Tag: macOS

PyPI Telnyx Python SDK Backdoored to Steal Credentials on Windows, macOS, and Linux

Apr 1, 2026 9:30 AM

Tags: backdoor, credentials, cyber, linux, macOS, pypi, windows

Telnyx Python SDK on PyPI, using a multi”‘stage WAV steganography payload to steal credentials across Windows, macOS, and Linux systems. The backdoor lives in telnyx/_client.py and is triggered at module scope, so simply importing telnyx is enough to execute the payload before any application code runs. The rogue releases remained available for roughly 6.5 hours before PyPI quarantined them…
Attackers trojanize Axios HTTP library in highest-impact npm supply chain attack

Mar 31, 2026 11:31 PM

Tags: ai, attack, breach, cloud, control, credentials, crypto, github, incident response, linux, LLM, macOS, malicious, malware, monitoring, open-source, openai, powershell, pypi, rat, spam, supply-chain, tool, windows

postinstall hook that would execute a dropper script when it was pulled in by a different package as a dependency.Shortly after midnight UTC on March 31 a new version of the Axios package, axios@1.14.1, was published on npm followed by axios@0.30.4 39 minutes later. Both listed plain-crypto-js@4.2.1 as a dependency in their package.json files, but…
Google links axios supply chain attack to North Korean group

Mar 31, 2026 11:31 PM

Tags: attack, google, group, intelligence, macOS, malware, north-korea, supply-chain, threat

Google Threat Intelligence Group (GTIG) joined several other researchers in attributing the attack to a North Korean threat actor they call UNC1069. SentinelOne found the same group using macOS-based malware in attacks dating back to 2023. First seen on therecord.media Jump to article: therecord.media/google-links-axios-supply-chain-attack-north-korea
Supply chain attack on Axios npm package: Scope, impact, and remediations

Mar 31, 2026 10:30 PM

Tags: access, api, attack, breach, cloud, control, credentials, crypto, data, data-breach, defense, exploit, incident response, macOS, malicious, malware, open-source, rat, risk, security-incident, software, supply-chain, theft, threat, vulnerability, windows

The Axios npm package has been compromised in a supply chain attack that uploaded new versions of the package containing malicious code. Any environment that downloaded these compromised Axios versions is at risk of severe data theft, including the loss of credentials and API keys. Scan your environment now. Key takeaways This incident is a…
How we made Trail of Bits AI-native (so far)

Mar 31, 2026 4:30 PM

Tags: access, ai, application-security, attack, automation, blockchain, business, ceo, chatgpt, computer, computing, conference, control, data, email, germany, government, identity, injection, jobs, macOS, marketplace, nvidia, open-source, risk, service, skills, strategy, supply-chain, technology, threat, tool, vulnerability

This post is adapted from a talk I gave at [un]prompted, the AI security practitioner conference. Thanks to Gadi Evron for inviting me to speak. You can watch the recorded presentation below or download the slides. Most companies hand out ChatGPT licenses and wait for the productivity numbers to move. We built a system instead.…
Hackers compromise Axios npm package to drop cross-platform malware

Mar 31, 2026 4:30 PM

Tags: access, hacker, linux, macOS, malware, windows

Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver remote access trojans to Linux, Windows, and macOS systems. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-compromise-axios-npm-package-to-drop-cross-platform-malware/
Apple counters ClickFix attacks with macOS Terminal warning

Mar 31, 2026 3:29 PM

Tags: apple, attack, macOS

Apple has added a new security feature in macOS Tahoe 26.4 that warns users before they enter commands in Terminal that could cause harm. The goal is to stop ClickFix attacks, … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/31/apple-macos-clickfix-attacks-terminal-warning/
Apple Adds ClickFix Attack Warnings in New macOS Tahoe Security Feature

Mar 31, 2026 11:29 AM

Tags: apple, attack, cyber, defense, infection, macOS, social-engineering

Apple has silently introduced a new security mechanism in macOS Tahoe 26.4 to protect users against social engineering campaigns known as ClickFix attacks. This defense intercepts potentially harmful commands before they are pasted into the Terminal application, breaking the infection chain. The ClickFix Attack Methodology ClickFix is a sophisticated social engineering technique designed to bypass…
New macOS security feature will alert users about possible ClickFix attacks

Mar 30, 2026 6:30 PM

Tags: apple, attack, macOS

Apple introduced an extra layer of protection against ClickFix attacks, only for macOS Tahoe 26.4 and later First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/new-macos-security-feature-will-alert-users-about-possible-clickfix-attacks/
Apple adds macOS Terminal warning to block ClickFix attacks

Mar 30, 2026 5:31 PM

Tags: apple, attack, macOS

Apple has introduced a security feature in macOS Tahoe 26.4 that blocks pasting and executing potentially harmful commands in Terminal and alerts users to possible risks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/apple-adds-macos-terminal-warning-to-block-clickfix-attacks/
New macOS Infinity Stealer uses Nuitka Python payload and ClickFix

