Tag: macOS

Critical macOS Flaw Lets Attackers Bypass Apple Privacy Controls Without Consent

Jan 7, 2026 6:01 PM

Tags: access, apple, control, data, flaw, macOS, privacy, vulnerability

A newly disclosed macOS vulnerability bypasses Apple’s TCC privacy controls, allowing silent access to files, microphone data, and user activity. The post Critical macOS Flaw Lets Attackers Bypass Apple Privacy Controls Without Consent appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-macos-flaw-apple-privacy-controls/
macOS Flaw Enables Silent Bypass of Apple Privacy Controls

Jan 6, 2026 4:52 PM

Tags: access, apple, control, flaw, macOS, privacy, vulnerability

A macOS vulnerability (CVE-2025-43530) allows attackers to silently bypass TCC privacy controls and access sensitive user data. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/macos-flaw-enables-silent-bypass-of-apple-privacy-controls/
macOS Flaw Allows TCC Bypass, Exposing Sensitive User Information

Jan 6, 2026 3:52 PM

Tags: apple, control, cve, cyber, data, flaw, framework, macOS, service, unauthorized, vulnerability

Apple’s accessibility framework has been found vulnerable to a critical Transparency, Consent, and Control (TCC) bypass that exposes sensitive user data and enables arbitrary AppleScript execution. Researchers have disclosed CVE-2025-43530, a vulnerability in the ScreenReader.The framework’s MIG service permits attackers to execute unauthorized AppleScript commands and send AppleEvents to protected processes without user consent. The…
Product showcase: Blokada for Android gives users control over network traffic

Jan 6, 2026 7:52 AM

Tags: android, control, macOS, network, privacy, windows

Blokada is a network privacy and ad-blocking application available on Android, iOS, Windows, macOS, and Linux. It is designed to reduce ads, block trackers, and limit unwanted … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/01/06/product-showcase-blokada-android-control-network-traffic/
Einheitliches Gerätemanagement für macOS – Cortado erweitert MDM-Plattform um Mac-Management

Jan 2, 2026 9:52 AM

Tags: macOS

First seen on security-insider.de Jump to article: www.security-insider.de/cortado-erweitert-mdm-plattform-um-mac-management-a-7054066857997770a15e6eed37c3a8a9/
New GlassWorm malware wave targets Macs with trojanized crypto wallets

Jan 1, 2026 8:52 PM

Tags: crypto, macOS, malicious, malware

A fourth wave of the “GlassWorm” campaign is targeting macOS developers with malicious VSCode/OpenVSX extensions that deliver trojanized versions of crypto wallet applications. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-glassworm-malware-wave-targets-macs-with-trojanized-crypto-wallets/
ThreatsDay Bulletin: GhostAd Drain, macOS Attacks, Proxy Botnets, Cloud Exploits, and 12+ Stories

Jan 1, 2026 5:52 PM

Tags: attack, botnet, breach, cloud, exploit, jobs, macOS, scam, threat

The first ThreatsDay Bulletin of 2026 lands on a day that already feels symbolic, new year, new breaches, new tricks. If the past twelve months taught defenders anything, it’s that threat actors don’t pause for holidays or resolutions. They just evolve faster. This week’s round-up shows how subtle shifts in behavior, from code tweaks to…
GlassWorm Malware Turns VS Code Extensions into an Attack Vector Against macOS

Dec 31, 2025 6:52 PM

Tags: attack, cyber, macOS, malicious, malware, marketplace, threat

GlassWorm has returned with a dangerous new evolution. The notorious self-propagating malware, which first surfaced in October as an invisible Unicode-based threat in VS Code extensions, has completed a significant platform pivot to macOS with 50,000 downloads and a fully operational infrastructure. Security researchers have identified three malicious extensions on the Open VSX marketplace linked…
New MacSync macOS Stealer Uses Signed App to Bypass Apple Gatekeeper

Dec 24, 2025 7:19 PM

Tags: apple, cybersecurity, macOS

Cybersecurity researchers have discovered a new variant of a macOS information stealer called MacSync that’s delivered by means of a digitally signed, notarized Swift application masquerading as a messaging app installer to bypass Apple’s Gatekeeper checks.”Unlike earlier MacSync Stealer variants that primarily rely on drag-to-terminal or ClickFix-style techniques, this sample adopts a more First seen…
Reworked MacSync Stealer Adopts Quieter Installation Process

Dec 23, 2025 6:19 PM

Tags: apple, macOS, malware

A newly discovered macOS malware mimics legitimate apps code-signed and notarized by Apple First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/signed-variant-macsync-stealer/
MacSync Stealer Malware Targets macOS Users Through Digitally Signed Apps

