Tag: macOS
-
Hackers Target macOS Users with Fake Homebrew Websites to Deliver Malicious Payloads
In September 2025, Kandji’s security researchers uncovered a sophisticated campaign in which attackers deployed multiple spoofed Homebrew installer sites that perfectly mimic the official brew.sh page. These counterfeit domains served a hidden malicious payload under the guise of the standard Homebrew installation script. This exposé delves into the tactics, infrastructure, and impact of this alarming…
-
Hackers Target macOS Users with Fake Homebrew Websites to Deliver Malicious Payloads
In September 2025, Kandji’s security researchers uncovered a sophisticated campaign in which attackers deployed multiple spoofed Homebrew installer sites that perfectly mimic the official brew.sh page. These counterfeit domains served a hidden malicious payload under the guise of the standard Homebrew installation script. This exposé delves into the tactics, infrastructure, and impact of this alarming…
-
AWS Client VPN for macOS Hit by Critical Privilege Escalation Vulnerability
Amazon Web Services (AWS) released bulletin AWS-2025-020 detailing a serious flaw in the macOS version of its Client VPN software. The issue, tracked as CVE-2025-11462, arises when the VPN client fails to validate the log destination directory during log rotation. CVE ID Affected Products Impact Exploit Prerequisites CVSS 3.1 Score CVE-2025-11462 AWS Client VPN Client…
-
AWS Client VPN for macOS Hit by Critical Privilege Escalation Vulnerability
Amazon Web Services (AWS) released bulletin AWS-2025-020 detailing a serious flaw in the macOS version of its Client VPN software. The issue, tracked as CVE-2025-11462, arises when the VPN client fails to validate the log destination directory during log rotation. CVE ID Affected Products Impact Exploit Prerequisites CVSS 3.1 Score CVE-2025-11462 AWS Client VPN Client…
-
Windows und Android: Google schließt schwerwiegende Lücken in Chrome
Ein Pufferüberlauf in Chrome für Windows, MacOS, Linux und Android erlaubt unter Umständen eine Remotecodeausführung. First seen on golem.de Jump to article: www.golem.de/news/windows-und-android-google-schliesst-schwerwiegende-luecken-in-chrome-2510-200916.html
-
Unity Warns Developers of Security Vulnerability Affecting Games on Android, Windows, and Linux Platforms
A recently disclosed security vulnerability in Unity has prompted security updates and, in some cases, game removals across platforms like Steam. The issue affects Unity versions 2017.1 and later, spanning a wide range of games and applications released over the last several years. According to Unity, this Unity vulnerability impacts software built for Android, Windows, macOS,…
-
Apple strengthens storage flexibility with new disk image formats
Apple’s release of macOS 26 Tahoe introduced a new disk image format and updated an older one, both of which are drawing attention from system testers and forensic examiners. … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/10/03/apple-disk-image-format/
-
Hohes Sicherheitsrisiko: BSI warnt vor kritischer Lücke in Apples iOS, iPadOS und macOS
First seen on t3n.de Jump to article: t3n.de/news/sicherheitsrisiko-bsi-luecke-apples-ios-ipados-macos-1710284/
-
Google Adds AI-Powered Ransomware Protection and Recovery to Drive for Desktop
This new ransomware detection is available in beta in Google Drive for desktop on Windows or macOS, with a general release expected by the end of the year. The post Google Adds AI-Powered Ransomware Protection and Recovery to Drive for Desktop appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-google-drive-ai-ransomware-detection/
-
Apple Security Update Addresses Critical Font Parser Vulnerability Across Multiple Platforms
Apple has rolled out a series of important security updates across multiple platforms, addressing a vulnerability affecting the system font parser. These Apple security updates cover iOS, iPadOS, macOS, visionOS, watchOS, and tvOS. First seen on thecyberexpress.com Jump to article: thecyberexpress.com/apple-security-updates/
-
Apple Font Parser Vulnerability Allowing Memory Corruption Attacks