Mar 30, 2026 11:29 AM

Tags: captcha, macOS

Infinity Stealer targets macOS via fake Cloudflare CAPTCHA, using Nuitka; first such campaign per Malwarebytes. Researchers at Malwarebytes spotted a new macOS infostealer, named Infinity Stealer, using a Python payload compiled with Nuitka. It spreads via ClickFix, tricking users with fake Cloudflare CAPTCHA pages. >>A fake verification page instructs the visitor to open Terminal, paste…
New Infinity Stealer malware grabs macOS data via ClickFix lures

Mar 28, 2026 4:30 PM

Tags: data, macOS, malware, open-source

A new info-stealing malware named Infinity Stealer is targeting macOS systems with a Python payload packaged as an executable using the open-source Nuitka compiler. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-infinity-stealer-malware-grabs-macos-data-via-clickfix-lures/
Infiniti Stealer: a new macOS infostealer using ClickFix and Python/Nuitka

Mar 26, 2026 10:47 PM

Tags: captcha, macOS, malicious

A new macOS infostealer, NukeChain (now Infiniti Stealer), uses fake CAPTCHA pages to trick users into running malicious commands. First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/infiniti-stealer-a-new-macos-infostealer-using-clickfix-and-python-nuitka/
New ClickFix Attack Exploits Windows Run Dialog and macOS Terminal to Deploy Malware

Mar 26, 2026 4:47 PM

Tags: attack, cyber, exploit, group, macOS, malware, threat, windows

Threat actors are standardizing a powerful ClickFix-based attack that abuses the Windows Run dialog box and macOS Terminal to deliver malware while sidestepping traditional browser protections. Insikt Group has tracked five distinct ClickFix activity clusters active since at least May 2024, with lures impersonating brands such as Intuit QuickBooks and Booking.com. Using Recorded Future’s HTML…
GhostClaw AI Malware Targets macOS Users with Credential-Stealing Payloads

Mar 26, 2026 2:47 PM

Tags: ai, credentials, cyber, github, macOS, malware, threat

GhostClaw is a multi-stage macOS infostealer that now abuses both GitHub and AI-assisted development workflows to harvest credentials and deploy secondary payloads, significantly widening its potential victim base. Jamf Threat Labs has since expanded on this work, uncovering at least eight additional samples hosted in GitHub repositories that impersonate trading bots, SDKs, and developer tools.…
MioLab MacOS Stealer Expands With ClickFix, Wallet Theft, Team APIs

Mar 23, 2026 12:47 PM

Tags: api, apple, cyber, cybercrime, macOS, theft

As Apple’s macOS footprint grows in both consumer and enterprise environments, dedicated infostealers like MioLab (aka Nova) show that Macs are no longer a niche target but a priority for cybercrime ecosystems. Marketed as a premium Malware”‘as”‘a”‘Service (MaaS) on Russian”‘language forums, MioLab combines an evasive macOS binary with a mature web panel, new ClickFix delivery…
Chrome Security Update Fixes 26 Vulnerabilities Enabling Remote Malicious Code Execution

Mar 20, 2026 2:09 PM

Tags: browser, chrome, cyber, google, linux, macOS, malicious, update, vulnerability, windows

Google has released a critical security update for its Chrome desktop web browser, addressing 26 distinct vulnerabilities that could enable attackers to execute malicious code remotely. The Stable channel update introduces versions 146.0.7680.153 and 146.0.7680.154 for Windows and macOS systems, while Linux environments will receive version 146.0.7680.153. This substantial patch cycle is actively rolling out…
Apple Patches WebKit Vulnerability CVE-2026-20643 Across iOS, macOS

Mar 19, 2026 1:10 PM

Tags: api, apple, cve, macOS, update, vulnerability

Apple has released a new security update to address a critical WebKit vulnerability tracked as CVE-2026-20643. The vulnerability was identified as a cross-origin issue within the Navigation API of WebKit, the browser engine that underpins Safari and other web-based functionality across iOS, iPadOS, and macOS. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/webkit-vulnerability-fixed-in-apple-update/
Apple WebKit Security Flaw Exposes iOS and macOS Users to Content-Based Bypass Attacks

Mar 18, 2026 2:10 PM

Tags: apple, attack, cyber, flaw, iphone, macOS, update, vulnerability

Apple has released emergency security updates to address a critical WebKit vulnerability that currently exposes iPhone, iPad, and Mac users to sophisticated content-based bypass attacks. Delivered seamlessly via the Background Security Improvements mechanism on March 17, 2026, this targeted patch secures Apple devices against potential Same Origin Policy violations without requiring a full operating system…
Apple starts issuing lightweight security updates between software releases

Mar 18, 2026 1:09 PM

Tags: apple, macOS, software, update

Apple is delivering small security updates, called Background Security Improvements, starting with iOS 26.1, iPadOS 26.1, and macOS 26.1. Apple describes Background Security … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/18/apple-background-security-improvements-updates/
Apple Fixes WebKit Vulnerability Enabling Same-Origin Policy Bypass on iOS and macOS

