Collecting Cyber-News from over 60 sources

Tag: macOS

New ClickFix variant bypasses Apple safeguards with one”‘click script execution

Apr 9, 2026 2:52 PM

Tags: apple, attack, credentials, crypto, data, macOS, malicious, password, update

Lightweight staging for Atomic Stealer: Once executed, the AppleScript resolves to an obfuscated shell command. That command decodes a hidden URL, retrieves a remote payload using ‘curl’, and executes it via ‘zsh’. From here, standard info-stealing takes over with a ‘Mach-O’ binary written to a temporary location, its attributes adjusted, permissions set, and execution triggered.This…
New macOS Malware notnullOSX Targets Crypto Wallets Over $10K

Apr 9, 2026 2:52 PM

Tags: backdoor, crypto, macOS, malware

macOS Malware notnullOSX targets crypto wallets over $10K, using fake apps, Terminal tricks, and backdoors to steal funds and sensitive data. First seen on hackread.com Jump to article: hackread.com/macos-malware-notnullosx-crypto-wallets/
ClickFix Campaign Abuses macOS Script Editor to Deploy Atomic Stealer

Apr 9, 2026 1:59 PM

Tags: apple, cyber, macOS, social-engineering

A refreshed ClickFix campaign that swaps macOS Terminal for Script Editor to deliver an Atomic Stealer payload to unsuspecting Mac users quietly. By abusing the applescript:// URL scheme, attackers sidestep Apple’s new paste-protection in Terminal on macOS Tahoe 26.4 while preserving the same underlying “click-to-fix” social engineering pattern. Traditional ClickFix chains rely on fake support or “system cleanup” pages…
Atomic Stealer MacOS ClickFix Attack Bypasses Apple Security Warnings

Apr 9, 2026 1:59 PM

Tags: apple, attack, macOS, update

macOS 26.4 update introduced security warnings into Terminal to prevent ClickFix attacks, so attackers have shifted to Script Editor instead First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/atomic-stealer-macos-clickfix/
ClickFix macOS Attack Uses Script Editor to Bypass Security Controls

Apr 9, 2026 8:50 AM

Tags: attack, control, macOS, threat

A newly identified ClickFix-style macOS attack demonstrates how threat actors are refining their techniques to evade security defenses. The campaign moves away from the traditional reliance on Terminal and instead uses macOS Script Editor as the primary execution vector. This change allows attackers to bypass controls designed to detect or block suspicious Terminal activity. First seen on thecyberexpress.com…
New macOS stealer campaign uses Script Editor in ClickFix attack

Apr 8, 2026 9:52 PM

Tags: attack, macOS, malware

A new campaign delivering the Atomic Stealer malware to macOS users abuses the Script Editor in a variation of the ClickFix attack that tricked users into executing commands in Terminal. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-macos-stealer-campaign-uses-script-editor-in-clickfix-attack/
Für iOS, iPadOS und macOS – Apple führt Background Security Improvements ein

Apr 8, 2026 4:52 PM

Tags: apple, macOS

First seen on security-insider.de Jump to article: www.security-insider.de/apple-background-security-improvements-ersetzen-rapid-updates-a-f0dfb82ec2608a9e5bf014b4f0c9ddb5/
Fake TradingView Premium Reddit Posts Spread Vidar and AMOS Stealers

Apr 7, 2026 7:52 AM

Tags: crypto, cyber, macOS, malware, threat, windows

A new malware campaign is abusing Reddit to distribute fake “cracked” builds of TradingView Premium that secretly install Vidar and AMOS information”‘stealing malware on Windows and macOS systems. The campaign targets users searching for free or pirated versions of TradingView Premium, a popular browser”‘based charting and social platform for stock, crypto, and forex traders. Threat…
Apple Rolls Out Fix: New macOS Update Could Protect 100M Mac Users

