Tag: macOS

MacOS DigitStealer malware poses as DynamicLake, targets Apple Silicon M2/M3 devices

Nov 20, 2025 2:49 PM

Tags: apple, google, macOS, malware

A new infostealer is targeting macOS users by masquerading as the legitimate DynamicLake UI enhancement and productivity utility and possibly Google’s Drive for desktop app. … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/11/20/macos-digitstealer-malware-poses-as-dynamiclake-targets-apple-silicon-m2-m3-devices/
Nova Stealer Targets macOS Users, Swaps Legit Apps to Steal Crypto Wallets

Nov 19, 2025 9:49 PM

Tags: crypto, cyber, macOS, malicious, malware, threat, update

A sophisticated new macOS malware campaign dubbed >>Nova Stealer
New Security Tools Target Growing macOS Threats

Nov 14, 2025 10:49 PM

Tags: apple, macOS, malware, threat, tool

A public dataset and platform-agnostic analysis tool aim to help organizations in the fight against Apple-targeted malware, which researchers say has lacked proper attention. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/new-security-tools-target-growing-macos-threats
Advanced macOS DigitStealer Uses Multi-Stage Attack Chain to Evade Detection

Nov 14, 2025 1:49 PM

Tags: attack, cyber, detection, macOS, malicious, threat

Jamf Threat Labs has identified a new family of malicious stealers tracked as DigitStealer, representing a significant evolution in macOS-targeted malware. Unlike traditional infostealers that follow linear execution paths, DigitStealer introduced sophisticated multi-stage attack techniques, extensive anti-analysis checks, and novel persistence mechanisms, demonstrating the threat actors’ deep understanding of macOS architecture. The DigitStealer campaign begins…
New ClickFix Attack Targeting Windows and macOS Users to Deploy Infostealer Malware

Nov 13, 2025 9:49 AM

Tags: attack, credentials, cyber, exploit, infection, macOS, malware, social-engineering, software, threat, windows

Security researchers have uncovered a sophisticated malware campaign that leverages the ClickFix social engineering technique to distribute information-stealing malware across Windows and macOS platforms. The campaign demonstrates how threat actors are exploiting legitimate search queries for cracked software to deliver devastating payloads that compromise user credentials and sensitive data.paste.txt”‹ The infection chain begins when users…
AppleScript Abused to Spread Fake Zoom and Teams macOS Updates

Nov 12, 2025 8:49 PM

Tags: apple, hacker, macOS, malware, update

Hackers use AppleScript to disguise macOS malware as fake app updates, bypassing Apple’s protections. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/applescript-abused-to-spread-fake-zoom-and-teams-macos-updates/
AppleScript Abused to Spread Fake Zoom and Teams macOS Updates

Nov 12, 2025 8:49 PM

Tags: apple, hacker, macOS, malware, update

Hackers use AppleScript to disguise macOS malware as fake app updates, bypassing Apple’s protections. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/applescript-abused-to-spread-fake-zoom-and-teams-macos-updates/
Rideshare giant moves 200 Macs out of the cloud, saves $2.4 million

Nov 7, 2025 7:20 PM

Tags: apple, cloud, macOS

Grab tried to virtualize macOS, but Apple doesn’t make that easy First seen on theregister.com Jump to article: www.theregister.com/2025/11/07/grab_macos_cloud_repatriation_savings/
9 top bug bounty programs launched in 2025

Nov 7, 2025 2:20 PM

Tags: ai, api, apple, attack, best-practice, browser, bug-bounty, chatgpt, chrome, cloud, computer, corporate, cyber, cybersecurity, data, defense, exploit, finance, flaw, framework, google, government, hacker, hacking, healthcare, identity, infrastructure, injection, intelligence, iphone, macOS, microsoft, mitigation, mobile, nis-2, nvidia, openai, phishing, risk, service, spyware, strategy, technology, theft, threat, unauthorized, update, vulnerability, zero-day

Bug bounty programs focus in 2025: For ethical hackers, best practice for bug bounty hunting in 2025 involves thorough reconnaissance of a target organization’s technology stack, rather than just running automated tools.Leading bug bounty platforms such as Bugcrowd, HackerOne, Synack, YesWeHack, and Intigriti offer rewards for identifying and reporting security vulnerabilities. Platforms connect ethical hackers…
9 top bug bounty programs launched in 2025

