Collecting Cyber-News from over 60 sources

Tag: macOS

New Wave of Odyssey Stealer Targets macOS Users in Active Cyberattack Campaign

Feb 6, 2026 9:13 AM

Tags: cyber, cyberattack, data, germany, macOS, malware

A significant surge in Odyssey Stealer activity is currently targeting macOS users across multiple continents, with recent telemetry data revealing a dramatic geographic expansion of this sophisticated information-stealing campaign. Security researchers have observed newly updated malware samples spreading rapidly beyond their initial focus areas, now affecting users in the United Kingdom, Germany, Italy, Canada, Brazil,…
macOS Users Hit by Python Infostealers Posing as AI Installers

Feb 5, 2026 4:14 PM

Tags: ai, crypto, google, macOS, microsoft, password, tool

Microsoft details 3 Python Infostealers hitting macOS users via fake AI tools, Google ads, and Terminal tricks to steal passwords and crypto, then erase traces. First seen on hackread.com Jump to article: hackread.com/macos-users-python-infostealers-posing-ai-installers/
macOS Users Hit by Python Infostealers Posing as AI Installers

Feb 5, 2026 4:14 PM

Tags: ai, crypto, google, macOS, microsoft, password, tool

Microsoft details 3 Python Infostealers hitting macOS users via fake AI tools, Google ads, and Terminal tricks to steal passwords and crypto, then erase traces. First seen on hackread.com Jump to article: hackread.com/macos-users-python-infostealers-posing-ai-installers/
>>Can You Hear Me?<< BlueNoroff Hackers Use Fake Audio Glitch to Breach macOS

Feb 5, 2026 5:13 AM

Tags: breach, hacker, macOS

The post >>Can You Hear Me?<< BlueNoroff Hackers Use Fake Audio Glitch to Breach macOS appeared first on Daily CyberSecurity. First seen on securityonline.info Jump to article: securityonline.info/can-you-hear-me-bluenoroff-hackers-use-fake-audio-glitch-to-breach-macos/
Info-Stealing malware expands from Windows to macOS

Feb 4, 2026 2:13 PM

Tags: attack, macOS, malware, microsoft, social-engineering, windows

Microsoft warns info-stealing attacks are expanding from Windows to macOS, using cross-platform languages like Python and abusing trusted platforms. Microsoft warns info-stealing attacks are rapidly expanding from Windows to macOS, using cross-platform languages like Python and abusing trusted platforms. Since late 2025, Microsoft has seen a surge in macOS infostealer attacks using social engineering, fake…
Microsoft Warns Python Infostealers Target macOS via Fake Ads and Installers

Feb 4, 2026 10:13 AM

Tags: apple, attack, macOS, microsoft, social-engineering, windows

Microsoft has warned that information-stealing attacks are “rapidly expanding” beyond Windows to target Apple macOS environments by leveraging cross-platform languages like Python and abusing trusted platforms for distribution at scale.The tech giant’s Defender Security Research Team said it observed macOS-targeted infostealer campaigns using social engineering techniques such as ClickFix since First seen on thehackernews.com Jump…
Chrome Flaws Enable Arbitrary Code Execution and System Crashes

Feb 4, 2026 9:13 AM

Tags: advisory, browser, chrome, cyber, exploit, flaw, google, linux, macOS, update, vulnerability, windows

Google has released a new Stable Channel update for Chrome (version 144.0.7559.132/.133) on February 3, 2026, addressing two high”‘severity vulnerabilities that could allow attackers to execute arbitrary code or cause system crashes. The update is rolling out gradually for Windows, macOS, and Linux users. According to Google’s security advisory, both vulnerabilities were discovered recently and could be exploited…
Infostealer Attacks Hit macOS, Abusing Python and Trusted Platforms

Feb 3, 2026 11:14 PM

Tags: attack, cloud, credentials, crypto, cyber, data, macOS, social-engineering, threat

A sharp rise in campaigns targeting macOS users, while attackers also ramp up Python”‘based stealers and abuse trusted platforms like WhatsApp and popular PDF utilities. These attacks focus on harvesting credentials, browser data, cloud keys, and cryptocurrency wallets, then quietly exfiltrating them to attacker”‘controlled infrastructure. On macOS, threat actors increasingly rely on social engineering and…
Fake Compliance Emails Weaponize Word and PDF Attachments to Steal Sensitive Data

Feb 3, 2026 11:14 PM

Tags: business, compliance, cyber, data, email, macOS, malicious, phishing

A newly observed phishing campaign is abusing fake “audit/compliance confirmation” emails to target macOS users and steal highly sensitive data. The campaign uses convincing business-themed lures and malicious attachments that masquerade as Word or PDF files to trick employees into executing an AppleScript-based payload. Attackers begin by sending emails asking recipients to “confirm the company’s…
OpenAI releases Codex macOS app for agent-based software development