Apr 6, 2026 4:51 PM

Tags: apple, attack, macOS, update

Apple’s macOS 26.4 update adds a Terminal warning to help stop ClickFix-style attacks by flagging potentially harmful pasted commands. The post Apple Rolls Out Fix: New macOS Update Could Protect 100M Mac Users appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-apple-macos-update-terminal-malware-warning-clickfix/
Poisoned Axios Package Spreads Cross-Platform Malware via Phantom Dependency

Apr 6, 2026 10:51 AM

Tags: access, cyber, hacker, linux, macOS, malicious, malware, windows

Hackers hijacked the npm account of Axios’s lead maintainer. They used it to push two malicious releases that silently installed a cross”‘platform remote access trojan (RAT) on macOS, Windows, and Linux systems. Axios is one of the JavaScript ecosystem’s most widely used HTTP clients, with over 100 million weekly downloads on npm, making it deeply…
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 91

Apr 5, 2026 5:50 PM

Tags: attack, government, injection, international, macOS, malware, supply-chain, threat

Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Infiniti Stealer: a new macOS infostealer using ClickFix and Python/Nuitka Converging Interests: Analysis of Threat Clusters Targeting a Southeast Asian Government RoadK1ll: A WebSocket Based Pivoting Implant axios Compromised: npm Supply Chain Attack via Dependency Injection…
Supply Chain Attacks Surge in March 2026

Apr 4, 2026 5:53 AM

Tags: access, ai, api, attack, authentication, awareness, cloud, container, control, corporate, credentials, crypto, data-breach, github, group, hacking, identity, infrastructure, Internet, kubernetes, least-privilege, linux, LLM, macOS, malicious, malware, mfa, network, north-korea, open-source, openai, phishing, pypi, software, startup, supply-chain, threat, tool, update, vulnerability, windows

IntroductionThere was a significant increase in software supply chain attacks in March 2026. There were five major software supply-chain attacks that occurred including the Axios NPM package compromise, which has been attributed to a North Korean threat actor. In addition, a hacking group known as TeamPCP was able to compromise Trivy (a vulnerability scanner), KICS…
5 essential steps to bulletproof your endpoint security (and avoid the biggest mistakes)

Apr 3, 2026 10:52 PM

Tags: ai, antivirus, attack, automation, backup, business, control, data, defense, detection, edr, endpoint, exploit, identity, linux, macOS, malware, metric, monitoring, ransomware, resilience, risk, soc, strategy, threat, tool, unauthorized, update, vulnerability, windows, zero-day

Inventory all devices continuously. Go beyond manual tracking. Automated discovery tools can identify each device, from remote laptops to IoT assets, as soon as they join your network. Mitigate shadow IT risk. Unmanaged devices are a favorite entry point for attackers. Every asset must be accounted for and brought under management. No exceptions. Learn more about automating discovery and reducing blind spots in your endpoint management strategy…
5 essential steps to bulletproof your endpoint security (and avoid the biggest mistakes)

Apr 3, 2026 10:52 PM

Tags: ai, antivirus, attack, automation, backup, business, control, data, defense, detection, edr, endpoint, exploit, identity, linux, macOS, malware, metric, monitoring, ransomware, resilience, risk, soc, strategy, threat, tool, unauthorized, update, vulnerability, windows, zero-day

Inventory all devices continuously. Go beyond manual tracking. Automated discovery tools can identify each device, from remote laptops to IoT assets, as soon as they join your network. Mitigate shadow IT risk. Unmanaged devices are a favorite entry point for attackers. Every asset must be accounted for and brought under management. No exceptions. Learn more about automating discovery and reducing blind spots in your endpoint management strategy…
Microsoft still working to fix Exchange Online mailbox access issues

Apr 3, 2026 1:51 PM

Tags: access, macOS, microsoft, mobile

Microsoft is investigating and working to resolve Exchange Online mailbox access issues that have intermittently affected Outlook mobile and macOS users for weeks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/microsoft/microsoft-still-working-to-fix-exchange-online-mailbox-access-issues/
Unix in macOS: Apple wird 50 und setzt immer noch auf ein Betriebssystem aus den 1960ern