Apple has released a security update for macOS Sequoia 15.7.1 to address a serious vulnerability in its font parser. The flaw, tracked as CVE-2025-43400, allows a maliciously crafted font file to trigger an out-of-bounds write. Exploitation could cause unexpected application crashes or corrupt process memory on affected systems. Apple patched this issue on September 29, 2025, as…
-
WhatsApp 0-Click Flaw Abused via Malicious DNG Image File
A newly discoveredzero-click remote code execution (RCE)vulnerability in WhatsApp is putting millions of Apple users at risk. Researchers from DarkNavyOrg have demonstrated a proof-of-concept (PoC) exploit that leverages two distinct flaws to compromise iOS, macOS, and iPadOS devices without any user interaction. The attack chain begins with CVE-2025-55177, a critical logic error in WhatsApp’s message…
-
New ModStealer Evades Antivirus, Targets macOS Users to Steal Sensitive Data
A sophisticated new malware strain targeting macOS users has emerged, capable of bypassing traditional antivirus solutions while specifically targeting developers and cryptocurrency holders. The cross-platform threat, dubbed ModStealer, represents the latest evolution in macOS-focused cybercrime, highlighting the growing security challenges facing Apple users in 2024. ModStealer was first identified by cybersecurity firm Mosyle and reported through…
-
Google Project Zero Discloses Apple Vulnerability Allowing ASLR Bypass
Google Project Zero researcher Jann Horn has disclosed a novel vulnerability in Apple’s macOS and iOS systems that could potentially allow attackers to bypass Address Space Layout Randomization (ASLR) protections through pointer leaks in serialization processes. Vulnerability Overview The vulnerability exploits a technique that leverages pointer-keyed data structures in Apple’s NSKeyedArchiver serialization framework to leak…
-
Google Project Zero Discloses Apple Vulnerability Allowing ASLR Bypass
Google Project Zero researcher Jann Horn has disclosed a novel vulnerability in Apple’s macOS and iOS systems that could potentially allow attackers to bypass Address Space Layout Randomization (ASLR) protections through pointer leaks in serialization processes. Vulnerability Overview The vulnerability exploits a technique that leverages pointer-keyed data structures in Apple’s NSKeyedArchiver serialization framework to leak…
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 64
Security Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape Malware Newsletter Brewing Trouble, Dissecting a macOS Malware Campaign Large-Scale Attack Targeting Macs via GitHub Pages Impersonating Companies to Attempt to Deliver Stealer Malware Prompts as Code & Embedded Keys – The Hunt for LLM-Enabled […]…
-
Microsoft uncovers new variant of XCSSET macOS malware in targeted attacks
Microsoft Threat Intelligence researchers found a new XCSSET macOS malware variant used in limited attacks. Microsoft Threat Intelligence researchers have discovered a new version of the macOS malware XCSSET that has been employed in limited attacks. Trend Micro first spotted the malware in 2020 when it was spreading through Xcode projects and exploiting two zero-day vulnerabilities…
-
Microsoft spots fresh XCSSET malware strain hiding in Apple dev projects
Upgraded nasty slips into Xcode builds, steals crypto, and disables macOS defenses First seen on theregister.com Jump to article: www.theregister.com/2025/09/26/microsoft_xcsset_macos/
-
New macOS XCSSET Variant Targets Firefox with Clipper and Persistence Module
Cybersecurity researchers have discovered an updated version of a known Apple macOS malware called XCSSET that has been observed in limited attacks.”This new variant of XCSSET brings key changes related to browser targeting, clipboard hijacking, and persistence mechanisms,” the Microsoft Threat Intelligence team said in a Thursday report.”It employs sophisticated encryption and obfuscation First seen…
-
Zorin OS 18 beta makes Linux look like anything but Linux
Windows, macOS, Cinnamon, even iPadOS all just a layout switch away First seen on theregister.com Jump to article: www.theregister.com/2025/09/24/zorin_os_18_beta/
-
New XCSSET Malware Variant Targets macOS App Developers
