Axios package during a recent supply chain attack. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/openai-rotates-macos-certs-after-axios-attack-hit-code-signing-workflow/
-
Neue ClickFix-Angriffsmethode nutzt Script Editor anstelle des Terminals unter macOS
Tags: macOSAnstatt Nutzer dazu zu bringen, Befehle direkt in das Terminal einzugeben, nutzt dieser Ansatz einen Browser-basierten Workflow, um den Script Editor zu starten. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/neue-clickfix-angriffsmethode-nutzt-script-editor-anstelle-des-terminals-unter-macos/a44601/
-
OpenAI Revokes macOS App Certificate After Malicious Axios Supply Chain Incident
OpenAI revealed a GitHub Actions workflow used to sign its macOS apps, which downloaded the malicious Axios library on March 31, but noted that no user data or internal system was compromised.”Out of an abundance of caution, we are taking steps to protect the process that certifies our macOS applications are legitimate OpenAI apps,” OpenAI…
-
Google Locks Chrome Sessions to Devices to Stop Cookie Theft
Google has officially launched a major security upgrade to protect users from session hijacking. Starting with Chrome version 146 for Windows users, Device Bound Session Credentials (DBSC) is now publicly available. This new feature aims to stop malware from stealing web cookies and using them to bypass passwords and multi-factor authentication. Support for macOS users…
-
ClickFix finds a new way to infect Macs
Tags: macOSClickFix campaigns have found a way around macOS Tahoe’s warnings against pasting commands in the Terminal. They’re using Script Editor instead. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/clickfix-finds-a-new-way-to-infect-macs/
-
Google Rolls Out DBSC in Chrome 146 to Block Session Theft on Windows
Google has made Device Bound Session Credentials (DBSC) generally available to all Windows users of its Chrome web browser, months after it began testing the security feature in open beta.The public availability is currently limited to Windows users on Chrome 146, with macOS expansion planned in an upcoming Chrome release.”This project represents a significant First…
-
ClickFix, Malicious DMGs Push notnullOSX to macOS Users
Hackers are abusing ClickFix commands and booby-trapping DMG installers to deliver a new macOS stealer called notnullOSX, built to loot high-value crypto wallets from Mac users. The story starts with 0xFFF, a malware developer who abruptly quit a major Russian-speaking hacking forum in 2023 after claiming he was being investigated and accusing the forum of…
-
New ClickFix variant bypasses Apple safeguards with one”‘click script execution
Lightweight staging for Atomic Stealer: Once executed, the AppleScript resolves to an obfuscated shell command. That command decodes a hidden URL, retrieves a remote payload using ‘curl’, and executes it via ‘zsh’. From here, standard info-stealing takes over with a ‘Mach-O’ binary written to a temporary location, its attributes adjusted, permissions set, and execution triggered.This…
-
New macOS Malware notnullOSX Targets Crypto Wallets Over $10K
macOS Malware notnullOSX targets crypto wallets over $10K, using fake apps, Terminal tricks, and backdoors to steal funds and sensitive data. First seen on hackread.com Jump to article: hackread.com/macos-malware-notnullosx-crypto-wallets/
-
Atomic Stealer MacOS ClickFix Attack Bypasses Apple Security Warnings
macOS 26.4 update introduced security warnings into Terminal to prevent ClickFix attacks, so attackers have shifted to Script Editor instead First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/atomic-stealer-macos-clickfix/
-
ClickFix macOS Attack Uses Script Editor to Bypass Security Controls
A newly identified ClickFix-style macOS attack demonstrates how threat actors are refining their techniques to evade security defenses. The campaign moves away from the traditional reliance on Terminal and instead uses macOS Script Editor as the primary execution vector. This change allows attackers to bypass controls designed to detect or block suspicious Terminal activity. First seen on thecyberexpress.com…
-
New macOS stealer campaign uses Script Editor in ClickFix attack
A new campaign delivering the Atomic Stealer malware to macOS users abuses the Script Editor in a variation of the ClickFix attack that tricked users into executing commands in Terminal. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-macos-stealer-campaign-uses-script-editor-in-clickfix-attack/
-
Für iOS, iPadOS und macOS – Apple führt Background Security Improvements ein