Apr 2, 2026 9:51 AM

Tags: apple, macOS

First seen on t3n.de Jump to article: t3n.de/news/unix-macos-apple-wird-50-1735262/
SentinelOne autonomous detection blocks trojaned LiteLLM triggered by Claude Code

Apr 1, 2026 12:29 PM

Tags: ai, attack, detection, macOS, malicious, supply-chain

SentinelOne AI stopped a LiteLLM supply chain attack in seconds, blocking malicious code automatically without human intervention. SentinelOne’s AI-based security detected and blocked a supply chain attack involving a compromised LiteLLM package. SentinelOne’s macOS agent detected and stopped a malicious process chain triggered by Claude Code after it unknowingly installed a compromised LiteLLM package. The…
North Korean Hackers Breach Axios Package, Target Windows, macOS, and Linux Systems

Apr 1, 2026 10:34 AM

Tags: attack, backdoor, breach, cyber, hacker, linux, macOS, north-korea, software, supply-chain, threat, windows

A North Koreanexus threat actor has hijacked the popular Axios NPM package in a high”‘impact software supply chain attack that can silently backdoor Windows, macOS, and Linux systems. Between March 31, 2026, 00:21 and 03:20 UTC, attackers used a compromised maintainer account to push backdoored Axios releases 1.14.1 and 0.30.4 to NPM. The attackers changed…
North Korean Hackers Breach Axios Package, Target Windows, macOS, and Linux Systems

Apr 1, 2026 10:34 AM

Tags: attack, backdoor, breach, cyber, hacker, linux, macOS, north-korea, software, supply-chain, threat, windows

A North Koreanexus threat actor has hijacked the popular Axios NPM package in a high”‘impact software supply chain attack that can silently backdoor Windows, macOS, and Linux systems. Between March 31, 2026, 00:21 and 03:20 UTC, attackers used a compromised maintainer account to push backdoored Axios releases 1.14.1 and 0.30.4 to NPM. The attackers changed…
PyPI Telnyx Python SDK Backdoored to Steal Credentials on Windows, macOS, and Linux

Apr 1, 2026 9:30 AM

Tags: backdoor, credentials, cyber, linux, macOS, pypi, windows

Telnyx Python SDK on PyPI, using a multi”‘stage WAV steganography payload to steal credentials across Windows, macOS, and Linux systems. The backdoor lives in telnyx/_client.py and is triggered at module scope, so simply importing telnyx is enough to execute the payload before any application code runs. The rogue releases remained available for roughly 6.5 hours before PyPI quarantined them…
Attackers trojanize Axios HTTP library in highest-impact npm supply chain attack

Mar 31, 2026 11:31 PM

Tags: ai, attack, breach, cloud, control, credentials, crypto, github, incident response, linux, LLM, macOS, malicious, malware, monitoring, open-source, openai, powershell, pypi, rat, spam, supply-chain, tool, windows

postinstall hook that would execute a dropper script when it was pulled in by a different package as a dependency.Shortly after midnight UTC on March 31 a new version of the Axios package, axios@1.14.1, was published on npm followed by axios@0.30.4 39 minutes later. Both listed plain-crypto-js@4.2.1 as a dependency in their package.json files, but…
Google links axios supply chain attack to North Korean group

Mar 31, 2026 11:31 PM

Tags: attack, google, group, intelligence, macOS, malware, north-korea, supply-chain, threat

Google Threat Intelligence Group (GTIG) joined several other researchers in attributing the attack to a North Korean threat actor they call UNC1069. SentinelOne found the same group using macOS-based malware in attacks dating back to 2023. First seen on therecord.media Jump to article: therecord.media/google-links-axios-supply-chain-attack-north-korea
Supply chain attack on Axios npm package: Scope, impact, and remediations