Mar 18, 2026 9:10 AM

Tags: api, apple, cve, exploit, flaw, macOS, vulnerability

Apple on Tuesday released its first round of Background Security Improvements to address a security flaw in WebKit that affects iOS, iPadOS, and macOS.The vulnerability, tracked as CVE-2026-20643 (CVSS score: N/A), has been described as a cross-origin issue in WebKit’s Navigation API that could be exploited to bypass the same-origin policy when processing maliciously crafted…
In macOS, iOS & iPadOS – 7 Zero Days bei Apple, 3 davon aktiv ausgenutzt

Mar 18, 2026 8:09 AM

Tags: apple, macOS, zero-day

First seen on security-insider.de Jump to article: www.security-insider.de/apple-zero-day-luecken-macos-ios-ipados-safari-a-9d9af57062fda0e539e17406e879db48/
From Windows to macOS: ClickFix attacks shift tactics with ChatGPT-based lures

Mar 17, 2026 11:10 AM

Tags: attack, chatgpt, macOS, malicious, social-engineering, sophos, tactics, windows

ClickFix campaigns are evolving, with attackers increasingly targeting macOS users and deploying more advanced infostealers, according to Sophos researchers. ClickFix is a growing social engineering technique that tricks users into manually executing malicious commands, bypassing traditional protections. Once mainly targeting Windows, it is now increasingly affecting macOS, with recent campaigns deploying infostealers like AMOS and…
Malicious NPM Packages Spread PylangGhost RAT in Supply Chain Attack

Mar 17, 2026 8:10 AM

Tags: access, attack, cyber, linux, macOS, malicious, rat, software, supply-chain, windows

Malicious npm packages are delivering the North Koreanlinked PylangGhost remote access trojan (RAT) in a new software supply chain campaign that targets developers across Windows, Linux, and macOS systems. The first malicious versions appeared in late February 2026 (@jaime9008/math-service 1.0.11.0.2), followed by react-refresh-update 1.0.11.0.4 published on March 1, 2026. Earlier 1.0.0 versions in both families were benign, a…
ClickFix Campaigns Spread MacSync macOS Infostealer via Fake AI Tool Installers

Mar 16, 2026 2:09 PM

Tags: ai, attack, exploit, macOS, tool

Three different ClickFix campaigns have been found to act as a delivery vector for the deployment of a macOS information stealer called MacSync.”Unlike traditional exploit-based attacks, this method relies entirely on user interaction usually in the form of copying and executing commands making it particularly effective against users who may not appreciate the implications of…
macOS-Nutzer geraten stärker ins Visier von Cyberkriminellen

Mar 16, 2026 12:10 PM

Tags: cyberattack, macOS

Sicherheitsforscher beobachten eine zunehmende Zahl gezielter Angriffe auf macOS-Systeme. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/macos-nutzer-gerate-cyberkriminellen
MacOS-Nutzer verstärkt im Visier von Social-Engineering-Attacken

Mar 12, 2026 3:10 PM

Tags: exploit, macOS, malware, social-engineering, software, sophos

Sophos-X-Ops stellt einen Anstieg von Clickfix- und Infostealer-Kampagnen für das Betriebssystem MacOS fest und verzeichnet neue Techniken sowohl bei den Ködern als auch bei den Malware-Fähigkeiten. Clickfix ist eine zunehmend verbreitete Social-Engineering-Technik, mit der Angreifer die Anwender dazu verleiten, schädliche Software auf ihren Geräten zu installieren. Im Gegensatz zu herkömmlichen, Exploit-basierten Angriffen basiert diese Methode…
Sophos X-Ops analysiert ClickFix- und macOS-Infostealer-Kampagnen

Mar 12, 2026 3:10 PM

Tags: macOS, malware, sophos

Sophos X-Ops stellt einen Anstieg von ClickFix- und Infostealer-Kampagnen für das Betriebssystem macOS fest und verzeichnet neue Techniken bei den Ködern und Malware First seen on infopoint-security.de Jump to article: www.infopoint-security.de/sophos-x-ops-analysiert-clickfix-und-macos-infostealer-kampagnen/a44103/
New ClickFix Attacks Target macOS Users with MacSync Infostealer

Mar 12, 2026 1:09 PM

Tags: apple, attack, cyber, exploit, macOS, malicious, social-engineering, software, tactics, threat

A new wave of ClickFix campaigns targeting macOS users and delivering the MacSync infostealer, signaling a growing shift in threat actor tactics against Apple devices. The attacks rely heavily on social engineering rather than software exploits, tricking users into manually executing malicious commands in macOS Terminal. ClickFix is a deceptive technique where attackers present step”‘by”‘step…
New ClickFix Attacks Target macOS Users with MacSync Infostealer

Mar 12, 2026 1:09 PM

Tags: apple, attack, cyber, exploit, macOS, malicious, social-engineering, software, tactics, threat

A new wave of ClickFix campaigns targeting macOS users and delivering the MacSync infostealer, signaling a growing shift in threat actor tactics against Apple devices. The attacks rely heavily on social engineering rather than software exploits, tricking users into manually executing malicious commands in macOS Terminal. ClickFix is a deceptive technique where attackers present step”‘by”‘step…