First seen on security-insider.de Jump to article: www.security-insider.de/apple-background-security-improvements-ersetzen-rapid-updates-a-f0dfb82ec2608a9e5bf014b4f0c9ddb5/
-
Fake TradingView Premium Reddit Posts Spread Vidar and AMOS Stealers
A new malware campaign is abusing Reddit to distribute fake “cracked” builds of TradingView Premium that secretly install Vidar and AMOS information”‘stealing malware on Windows and macOS systems. The campaign targets users searching for free or pirated versions of TradingView Premium, a popular browser”‘based charting and social platform for stock, crypto, and forex traders. Threat…
-
Apple Rolls Out Fix: New macOS Update Could Protect 100M Mac Users
Apple’s macOS 26.4 update adds a Terminal warning to help stop ClickFix-style attacks by flagging potentially harmful pasted commands. The post Apple Rolls Out Fix: New macOS Update Could Protect 100M Mac Users appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-apple-macos-update-terminal-malware-warning-clickfix/
-
Poisoned Axios Package Spreads Cross-Platform Malware via Phantom Dependency
Hackers hijacked the npm account of Axios’s lead maintainer. They used it to push two malicious releases that silently installed a cross”‘platform remote access trojan (RAT) on macOS, Windows, and Linux systems. Axios is one of the JavaScript ecosystem’s most widely used HTTP clients, with over 100 million weekly downloads on npm, making it deeply…
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 91
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Infiniti Stealer: a new macOS infostealer using ClickFix and Python/Nuitka Converging Interests: Analysis of Threat Clusters Targeting a Southeast Asian Government RoadK1ll: A WebSocket Based Pivoting Implant axios Compromised: npm Supply Chain Attack via Dependency Injection…
-
Supply Chain Attacks Surge in March 2026
Tags: access, ai, api, attack, authentication, awareness, cloud, container, control, corporate, credentials, crypto, data-breach, github, group, hacking, identity, infrastructure, Internet, kubernetes, least-privilege, linux, LLM, macOS, malicious, malware, mfa, network, north-korea, open-source, openai, phishing, pypi, software, startup, supply-chain, threat, tool, update, vulnerability, windowsIntroductionThere was a significant increase in software supply chain attacks in March 2026. There were five major software supply-chain attacks that occurred including the Axios NPM package compromise, which has been attributed to a North Korean threat actor. In addition, a hacking group known as TeamPCP was able to compromise Trivy (a vulnerability scanner), KICS…
-
Microsoft still working to fix Exchange Online mailbox access issues
Microsoft is investigating and working to resolve Exchange Online mailbox access issues that have intermittently affected Outlook mobile and macOS users for weeks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-still-working-to-fix-exchange-online-mailbox-access-issues/
-
Unix in macOS: Apple wird 50 und setzt immer noch auf ein Betriebssystem aus den 1960ern
First seen on t3n.de Jump to article: t3n.de/news/unix-macos-apple-wird-50-1735262/
-
SentinelOne autonomous detection blocks trojaned LiteLLM triggered by Claude Code
SentinelOne AI stopped a LiteLLM supply chain attack in seconds, blocking malicious code automatically without human intervention. SentinelOne’s AI-based security detected and blocked a supply chain attack involving a compromised LiteLLM package. SentinelOne’s macOS agent detected and stopped a malicious process chain triggered by Claude Code after it unknowingly installed a compromised LiteLLM package. The…
-
North Korean Hackers Breach Axios Package, Target Windows, macOS, and Linux Systems
A North Koreanexus threat actor has hijacked the popular Axios NPM package in a high”‘impact software supply chain attack that can silently backdoor Windows, macOS, and Linux systems. Between March 31, 2026, 00:21 and 03:20 UTC, attackers used a compromised maintainer account to push backdoored Axios releases 1.14.1 and 0.30.4 to NPM. The attackers changed…
-
North Korean Hackers Breach Axios Package, Target Windows, macOS, and Linux Systems
A North Koreanexus threat actor has hijacked the popular Axios NPM package in a high”‘impact software supply chain attack that can silently backdoor Windows, macOS, and Linux systems. Between March 31, 2026, 00:21 and 03:20 UTC, attackers used a compromised maintainer account to push backdoored Axios releases 1.14.1 and 0.30.4 to NPM. The attackers changed…