Feb 3, 2026 1:13 PM

Tags: ai, macOS, openai, programming, software

OpenAI has launched the new Codex app for macOS, a dedicated workspace for managing multiple AI coding agents in parallel. The app is designed to help developers reduce … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/02/03/openai-codex-macos-app/
Open-Source-Alternative zu WSUS für Windows, Linux und macOS – Nach dem WSUS-Ende wird OPSI zur kostenlosen Alternative

Feb 3, 2026 12:13 PM

Tags: linux, macOS, open-source, windows

First seen on security-insider.de Jump to article: www.security-insider.de/opsi-wsus-alternative-open-source-a-d6d2a3f7544135385bfbec3a62fe7bae/
New GlassWorm attack targets macOS via compromised OpenVSX extensions

Feb 3, 2026 12:13 AM

Tags: attack, credentials, crypto, data, macOS, malware, password

A new GlassWorm malware attack through compromised OpenVSX extensions focuses on stealing passwords, crypto-wallet data, and developer credentials and configurations from macOS systems. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-glassworm-attack-targets-macos-via-compromised-openvsx-extensions/
Open Directory Exposure Leaks BYOB Framework Across Windows, Linux, and macOS

Jan 29, 2026 4:26 PM

Tags: access, control, crypto, cyber, data-breach, exploit, framework, leak, linux, macOS, tool, windows

An exposed command-and-control server hosting a complete deployment of the BYOB (Build Your Own Botnet) framework, a sophisticated post-exploitation tool targeting Windows, Linux, and macOS systems. The discovery, made through Hunt.io’s AttackCapture tooling, reveals an active campaign that has operated for approximately ten months with multi-platform remote access capabilities and integrated cryptocurrency mining operations. The…
MacSync macOS Infostealer Exploits ClickFix-style Attack to Trick Users with Single Terminal Command

Jan 23, 2026 4:34 PM

Tags: access, attack, credentials, crypto, cyber, exploit, Hardware, login, macOS, malware, microsoft, phishing, service, social-engineering, tool

A sophisticated macOS infostealer campaign that leverages deceptive ClickFix-style social engineering to distribute MacSync, a Malware-as-a-Service (MaaS) credential-stealing tool targeting cryptocurrency users. The attack chain begins with phishing redirects and culminates in persistent access through trojanized hardware wallet applications. The campaign initiates with credential harvesters impersonating Microsoft login pages. Analysis of crosoftonline[.]com/login[.]srf a domain spoofing official Microsoft…
Logitech macOS mouse mayhem traced to expired dev certificate

Jan 8, 2026 11:01 AM

Tags: macOS

Company says it dropped the ball, apologizes for wasting people’s time First seen on theregister.com Jump to article: www.theregister.com/2026/01/08/logitech_mouse_chaos/
Malicious NPM Packages Deliver NodeCordRAT

Jan 7, 2026 9:02 PM

Tags: access, api, attack, breach, browser, chrome, cloud, control, credentials, crypto, data, email, endpoint, infrastructure, linux, login, macOS, malicious, malware, network, open-source, password, powershell, rat, service, software, supply-chain, theft, threat, vulnerability, windows

IntroductionZscaler ThreatLabz regularly monitors the npm database for suspicious packages. In November 2025, ThreatLabz identified three malicious packages: bitcoin-main-lib, bitcoin-lib-js, and bip40. The bitcoin-main-lib and bitcoin-lib-js packages execute a postinstall.cjs script during installation, which installs bip40, the package that contains the malicious payload. This final payload, named NodeCordRAT by ThreatLabz, is a remote access trojan (RAT) with data-stealing capabilities. It is also possible to download bip40…
Malicious NPM Packages Deliver NodeCordRAT

Jan 7, 2026 9:02 PM

Tags: access, api, attack, breach, browser, chrome, cloud, control, credentials, crypto, data, email, endpoint, infrastructure, linux, login, macOS, malicious, malware, network, open-source, password, powershell, rat, service, software, supply-chain, theft, threat, vulnerability, windows

IntroductionZscaler ThreatLabz regularly monitors the npm database for suspicious packages. In November 2025, ThreatLabz identified three malicious packages: bitcoin-main-lib, bitcoin-lib-js, and bip40. The bitcoin-main-lib and bitcoin-lib-js packages execute a postinstall.cjs script during installation, which installs bip40, the package that contains the malicious payload. This final payload, named NodeCordRAT by ThreatLabz, is a remote access trojan (RAT) with data-stealing capabilities. It is also possible to download bip40…
Logitech Options+, G HUB macOS apps break after certificate expires

Jan 7, 2026 8:01 PM

Tags: apple, macOS

Logitech’s Options+ and G Hub apps on macOS stopped working after their code-signing certificate expired, leaving users unable to launch them on Apple systems. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/hardware/logitech-options-plus-g-hub-macos-apps-break-after-certificate-expires/
Logitech Options+, G HUB macOS apps break after certificate expires

Jan 7, 2026 8:01 PM

Tags: apple, macOS

Logitech’s Options+ and G Hub apps on macOS stopped working after their code-signing certificate expired, leaving users unable to launch them on Apple systems. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/hardware/logitech-options-plus-g-hub-macos-apps-break-after-certificate-expires/
Logitech Options+, G HUB macOS apps break after certificate expires

