Tag: macOS
-
Mac Users Face New Malware Threat Spoofing Apple, Google, and Microsoft
A new SHub Reaper macOS infostealer spoofs prompts from Apple, Google, and Microsoft to steal passwords, crypto data, and business files from Macs. The post Mac Users Face New Malware Threat Spoofing Apple, Google, and Microsoft appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-reaper-shub-malware-mac-users/
-
Microsoft blames macOS update for undismissible Teams location prompts
Microsoft has confirmed user reports that the Teams team collaboration app is displaying non-dismissible location prompts on some macOS systems. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-blames-undismissible-teams-location-prompts-on-macos-update/
-
New macOS infostealer impersonates Apple, Microsoft, and Google in a single attack chain
A SHub macOS infostealer variant called Reaper impersonates Apple, Microsoft, and Google to trick users into executing malicious code, then targets browser data, password … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/05/19/shub-reaper-macos-infostealer-apple-google-microsoft/
-
macOS Malware Abuses Fake Google Update for Persistence
A newly observed variant of the SHub macOS infostealer, dubbed “Reaper,” is expanding its capabilities with stealthier delivery, enhanced data theft, and a persistence mechanism disguised as a legitimate Google software update. The Reaper variant continues SHub’s use of fake application installers, notably masquerading as WeChat and Miro downloads. However, its infection chain stands out…
-
SHub macOS infostealer variant spoofs Apple security updates
A new variant of the ‘SHub’ macOS infostealer uses AppleScript to show a fake security update message and installs a backdoor. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/shub-macos-infostealer-variant-spoofs-apple-security-updates/
-
New Reaper Malware Uses Fake Microsoft Domain to Steal macOS Passwords
The newly discovered Reaper malware bypasses Apple’s macOS Tahoe 26.4 security updates to steal passwords, crypto assets, and install a permanent backdoor. First seen on hackread.com Jump to article: hackread.com/reaper-malware-fake-microsoft-domain-macos-passwords/
-
Researchers Build First Public Apple M5 macOS Kernel Exploit with Mythos Preview
Security researchers have unveiled the first publicly known macOS kernel memory corruption exploit targeting Apple’s latest M5 silicon, marking a significant moment for both offensive security and Apple’s next-generation defenses. The exploit, developed in collaboration with Mythos Preview, reportedly bypasses Apple’s advanced Memory Integrity Enforcement (MIE), a hardware-backed mitigation designed to stop this class of…
-
Expired domain leads to supply chain attack on node-ipc npm package
require(‘node-ipc’). The trojanized versions were designed to remain fully functional to avoid immediate detection, which together with other decisions attackers took, such as data exfiltration via DNS TXT, suggest stealthiness was a top priority.Once executed, the malicious code collects information about the host system, including operating system version, hostname, and environment variables. It then starts…
-
OpenAI asks macOS users to update after TanStack npm supply chain attack
The actions are being taken in light of an expanding supply chain campaign impacting the popular open-source library TanStack and additional npm and PyPI packages tied to several AI companies. First seen on therecord.media Jump to article: therecord.media/openai-asks-macos-users-to-update-tanstack-npm
-
Fake Job Interview Apps Drop JobStealer Malware on Windows and macOS
Hackers are using Fake interview apps to spread JobStealer malware on macOS and Windows to steal crypto wallets, browser data, and passwords. First seen on hackread.com Jump to article: hackread.com/fake-job-interview-jobstealer-malware-windows-macos/
-
Fake Job Interview Apps Drop JobStealer Malware on Windows and macOS
Hackers are using Fake interview apps to spread JobStealer malware on macOS and Windows to steal crypto wallets, browser data, and passwords. First seen on hackread.com Jump to article: hackread.com/fake-job-interview-jobstealer-malware-windows-macos/
-
âš¡ Weekly Recap: Linux Rootkit, macOS Crypto Stealer, WebSocket Skimmers and More
Rough Monday.Somebody poisoned a trusted download again, somebody else turned cloud servers into public housing, and a few crews are still getting into boxes with bugs that should’ve died years ago, the same old holes, same lazy access paths, same “how the hell is this still open” feeling. One report this week basically reads like…
-
Fake “Notepad++ for Mac” Site May Pose Malware Risk for Mac Users
A deceptive website is circulating online that claims to offer an official “Notepad++ for Mac” download, and it has already misled some users and even tech media outlets into believing that Notepad++ has finally launched a native macOS version. The site operates under the domain notepad-plus-plus-mac[.]org. It is branded to look like an official extension…
