Tag: macOS

Windows, macOS und Linux betroffen Sicherheitslücke ermöglicht Übernahme von Hostsystemen

Sep 1, 2025 7:19 AM

Tags: bug, docker, linux, macOS, windows

First seen on security-insider.de Jump to article: www.security-insider.de/kritische-sicherheitsluecke-docker-desktop-update-a-d1e448f4b662b128f5a11cdfd8a07334/
WhatsApp 0-Day Exploited in Attacks on Targeted iOS and macOS Users

Aug 31, 2025 6:19 PM

Tags: attack, exploit, macOS, spyware, zero-day

WhatsApp has patched a critical 0-day (CVE-2025-55177) that allowed zero-click spyware attacks on iOS and Mac users. The… First seen on hackread.com Jump to article: hackread.com/whatsapp-0-day-exploit-attack-targeted-ios-macos-users/
WhatsApp Patches Zero-Click Exploit Targeting iOS and macOS Devices

Aug 31, 2025 5:19 PM

Tags: apple, cve, exploit, flaw, macOS, vulnerability, zero-day

WhatsApp has addressed a security vulnerability in its messaging apps for Apple iOS and macOS that it said may have been exploited in the wild in conjunction with a recently disclosed Apple flaw in targeted zero-day attacks.The vulnerability, CVE-2025-55177 (CVSS score: 8.0 [CISA-ADP]/5.4 [Facebook]), relates to a case of insufficient authorization of linked device synchronization…
WhatsApp Issues Emergency Update for Zero-Click Exploit Targeting iOS and macOS Devices

Aug 30, 2025 7:23 AM

Tags: apple, cve, exploit, flaw, macOS, update, vulnerability, zero-day

WhatsApp has addressed a security vulnerability in its messaging apps for Apple iOS and macOS that it said may have been exploited in the wild in conjunction with a recently disclosed Apple flaw in targeted zero-day attacks.The vulnerability, CVE-2025-55177 (CVSS score: 8.0), relates to a case of insufficient authorization of linked device synchronization messages. Internal…
WhatsApp patches vulnerability exploited in zero-day attacks

Aug 29, 2025 7:23 PM

Tags: attack, exploit, macOS, vulnerability, zero-day

WhatsApp has patched a security vulnerability in its iOS and macOS messaging clients that was exploited in targeted zero-day attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/whatsapp-patches-vulnerability-exploited-in-zero-day-attacks/
Thousands of Developer Credentials Stolen in macOS “s1ngularity” Attack

Aug 28, 2025 6:23 PM

Tags: attack, breach, credentials, macOS, supply-chain

A supply chain attack called “s1ngularity” on Nx versions 20.9.0-21.8.0 stole thousands of developer credentials. The attack targeted… First seen on hackread.com Jump to article: hackread.com/developer-credentials-stolen-macos-s1ngularity-attack/
Lazarus Group Targets Windows 11 with ClickFix Tactics and Fake Job Offers

Aug 28, 2025 4:23 PM

Tags: apt, cyber, finance, group, intelligence, jobs, lazarus, macOS, social-engineering, tactics, theft, threat, windows

The notorious Lazarus advanced persistent threat (APT) organization, which Qi’anxin internally tracks as APT-Q-1, has been seen using the ClickFix technique to penetrate Windows 11 and macOS systems in a sophisticated progression of social engineering attacks. Known for high-profile incidents like the 2014 Sony Pictures hack, Lazarus has shifted from intelligence theft to financial asset…
Odyssey Stealer umgeht macOS-Schutzmaßnahmen

Aug 28, 2025 7:23 AM

Tags: apple, macOS, malware

Sicherheitsforscher von Jamf haben eine Variante des bekannten Atomic Stealer entdeckt. Die “Odyssey Stealer” getaufte Malware nutzt eine gültige Apple Developer ID, um Apples Sicherheitssysteme zu umgehen. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/odyssey-stealer-macos
First AI-Powered Ransomware PromptLock Targets Windows, Linux and macOS

Aug 28, 2025 12:23 AM

Tags: ai, linux, macOS, openai, ransomware, windows

ESET has identified PromptLock, the first AI-powered ransomware, using OpenAI models to generate scripts that target Windows, Linux… First seen on hackread.com Jump to article: hackread.com/first-ai-promptlock-ransomware-windows-linux-macos/
Experimental PromptLock ransomware uses AI to encrypt, steal data

Aug 27, 2025 11:23 PM

Tags: ai, data, linux, macOS, ransomware, threat, windows

Threat researchers discovered the first AI-powered ransomware, called PromptLock, that uses Lua scripts to steal and encrypt data on Windows, macOS, and Linux systems. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/experimental-promptlock-ransomware-uses-ai-to-encrypt-steal-data/
Docker Desktop Vulnerability Allowed Host Takeover on Windows, macOS