Dec 23, 2025 2:19 PM

Tags: apple, cyber, macOS, malware, software, threat

Jamf Threat Labs has uncovered a new MacSync Stealer campaign that significantly raises the bar for macOS malware delivery by abusing Apple’s own trust mechanisms. The latest variant is delivered as a fully code”‘signed and notarized Swift application, allowing it to masquerade as legitimate software while executing a stealthy, multi”‘stage infostealing routine in the background.…
New MacSync malware dropper evades macOS Gatekeeper checks

Dec 22, 2025 10:19 PM

Tags: macOS, malware

The latest variant of the MacSync information stealer targeting macOS systems is delivered through a digitally signed, notarized Swift application. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-macsync-malware-dropper-evades-macos-gatekeeper-checks/
pearOS is a Linux that falls rather close to the Apple tree

Dec 20, 2025 10:19 PM

Tags: apple, linux, macOS

Revived distro returns on Arch with KDE Plasma, global menus, and a familiar macOS-style sheen First seen on theregister.com Jump to article: www.theregister.com/2025/12/19/pearos/
Hacking Hardware, Unraveling Malware: Black Hat Europe at 25

Dec 17, 2025 6:19 PM

Tags: cybercrime, cybersecurity, hacking, Hardware, infrastructure, macOS, malware

Also: macOS Naughty or Nice, Cybercrime Karma, Spoofing Legacy Rail Infrastructure London in December: Early to dark, quick to rain but also festive – and a mecca for cybersecurity researchers there for the annual Black Hat Europe conference. This year’s event featured nearly 50 briefings that touched on everything from hardware hacking to combing infostealer…
Hacking Hardware, Unraveling Malware: Black Hat Europe at 25

Dec 17, 2025 6:19 PM

Tags: cybercrime, cybersecurity, hacking, Hardware, infrastructure, macOS, malware

Also: macOS Naughty or Nice, Cybercrime Karma, Spoofing Legacy Rail Infrastructure London in December: Early to dark, quick to rain but also festive – and a mecca for cybersecurity researchers there for the annual Black Hat Europe conference. This year’s event featured nearly 50 briefings that touched on everything from hardware hacking to combing infostealer…
CISA Alerts on Apple WebKit Zero-Day Actively Used in Cyberattacks

Dec 16, 2025 9:19 PM

Tags: apple, cisa, cve, cyber, cyberattack, cybersecurity, exploit, infrastructure, kev, macOS, risk, vulnerability, zero-day

The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical zero-day vulnerability affecting multiple Apple products to its Known Exploited Vulnerabilities (KEV) catalog, signaling active exploitation in the wild. CVE-2025-43529 represents a severe use-after-free vulnerability in WebKit, Apple’s rendering engine, that poses a significant risk to millions of users across iOS, iPadOS, macOS, and other…
CISA Alerts on Apple WebKit Zero-Day Actively Used in Cyberattacks

Dec 16, 2025 9:19 PM

Tags: apple, cisa, cve, cyber, cyberattack, cybersecurity, exploit, infrastructure, kev, macOS, risk, vulnerability, zero-day

The Cybersecurity and Infrastructure Security Agency (CISA) has added a critical zero-day vulnerability affecting multiple Apple products to its Known Exploited Vulnerabilities (KEV) catalog, signaling active exploitation in the wild. CVE-2025-43529 represents a severe use-after-free vulnerability in WebKit, Apple’s rendering engine, that poses a significant risk to millions of users across iOS, iPadOS, macOS, and other…
Apple Releases macOS Sequoia 15.7.3 Security Update

Dec 15, 2025 1:19 PM

Tags: apple, macOS, update

Apple has released macOS Sequoia 15.7.3 with important security fixes. Here’s what to know before installing the update. The post Apple Releases macOS Sequoia 15.7.3 Security Update appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-apple-macos-sequoia-security-update/
Apple Releases macOS Sequoia 15.7.3 Security Update

Dec 15, 2025 1:19 PM

Tags: apple, macOS, update

Apple has released macOS Sequoia 15.7.3 with important security fixes. Here’s what to know before installing the update. The post Apple Releases macOS Sequoia 15.7.3 Security Update appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-apple-macos-sequoia-security-update/
Apple Releases macOS Sequoia 15.7.3 Security Update

Dec 15, 2025 1:19 PM

Tags: apple, macOS, update

Apple has released macOS Sequoia 15.7.3 with important security fixes. Here’s what to know before installing the update. The post Apple Releases macOS Sequoia 15.7.3 Security Update appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-apple-macos-sequoia-security-update/
Apple Releases macOS Sequoia 15.7.3 Security Update

Dec 15, 2025 1:19 PM

Tags: apple, macOS, update

Apple has released macOS Sequoia 15.7.3 with important security fixes. Here’s what to know before installing the update. The post Apple Releases macOS Sequoia 15.7.3 Security Update appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-apple-macos-sequoia-security-update/
New ClickFix Attacks Exploit Official ChatGPT Website to Deliver macOS Infostealer

Dec 11, 2025 7:32 PM

Tags: attack, chatgpt, cyber, exploit, kaspersky, macOS, malicious, openai, social-engineering