Nov 7, 2025 2:20 PM

Tags: ai, api, apple, attack, best-practice, browser, bug-bounty, chatgpt, chrome, cloud, computer, corporate, cyber, cybersecurity, data, defense, exploit, finance, flaw, framework, google, government, hacker, hacking, healthcare, identity, infrastructure, injection, intelligence, iphone, macOS, microsoft, mitigation, mobile, nis-2, nvidia, openai, phishing, risk, service, spyware, strategy, technology, theft, threat, unauthorized, update, vulnerability, zero-day

Bug bounty programs focus in 2025: For ethical hackers, best practice for bug bounty hunting in 2025 involves thorough reconnaissance of a target organization’s technology stack, rather than just running automated tools.Leading bug bounty platforms such as Bugcrowd, HackerOne, Synack, YesWeHack, and Intigriti offer rewards for identifying and reporting security vulnerabilities. Platforms connect ethical hackers…
9 top bug bounty programs launched in 2025

Nov 7, 2025 2:20 PM

Tags: ai, api, apple, attack, best-practice, browser, bug-bounty, chatgpt, chrome, cloud, computer, corporate, cyber, cybersecurity, data, defense, exploit, finance, flaw, framework, google, government, hacker, hacking, healthcare, identity, infrastructure, injection, intelligence, iphone, macOS, microsoft, mitigation, mobile, nis-2, nvidia, openai, phishing, risk, service, spyware, strategy, technology, theft, threat, unauthorized, update, vulnerability, zero-day

Bug bounty programs focus in 2025: For ethical hackers, best practice for bug bounty hunting in 2025 involves thorough reconnaissance of a target organization’s technology stack, rather than just running automated tools.Leading bug bounty platforms such as Bugcrowd, HackerOne, Synack, YesWeHack, and Intigriti offer rewards for identifying and reporting security vulnerabilities. Platforms connect ethical hackers…
9 top bug bounty programs launched in 2025

Nov 7, 2025 2:20 PM

Tags: ai, api, apple, attack, best-practice, browser, bug-bounty, chatgpt, chrome, cloud, computer, corporate, cyber, cybersecurity, data, defense, exploit, finance, flaw, framework, google, government, hacker, hacking, healthcare, identity, infrastructure, injection, intelligence, iphone, macOS, microsoft, mitigation, mobile, nis-2, nvidia, openai, phishing, risk, service, spyware, strategy, technology, theft, threat, unauthorized, update, vulnerability, zero-day

Bug bounty programs focus in 2025: For ethical hackers, best practice for bug bounty hunting in 2025 involves thorough reconnaissance of a target organization’s technology stack, rather than just running automated tools.Leading bug bounty platforms such as Bugcrowd, HackerOne, Synack, YesWeHack, and Intigriti offer rewards for identifying and reporting security vulnerabilities. Platforms connect ethical hackers…
9 top bug bounty programs launched in 2025

Nov 7, 2025 2:20 PM

Tags: ai, api, apple, attack, best-practice, browser, bug-bounty, chatgpt, chrome, cloud, computer, corporate, cyber, cybersecurity, data, defense, exploit, finance, flaw, framework, google, government, hacker, hacking, healthcare, identity, infrastructure, injection, intelligence, iphone, macOS, microsoft, mitigation, mobile, nis-2, nvidia, openai, phishing, risk, service, spyware, strategy, technology, theft, threat, unauthorized, update, vulnerability, zero-day

Bug bounty programs focus in 2025: For ethical hackers, best practice for bug bounty hunting in 2025 involves thorough reconnaissance of a target organization’s technology stack, rather than just running automated tools.Leading bug bounty platforms such as Bugcrowd, HackerOne, Synack, YesWeHack, and Intigriti offer rewards for identifying and reporting security vulnerabilities. Platforms connect ethical hackers…
9 top bug bounty programs launched in 2025

Nov 7, 2025 2:20 PM

Tags: ai, api, apple, attack, best-practice, browser, bug-bounty, chatgpt, chrome, cloud, computer, corporate, cyber, cybersecurity, data, defense, exploit, finance, flaw, framework, google, government, hacker, hacking, healthcare, identity, infrastructure, injection, intelligence, iphone, macOS, microsoft, mitigation, mobile, nis-2, nvidia, openai, phishing, risk, service, spyware, strategy, technology, theft, threat, unauthorized, update, vulnerability, zero-day

Bug bounty programs focus in 2025: For ethical hackers, best practice for bug bounty hunting in 2025 involves thorough reconnaissance of a target organization’s technology stack, rather than just running automated tools.Leading bug bounty platforms such as Bugcrowd, HackerOne, Synack, YesWeHack, and Intigriti offer rewards for identifying and reporting security vulnerabilities. Platforms connect ethical hackers…
Google Issues Emergency Chrome 142 Update to Fix Multiple High-Risk Vulnerabilities