Aug 27, 2025 4:24 PM

Tags: docker, flaw, macOS, vulnerability, windows

A critical vulnerability (CVE-2025-9074) in Docker Desktop for Windows and macOS was fixed. The flaw allowed a malicious… First seen on hackread.com Jump to article: hackread.com/docker-desktop-vulnerability-host-takeover-windows-macos/
Critical Chrome UseFree Flaw Enables Arbitrary Code Execution

Aug 27, 2025 9:23 AM

Tags: browser, chrome, cyber, flaw, google, macOS, update, vulnerability, windows

Google has released an urgent security update for the Chrome Stable channel to address acritical use-after-free vulnerabilityin the ANGLE graphics library that could allow attackers to execute arbitrary code on vulnerable systems. The fixes arrive as part of Chrome Stable versions 139.0.7258.154/.155 on Windows and macOS, and 139.0.7258.154 on Linux. Users are advised to update immediately, as the patch…
Aktiv ausgenutzte Sicherheitslücke – Notfallupdate für iOS, iPadOS und macOS

Aug 26, 2025 7:54 AM

Tags: bug, macOS

First seen on security-insider.de Jump to article: www.security-insider.de/apple-schliesst-kritische-sicherheitsluecke-a-805ec52b0f129b2ca1e16768c2f0e1a8/
Docker fixes critical Desktop flaw allowing container escapes

Aug 26, 2025 12:55 AM

Tags: container, docker, exploit, flaw, macOS, vulnerability, windows

Docker fixed a critical flaw in the Docker Desktop app for Windows and macOS that could potentially allow an attacker to escape the confines of a container. Docker fixed a critical vulnerability, tracked as CVE-2025-9074 (CVSS score of 9.3), impacting Docker Desktop app for Windows and macOS. An attacker can exploit the flaw to potentially escape…
Docker Fixes CVE-2025-9074, Critical Container Escape Vulnerability With CVSS Score 9.3

Aug 25, 2025 9:55 PM

Tags: access, container, cve, cvss, docker, flaw, macOS, malicious, vulnerability, windows

Docker has released fixes to address a critical security flaw affecting the Docker Desktop app for Windows and macOS that could potentially allow an attacker to break out of the confines of a container.The vulnerability, tracked as CVE-2025-9074, carries a CVSS score of 9.3 out of 10.0. It has been addressed in version 4.44.3.”A malicious…
Critical Docker Desktop flaw lets attackers hijack Windows hosts

Aug 25, 2025 5:54 PM

Tags: container, docker, flaw, macOS, malicious, vulnerability, windows

A critical vulnerability in Docker Desktop for Windows and macOS allows compromising the host by running a malicious container, even if the Enhanced Container Isolation (ECI) protection is active. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/critical-docker-desktop-flaw-lets-attackers-hijack-windows-hosts/
Fake macOS Help Sites Seek to Spread Infostealer in Targeted Campaign

Aug 25, 2025 4:54 PM

Tags: macOS, malware

A variant of the Atomic macOS Stealer (AMOS) targets macOS users via fake support sites in malvertising campaign First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/fake-macos-spread-infostealer/
Fake macOS help sites push Shamos infostealer via ClickFix technique

Aug 25, 2025 2:54 PM

Tags: crowdstrike, macOS

Criminals are taking advantage of macOS users’ need to resolve technical issues to get them to infect their machines with the Shamos infostealer, Crowdstrike researchers … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/08/25/fake-macos-help-sites-push-shamos-infostealer-via-clickfix-technique/
Fake macOS help sites push Shamos infostealer via ClickFix technique

Aug 25, 2025 2:54 PM

Tags: crowdstrike, macOS

Criminals are taking advantage of macOS users’ need to resolve technical issues to get them to infect their machines with the Shamos infostealer, Crowdstrike researchers … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/08/25/fake-macos-help-sites-push-shamos-infostealer-via-clickfix-technique/
New macOS Installer Boasts Lightning-Fast Data Theft, Marketed on Dark Web

Aug 25, 2025 11:55 AM

Tags: cyber, dark-web, data, macOS, malware, service, theft, threat

A novel macOS infostealer malware, designated as Mac.c, has emerged as a formidable contender in the underground malware-as-a-service (MaaS) ecosystem. Developed openly by a threat actor operating under the pseudonym >>mentalpositive,
Kopia: Open-source encrypted backup tool for Windows, macOS, Linux