-
Zunehmende Bedrohung durch Infostealer auf macOS-Systemen
Von Account-Übernahmen bis hin zu Supply-Chain-Angriffen: Viele Nutzer installieren Software über das Terminal und umgehen damit bewusst Sicherheitsmechanismen von macOS. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/zunehmende-bedrohung-durch-infostealer-auf-macos-systemen/a44831/
-
Researchers Warn macOS textutil, KeePassXC Can Fuel Automation Attacks
Researchers are warning that widely trusted local tools such as macOS’s textutil and KeePassXC can pose unexpected security risks when used within automated workflows. The issue is not traditional vulnerabilities such as memory corruption or code execution, but how normal features behave when exposed to attacker-controlled input. Many engineering teams treat built-in utilities as safe…
-
Introducing Proactive Hardening and Attack Surface Reduction (PHASR) for Linux and macOS
<div cla As Linux dominates cloud-native infrastructure and macOS becomes the standard for high-value targets in development and executive leadership, the attack surface is no longer Windows-centric. Modern attack playbooks weaponize Living off the Land (LOTL) binariespre-installed, legitimate system toolsto blend malicious activity with normal operations and bypass standard detection telemetry. First seen on securityboulevard.com…
-
North Korea’s Lazarus Targets macOS Users via ClickFix
Lazarus continues leveraging ClickFix for initial access and data theft, in this case, against Mac-centric organizations and their high-value leaders. First seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/north-koreas-lazarus-targets-macos-users-clickfix
-
Claude Desktop Reportedly Adds Browser Access Bridge for Chromium Browsers
A detailed cybersecurity report published by privacy expert Alexander Hanff on April 18, 2026, reveals that Anthropic’s Claude Desktop application for macOS silently installs a Native Messaging bridge across multiple Chromium-based browsers. This unprompted installation establishes out-of-sandbox browser automation hooks that pose significant privacy and security risks, bypassing explicit user consent and standard application security…
-
Claude Desktop Reportedly Adds Browser Access Bridge for Chromium Browsers
A detailed cybersecurity report published by privacy expert Alexander Hanff on April 18, 2026, reveals that Anthropic’s Claude Desktop application for macOS silently installs a Native Messaging bridge across multiple Chromium-based browsers. This unprompted installation establishes out-of-sandbox browser automation hooks that pose significant privacy and security risks, bypassing explicit user consent and standard application security…
-
(g+) Backdoor in Claude-Desktop-App: Stille Brücke aus dem Browser
Claude Desktop legt auf MacOS Native Messaging Hosts in jeden Chromium-Browser, sogar in noch nicht installierte. Das ist nicht harmlos – was nun zu tun ist. First seen on golem.de Jump to article: www.golem.de/news/backdoor-in-claude-desktop-app-stille-bruecke-aus-dem-browser-2604-207881.html
-
ThreatsDay Bulletin: $290M DeFi Hack, macOS LotL Abuse, ProxySmart SIM Farms +25 New Stories
You scroll past one incident and see another that feels familiar, like it should have been fixed years ago, but it still works with small changes. Same bugs. Same mistakes.The supply chain is messy. Packages you did not check are stealing data, adding backdoors, and spreading. Attacking the systems behind apps is easier than breaking…
-
Fake Wallpaper App, YouTube Channel Used to Spread notnullOSX Malware
Hackers are abusing a fake macOS wallpaper app and a hijacked YouTube channel to quietly deliver notnullOSX, a new crypto-focused stealer that targets Macs via ClickFix commands and weaponized DMG installers. The campaign is highly selective, going after victims with crypto holdings above 10,000 USD and using polished lures that closely mimic legitimate apps and workflows.…
-
prompted 2026 macOS Vulnerability Research: Augmenting Apple’s Source Code And OS Logs With AI Agents
Author, Creator & Presenter: Olivia Gallucci, Security Engineer, Datadog Our thanks to [un]prompted for publishing their Creators, Authors and Presenter’s outstanding [un]prompted 2026 AI Security Practitioner content on the Organizations’ YouTube Channel. Permalink First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/04/unprompted-2026-macos-vulnerability-research-augmenting-apples-source-code-and-os-logs-with-ai-agents/
-
Microsoft issues emergency update for macOS and Linux ASP.NET threat
When authentication fails, things can go very, very wrong. First seen on arstechnica.com Jump to article: arstechnica.com/security/2026/04/microsoft-issues-emergency-update-for-macos-and-linux-asp-net-threat/