Nov 6, 2025 4:19 PM

Tags: android, browser, chrome, control, google, linux, macOS, remote-code-execution, risk, update, vulnerability, windows

Google has rolled out an emergency update for its Chrome browser, version 142, to address a series of serious remote code execution (RCE) vulnerabilities that could allow attackers to take control of affected systems. The update, released on November 5, 2025, is being distributed gradually across desktop platforms, Windows, macOS, and Linux, as well as…
Google Issues Emergency Chrome 142 Update to Fix Multiple High-Risk Vulnerabilities

Nov 6, 2025 4:19 PM

Tags: android, browser, chrome, control, google, linux, macOS, remote-code-execution, risk, update, vulnerability, windows

Google has rolled out an emergency update for its Chrome browser, version 142, to address a series of serious remote code execution (RCE) vulnerabilities that could allow attackers to take control of affected systems. The update, released on November 5, 2025, is being distributed gradually across desktop platforms, Windows, macOS, and Linux, as well as…
Critical React Native NPM Vulnerability Exposes Developer Systems to Remote Attacks

Nov 5, 2025 5:19 PM

Tags: attack, cve, flaw, linux, macOS, open-source, remote-code-execution, vulnerability, windows

A severe vulnerability was discovered in the React Native Community CLI, a popular open-source package downloaded nearly two million times every week by developers building cross-platform applications. Tracked as CVE-2025-11953, this flaw allows unauthenticated remote code execution across Windows, macOS, and Linux systems. In practical terms, attackers can execute arbitrary commands on a developer’s machine…
Apple-Updates: iOS 26.1; macOS 26.1 und mehr (3. Nov. 2025)

Nov 4, 2025 9:19 AM

Tags: apple, iphone, macOS, update

Apple hat zum 3. November 2025 diverse Sicherheitsupdates für seine Betriebssysteme macOS und iOS bzw. iPadOS veröffentlich. Für iPhone und iPad ist beispielsweise iOS 26.1 erschienen. Auch macOS hat diverse Sicherheitsupdates erhalten. Die Liste der Updates lässt sich auf dieser … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/11/04/apple-updates-ios-26-1-macos-26-1-und-mehr-3-nov-2025/
Preventing DNS filtering bypass by Encrypted DNS (DoT, DoH, DoQ)

Nov 1, 2025 5:19 AM

Tags: cisa, control, data, dns, encryption, endpoint, Internet, macOS, malicious, malware, network, privacy, risk, sans, service, zero-trust

DNS over HTTPS (DoH) and other encrypted DNS protocols like DNS over TLS (DoT) & DNS over QUIC (DoQ) enhances user privacy and security by encrypting DNS queries in transit, shielding them from eavesdropping, tampering, and censorship on untrusted networks. This prevents ISPs and local attackers from logging or manipulating domain resolutions, fostering a more…
A New Security Layer for macOS Takes Aim at Admin Errors Before Hackers Do

Oct 31, 2025 5:19 AM

Tags: access, cctv, hacker, macOS, office

A design firm is editing a new campaign video on a MacBook Pro. The creative director opens a collaboration app that quietly requests microphone and camera permissions. MacOS is supposed to flag that, but in this case, the checks are loose. The app gets access anyway.On another Mac in the same office, file sharing is…
A New Security Layer for macOS Takes Aim at Admin Errors Before Hackers Do

Oct 31, 2025 5:19 AM

Tags: access, cctv, hacker, macOS, office

A design firm is editing a new campaign video on a MacBook Pro. The creative director opens a collaboration app that quietly requests microphone and camera permissions. MacOS is supposed to flag that, but in this case, the checks are loose. The app gets access anyway.On another Mac in the same office, file sharing is…
AtlasExploit ermöglicht Angriff auf ChatGPT-Speicher

Oct 30, 2025 4:19 PM

Tags: ai, authentication, browser, bug, business, ceo, chatgpt, chrome, ciso, cloud, cyberattack, exploit, macOS, malware, openai, phishing, saas, soc, vulnerability

Security-Forscher haben eine neue Schwachstelle entdeckt, die den ChatGPT Atlas-Browser von OpenAI betrifft.Nur wenige Tage, nachdem Cybersicherheitsanalysten davor gewarnt hatten, den neuen Atlas-Browser von OpenAI zu installieren, haben Forscher von LayerX Security eine Schwachstelle entdeckt. Die Lücke soll es Angreifen ermöglichen, bösartige Befehle direkt in den ChatGPT-Speicher der Anwender einzuschleusen und Remote-Code auszuführen. Wie Or…
Typo hackers sneak cross-platform credential stealer into 10 npm packages