Aug 25, 2025 7:54 AM

Tags: backup, cloud, linux, macOS, network, open-source, tool, windows

Kopia is an open-source backup and restore tool that lets you create encrypted snapshots of your files and store them in cloud storage, on a remote server, on network-attached … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/08/25/kopia-open-source-encrypted-backup-tool-windows-macos-linux/
Over 300 entities hit by a variant of Atomic macOS Stealer in recent campaign

Aug 23, 2025 9:54 AM

Tags: crowdstrike, macOS, malware

Over 300 entities hit by the Atomic macOS Stealer via malvertising campaign between June and August, CrowdStrike warns. From June and August, over 300 entities were hit by a variant of the Atomic macOS Stealer (AMOS) called SHAMOS, reports CrowdStrike. The Atomic macOS Stealer lets operators steal diverse information from infected machines. This includes Keychain…
COOKIE SPIDER’s Malvertising Drops New SHAMOS macOS Malware

Aug 23, 2025 1:55 AM

Tags: crowdstrike, macOS, malware

CrowdStrike reports COOKIE SPIDER using malvertising to spread SHAMOS macOS malware (a new variant of AMOS infostealer), stealing… First seen on hackread.com Jump to article: hackread.com/cookie-spider-malvertising-new-shamos-macos-malware/
ClickFix Exploit Emerges: Microsoft Flags Cross-Platform Attacks Targeting Windows and macOS

Aug 22, 2025 3:54 PM

Tags: attack, cyber, exploit, intelligence, macOS, malicious, microsoft, social-engineering, threat, windows

Microsoft Threat Intelligence has spotlighted the escalating adoption of the ClickFix social engineering technique, a sophisticated method that manipulates users into executing malicious commands on their devices, bypassing traditional automated security defenses. Observed since early 2024, this tactic has targeted thousands of enterprise and end-user systems daily, delivering payloads such as Lumma Stealer infostealers, remote…
CISA Warns of Actively Exploited 0-Day Vulnerability in Apple iOS, iPadOS, and macOS

Aug 22, 2025 2:54 PM

Tags: apple, cisa, cve, cyber, cybersecurity, exploit, framework, infrastructure, macOS, risk, vulnerability, zero-day

The Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning about a critical zero-day vulnerability affecting Apple iOS, iPadOS, and macOS systems that is being actively exploited in the wild. CVE-2025-43300, an out-of-bounds write vulnerability in Apple’s Image I/O framework, poses significant security risks to millions of users across Apple’s ecosystem. Critical Vulnerability…
Apple Releases Patch for Likely Exploited Zero-Day Vulnerability

Aug 22, 2025 11:54 AM

Tags: apple, exploit, iphone, macOS, update, vulnerability, zero-day

All Apple users are encouraged to update their iPhones, iPads and macOS devices First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/apple-patch-likely-exploited-zero/
Apple discloses actively exploited zero-day affecting iOS, iPadOS and macOS

Aug 22, 2025 12:54 AM

Tags: apple, attack, exploit, macOS, zero-day

The defect, which affects the company’s most popular devices, has been exploited in an “extremely sophisticated attack against specific targeted individuals,” Apple said. First seen on cyberscoop.com Jump to article: cyberscoop.com/apple-zero-day-ios-macos-ipados-august-2025/
Apple addressed the seventh actively exploited zero-day

Aug 21, 2025 7:54 PM

Tags: apple, cve, exploit, framework, macOS, vulnerability, zero-day

Apple addressed a vulnerability impacting iOS, iPadOS, and macOS that it is under active exploitation in the wild. Apple addressed an actively exploited zero-day, tracked as CVE-2025-43300, in iOS, iPadOS, and macOS. The vulnerability is zero-day out-of-bounds write issue that resides in the ImageIO framework, an attacker could exploit it to cause memory corruption when processing…
New SHAMOS Malware Targets macOS Through Fake Help Sites to Steal Login Credentials

Aug 21, 2025 2:56 PM

Tags: credentials, crowdstrike, crypto, cyber, cybercrime, cybersecurity, data, group, login, macOS, malware, service

Cybersecurity researchers at CrowdStrike identified and thwarted a sophisticated malware campaign deploying SHAMOS, an advanced variant of the Atomic macOS Stealer (AMOS) malware, orchestrated by the cybercriminal group COOKIE SPIDER. Operating under a malware-as-a-service model, COOKIE SPIDER rents out this information stealer to affiliates who target victims to harvest sensitive data, including login credentials, cryptocurrency…
Apple rushes out fix for active zero-day in iOS and macOS

Aug 21, 2025 2:56 PM

Tags: apple, exploit, macOS, zero-day

Another ‘extremely sophisticated’ exploit chewing at Cupertino’s walled garden First seen on theregister.com Jump to article: www.theregister.com/2025/08/21/apple_imageio_exploit/