Cybersecurity researchers have discovered an advanced variant of the XCSSET malware specifically targeting macOS developers through infected Xcode projects, introducing sophisticated clipboard hijacking and enhanced data exfiltration capabilities. Microsoft Threat Intelligence has identified yet another XCSSET variant in the wild that introduces further updates and new modules beyond those detailed in previous security analyses. The…
-
Microsoft warns of new XCSSET macOS malware variant targeting Xcode devs
Microsoft Threat Intelligence reports that a new variant of the XCSSET macOS malware has been detected in limited attacks, incorporating several new features, including enhanced browser targeting, clipboard hijacking, and improved persistence mechanisms. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/microsoft-warns-of-new-xcsset-macos-malware-variant-targeting-xcode-devs/
-
LastPass: Fake password managers infect Mac users with malware
LastPass is warning users of a campaign that targets macOS users with malicious software impersonating popular products delivered through fraudulent GitHub repositories. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/lastpass-fake-password-managers-infect-mac-users-with-malware/
-
Malicious GitHub pages lure MacOS users into installing Atomic infostealer
MacOS users looking to download popular software such as LastPass, 1Password, After Effects, Gemini, and many others are in danger of getting saddled with the Atomic … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/09/22/macos-infostealer-campaign-github/
-
Beware: GitHub repos distributing Atomic Infostealer on macOS
LastPass warns macOS users of fake GitHub repos distributing Atomic infostealer malware disguised as legitimate tools. LastPass warns macOS users about fake GitHub repositories spreading malware disguised as legitimate tools, redirecting victims to download the Atomic macOS infostealer. >>The LastPass Threat Intelligence, Mitigation, and Escalation (TIME) team is tracking an ongoing, widespread infostealer campaign targeting…
-
Hackers Abuse GitHub Pages to Spread Stealer Malware to macOS Users
A sophisticated malware campaign is targeting Mac users through fraudulent GitHub repositories that masquerade as legitimate software downloads, with threat actors exploiting search engine optimization tactics to deliver malicious links directly to unsuspecting victims. The LastPass Threat Intelligence, Mitigation, and Escalation team has identified an ongoing widespread infostealer operation that specifically targets macOS users through…
-
Hackers Abuse GitHub Pages to Spread Stealer Malware to macOS Users
A sophisticated malware campaign is targeting Mac users through fraudulent GitHub repositories that masquerade as legitimate software downloads, with threat actors exploiting search engine optimization tactics to deliver malicious links directly to unsuspecting victims. The LastPass Threat Intelligence, Mitigation, and Escalation team has identified an ongoing widespread infostealer operation that specifically targets macOS users through…
-
LastPass Warns of Fake Repositories Infecting macOS with Atomic Infostealer
LastPass is warning of an ongoing, widespread information stealer campaign targeting Apple macOS users through fake GitHub repositories that distribute malware-laced programs masquerading as legitimate tools.”In the case of LastPass, the fraudulent repositories redirected potential victims to a repository that downloads the Atomic infostealer malware,” researchers Alex Cox, Mike Kosak, and First seen on thehackernews.com…
-
Fake Empire Podcast Invites Target Crypto Industry with macOS AMOS Stealer
Hackers are posing as Empire podcast hosts, tricking crypto influencers and developers with fake interview invites to deliver macOS AMOS Stealer malware. First seen on hackread.com Jump to article: hackread.com/fake-empire-podcast-invites-crypto-macos-amos-stealer/
-
Malicious PyPI Packages Deliver SilentSync RAT
IntroductionZscaler ThreatLabz regularly monitors for threats in the popular Python Package Index (PyPI), which contains open source libraries that are frequently used by many Python developers. In July 2025, a malicious Python package named termncolor was identified by ThreatLabz. Just a few weeks later, on August 4, 2025, ThreatLabz uncovered two more malicious Python packages…