Oct 30, 2025 4:19 PM

Tags: attack, captcha, cloud, corporate, credentials, data, email, espionage, hacker, linux, macOS, malicious, password, router, supply-chain, theft, threat

Payload for IP fingerprinting and credential theft: Once the fake CAPTCHA interaction occurs, the installer sends the victim’s IP address to the attacker’s server, a step that allows tracking, geofencing, and exclusion of unwanted targets.It then downloads the payload from the same host, which is a 24 MB Pyinstaller-packed application that contains hundreds of thousands…
AtlasExploit ermöglicht Angriff auf ChatGPT-Speicher

Oct 30, 2025 4:19 PM

Tags: ai, authentication, browser, bug, business, ceo, chatgpt, chrome, ciso, cloud, cyberattack, exploit, macOS, malware, openai, phishing, saas, soc, vulnerability

Security-Forscher haben eine neue Schwachstelle entdeckt, die den ChatGPT Atlas-Browser von OpenAI betrifft.Nur wenige Tage, nachdem Cybersicherheitsanalysten davor gewarnt hatten, den neuen Atlas-Browser von OpenAI zu installieren, haben Forscher von LayerX Security eine Schwachstelle entdeckt. Die Lücke soll es Angreifen ermöglichen, bösartige Befehle direkt in den ChatGPT-Speicher der Anwender einzuschleusen und Remote-Code auszuführen. Wie Or…
Russian Hackers Exploit Adaptix Pentesting Tool in Ransomware Attacks

Oct 30, 2025 4:19 PM

Tags: attack, exploit, hacker, linux, macOS, penetration-testing, ransomware, russia, tool, windows

Silent Push wars of Russian hackers exploiting Adaptix, a pentesting tool built for Windows, Linux, and macOS, in ransomware campaigns. First seen on hackread.com Jump to article: hackread.com/russian-hackers-adaptix-pentest-ransomware/
Malicious NPM packages fetch infostealer for Windows, Linux, macOS

Oct 30, 2025 4:19 PM

Tags: data, linux, macOS, malicious, software, windows

Ten malicious packages mimicking legitimate software projects in the npm registry download an information-stealing component that collects sensitive data from Windows, Linux, and macOS systems. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/malicious-npm-packages-fetch-infostealer-for-windows-linux-macos/
Malicious NPM packages fetch infostealer for Windows, Linux, macOS

Oct 30, 2025 4:19 PM

Tags: data, linux, macOS, malicious, software, windows

Ten malicious packages mimicking legitimate software projects in the npm registry download an information-stealing component that collects sensitive data from Windows, Linux, and macOS systems. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/malicious-npm-packages-fetch-infostealer-for-windows-linux-macos/
10 npm Packages Caught Stealing Developer Credentials on Windows, macOS, and Linux

Oct 29, 2025 11:26 AM

Tags: captcha, credentials, cybersecurity, linux, macOS, malicious, malware, windows

Cybersecurity researchers have discovered a set of 10 malicious npm packages that are designed to deliver an information stealer targeting Windows, Linux, and macOS systems.”The malware uses four layers of obfuscation to hide its payload, displays a fake CAPTCHA to appear legitimate, fingerprints victims by IP address, and downloads a 24MB PyInstaller-packaged information stealer that…
10 npm Packages Caught Stealing Developer Credentials on Windows, macOS, and Linux

Oct 29, 2025 11:26 AM

Tags: captcha, credentials, cybersecurity, linux, macOS, malicious, malware, windows

Cybersecurity researchers have discovered a set of 10 malicious npm packages that are designed to deliver an information stealer targeting Windows, Linux, and macOS systems.”The malware uses four layers of obfuscation to hide its payload, displays a fake CAPTCHA to appear legitimate, fingerprints victims by IP address, and downloads a 24MB PyInstaller-packaged information stealer that…
10 NPM Packages That Automatically Run on Install and Steal Credentials

Oct 29, 2025 10:31 AM

Tags: attack, authentication, credentials, cyber, data, linux, macOS, malicious, malware, social-engineering, supply-chain, tactics, theft, threat, windows

A sophisticated supply chain attack involving ten malicious npm packages that execute automatically upon installation and deploy a comprehensive credential theft operation. The malware uses advanced obfuscation techniques, social engineering tactics, and cross-platform functionality to harvest sensitive authentication data from developers’ systems across Windows, Linux, and macOS environments. Socket’s Threat Research Team has uncovered a…