Mar 31, 2026 10:30 PM

Tags: access, api, attack, breach, cloud, control, credentials, crypto, data, data-breach, defense, exploit, incident response, macOS, malicious, malware, open-source, rat, risk, security-incident, software, supply-chain, theft, threat, vulnerability, windows

The Axios npm package has been compromised in a supply chain attack that uploaded new versions of the package containing malicious code. Any environment that downloaded these compromised Axios versions is at risk of severe data theft, including the loss of credentials and API keys. Scan your environment now. Key takeaways This incident is a…
How we made Trail of Bits AI-native (so far)

Mar 31, 2026 4:30 PM

Tags: access, ai, application-security, attack, automation, blockchain, business, ceo, chatgpt, computer, computing, conference, control, data, email, germany, government, identity, injection, jobs, macOS, marketplace, nvidia, open-source, risk, service, skills, strategy, supply-chain, technology, threat, tool, vulnerability

This post is adapted from a talk I gave at [un]prompted, the AI security practitioner conference. Thanks to Gadi Evron for inviting me to speak. You can watch the recorded presentation below or download the slides. Most companies hand out ChatGPT licenses and wait for the productivity numbers to move. We built a system instead.…
Hackers compromise Axios npm package to drop cross-platform malware

Mar 31, 2026 4:30 PM

Tags: access, hacker, linux, macOS, malware, windows

Hackers hijacked the npm account of the Axios package, a JavaScript HTTP client with 100M+ weekly downloads, to deliver remote access trojans to Linux, Windows, and macOS systems. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/hackers-compromise-axios-npm-package-to-drop-cross-platform-malware/
Apple counters ClickFix attacks with macOS Terminal warning

Mar 31, 2026 3:29 PM

Tags: apple, attack, macOS

Apple has added a new security feature in macOS Tahoe 26.4 that warns users before they enter commands in Terminal that could cause harm. The goal is to stop ClickFix attacks, … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/03/31/apple-macos-clickfix-attacks-terminal-warning/
Apple Adds ClickFix Attack Warnings in New macOS Tahoe Security Feature

Mar 31, 2026 11:29 AM

Tags: apple, attack, cyber, defense, infection, macOS, social-engineering

Apple has silently introduced a new security mechanism in macOS Tahoe 26.4 to protect users against social engineering campaigns known as ClickFix attacks. This defense intercepts potentially harmful commands before they are pasted into the Terminal application, breaking the infection chain. The ClickFix Attack Methodology ClickFix is a sophisticated social engineering technique designed to bypass…
New macOS security feature will alert users about possible ClickFix attacks

Mar 30, 2026 6:30 PM

Tags: apple, attack, macOS

Apple introduced an extra layer of protection against ClickFix attacks, only for macOS Tahoe 26.4 and later First seen on securityboulevard.com Jump to article: securityboulevard.com/2026/03/new-macos-security-feature-will-alert-users-about-possible-clickfix-attacks/
Apple adds macOS Terminal warning to block ClickFix attacks

Mar 30, 2026 5:31 PM

Tags: apple, attack, macOS

Apple has introduced a security feature in macOS Tahoe 26.4 that blocks pasting and executing potentially harmful commands in Terminal and alerts users to possible risks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/apple-adds-macos-terminal-warning-to-block-clickfix-attacks/
New macOS Infinity Stealer uses Nuitka Python payload and ClickFix

Mar 30, 2026 11:29 AM

Tags: captcha, macOS

Infinity Stealer targets macOS via fake Cloudflare CAPTCHA, using Nuitka; first such campaign per Malwarebytes. Researchers at Malwarebytes spotted a new macOS infostealer, named Infinity Stealer, using a Python payload compiled with Nuitka. It spreads via ClickFix, tricking users with fake Cloudflare CAPTCHA pages. >>A fake verification page instructs the visitor to open Terminal, paste…