Jan 7, 2026 8:01 PM

Tags: apple, macOS

Logitech’s Options+ and G Hub apps on macOS stopped working after their code-signing certificate expired, leaving users unable to launch them on Apple systems. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/hardware/logitech-options-plus-g-hub-macos-apps-break-after-certificate-expires/
Critical macOS Flaw Lets Attackers Bypass Apple Privacy Controls Without Consent

Jan 7, 2026 6:01 PM

Tags: access, apple, control, data, flaw, macOS, privacy, vulnerability

A newly disclosed macOS vulnerability bypasses Apple’s TCC privacy controls, allowing silent access to files, microphone data, and user activity. The post Critical macOS Flaw Lets Attackers Bypass Apple Privacy Controls Without Consent appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-macos-flaw-apple-privacy-controls/
macOS Flaw Enables Silent Bypass of Apple Privacy Controls

Jan 6, 2026 4:52 PM

Tags: access, apple, control, flaw, macOS, privacy, vulnerability

A macOS vulnerability (CVE-2025-43530) allows attackers to silently bypass TCC privacy controls and access sensitive user data. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/macos-flaw-enables-silent-bypass-of-apple-privacy-controls/
macOS Flaw Allows TCC Bypass, Exposing Sensitive User Information

Jan 6, 2026 3:52 PM

Tags: apple, control, cve, cyber, data, flaw, framework, macOS, service, unauthorized, vulnerability

Apple’s accessibility framework has been found vulnerable to a critical Transparency, Consent, and Control (TCC) bypass that exposes sensitive user data and enables arbitrary AppleScript execution. Researchers have disclosed CVE-2025-43530, a vulnerability in the ScreenReader.The framework’s MIG service permits attackers to execute unauthorized AppleScript commands and send AppleEvents to protected processes without user consent. The…
Product showcase: Blokada for Android gives users control over network traffic

Jan 6, 2026 7:52 AM

Tags: android, control, macOS, network, privacy, windows

Blokada is a network privacy and ad-blocking application available on Android, iOS, Windows, macOS, and Linux. It is designed to reduce ads, block trackers, and limit unwanted … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/01/06/product-showcase-blokada-android-control-network-traffic/
Einheitliches Gerätemanagement für macOS – Cortado erweitert MDM-Plattform um Mac-Management

Jan 2, 2026 9:52 AM

Tags: macOS

First seen on security-insider.de Jump to article: www.security-insider.de/cortado-erweitert-mdm-plattform-um-mac-management-a-7054066857997770a15e6eed37c3a8a9/
New GlassWorm malware wave targets Macs with trojanized crypto wallets

Jan 1, 2026 8:52 PM

Tags: crypto, macOS, malicious, malware

A fourth wave of the “GlassWorm” campaign is targeting macOS developers with malicious VSCode/OpenVSX extensions that deliver trojanized versions of crypto wallet applications. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-glassworm-malware-wave-targets-macs-with-trojanized-crypto-wallets/
ThreatsDay Bulletin: GhostAd Drain, macOS Attacks, Proxy Botnets, Cloud Exploits, and 12+ Stories

Jan 1, 2026 5:52 PM

Tags: attack, botnet, breach, cloud, exploit, jobs, macOS, scam, threat

The first ThreatsDay Bulletin of 2026 lands on a day that already feels symbolic, new year, new breaches, new tricks. If the past twelve months taught defenders anything, it’s that threat actors don’t pause for holidays or resolutions. They just evolve faster. This week’s round-up shows how subtle shifts in behavior, from code tweaks to…
GlassWorm Malware Turns VS Code Extensions into an Attack Vector Against macOS

Dec 31, 2025 6:52 PM

Tags: attack, cyber, macOS, malicious, malware, marketplace, threat

GlassWorm has returned with a dangerous new evolution. The notorious self-propagating malware, which first surfaced in October as an invisible Unicode-based threat in VS Code extensions, has completed a significant platform pivot to macOS with 50,000 downloads and a fully operational infrastructure. Security researchers have identified three malicious extensions on the Open VSX marketplace linked…
New MacSync macOS Stealer Uses Signed App to Bypass Apple Gatekeeper

Dec 24, 2025 7:19 PM

Tags: apple, cybersecurity, macOS

Cybersecurity researchers have discovered a new variant of a macOS information stealer called MacSync that’s delivered by means of a digitally signed, notarized Swift application masquerading as a messaging app installer to bypass Apple’s Gatekeeper checks.”Unlike earlier MacSync Stealer variants that primarily rely on drag-to-terminal or ClickFix-style techniques, this sample adopts a more First seen…
Reworked MacSync Stealer Adopts Quieter Installation Process

Dec 23, 2025 6:19 PM

Tags: apple, macOS, malware

A newly discovered macOS malware mimics legitimate apps code-signed and notarized by Apple First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/signed-variant-macsync-stealer/