Infostealers have become 2025’s fastest-growing cyberthreat, targeting all operating systems and regions with sophisticated social engineering tactics. In a new campaign discovered by Kaspersky experts, attackers are exploiting users’ interest in OpenAI’s Atlas browser by leveraging the official ChatGPT website itself as a hosting platform for malicious installation guides. The attack begins with paid search…
Hackers Are Using Shared AI Chats to Steal Your Passwords and Crypto

Dec 11, 2025 7:32 PM

Tags: ai, attack, chatgpt, credentials, crypto, cyber, exploit, google, hacker, LLM, macOS, malicious, malware, password, threat

A sophisticated malvertising campaign is exploiting ChatGPT and DeepSeek’s shared chat features to deliver credential-stealing malware to macOS users. Threat actors are purchasing sponsored Google search results and redirecting victims to legitimate-looking LLM-generated chat sessions that contain obfuscated malicious commands, effectively bypassing platform-level safety mechanisms. The attack begins when users search for common macOS troubleshooting…
Hackers Are Using Shared AI Chats to Steal Your Passwords and Crypto

Dec 11, 2025 7:32 PM

Tags: ai, attack, chatgpt, credentials, crypto, cyber, exploit, google, hacker, LLM, macOS, malicious, malware, password, threat

A sophisticated malvertising campaign is exploiting ChatGPT and DeepSeek’s shared chat features to deliver credential-stealing malware to macOS users. Threat actors are purchasing sponsored Google search results and redirecting victims to legitimate-looking LLM-generated chat sessions that contain obfuscated malicious commands, effectively bypassing platform-level safety mechanisms. The attack begins when users search for common macOS troubleshooting…
Google ads for shared ChatGPT, Grok guides push macOS infostealer malware

Dec 11, 2025 1:32 AM

Tags: chatgpt, google, guide, macOS, malware

A new AMOS infostealer campaign is abusing Google search ads to lure users into Grok and ChatGPT conversations that appear to offer “helpful” instructions but ultimately lead to installing the AMOS info-stealing malware on macOS. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/google-ads-for-shared-chatgpt-grok-guides-push-macos-infostealer-malware/
KI-Browser gefährden Unternehmen

Dec 10, 2025 2:32 PM

Tags: access, ai, chatgpt, ciso, cloud, gartner, injection, macOS, openai, phishing, risk, update, vulnerability

Experten warnen vor der Nutzung von KI-Browsern in Unternehmen.Die Gartner-Analysten Dennis Xu, Evgeny Mirolyubov und John Watts empfehlen Unternehmen dringend, alle KI-Browser aufgrund der Cybersicherheitsrisiken auf absehbare Zeit zu blockieren. Sie stützten ihre Empfehlung auf bereits identifizierte Risiken ‘und andere potenzielle Risiken, die noch entdeckt werden müssen, da es sich um eine sehr junge Technologie…
KI-Browser gefährden Unternehmen

Dec 10, 2025 2:32 PM

Tags: access, ai, chatgpt, ciso, cloud, gartner, injection, macOS, openai, phishing, risk, update, vulnerability

Experten warnen vor der Nutzung von KI-Browsern in Unternehmen.Die Gartner-Analysten Dennis Xu, Evgeny Mirolyubov und John Watts empfehlen Unternehmen dringend, alle KI-Browser aufgrund der Cybersicherheitsrisiken auf absehbare Zeit zu blockieren. Sie stützten ihre Empfehlung auf bereits identifizierte Risiken ‘und andere potenzielle Risiken, die noch entdeckt werden müssen, da es sich um eine sehr junge Technologie…
Classic MacOS for non-Apple PowerPC kit rediscovered

Dec 10, 2025 7:32 AM

Tags: apple, jobs, macOS

Unreleased variants that Jobs killed off found 7.6 on a G4, anyone? First seen on theregister.com Jump to article: www.theregister.com/2025/12/08/classic_macos_for_nonapple_powerpc/
Classic MacOS for non-Apple PowerPC kit rediscovered

Dec 10, 2025 7:32 AM

Tags: apple, jobs, macOS

Unreleased variants that Jobs killed off found 7.6 on a G4, anyone? First seen on theregister.com Jump to article: www.theregister.com/2025/12/08/classic_macos_for_nonapple_powerpc/
Zoom Rooms on Windows and macOS Exposed to Privilege Escalation and Data Leakage Flaws

Dec 10, 2025 5:33 AM

Tags: attack, cve, cyber, data, data-breach, flaw, macOS, software, unauthorized, update, vulnerability, windows

Zoom has released security patches addressing two critical vulnerabilities in Zoom Rooms deployments on both Windows and macOS. The vulnerabilities expose users to privilege escalation attacks and unauthorized software manipulation, prompting immediate update recommendations across enterprise environments. The first vulnerability, tracked as CVE-2025-67460, affects Zoom Rooms for Windows with a High severity rating. This flaw…