Collecting Cyber-News from over 60 sources

Tag: macOS

Neue Gefahr für macOS: DigitStealer stiehlt Daten unbemerkt

Nov 28, 2025 7:49 AM

Tags: macOS, threat

Ein aktueller Fund des Threat-Labs-Teams von Jamf zeigt, dass macOS-Nutzer einer neuen Form von Datendiebstahl ausgesetzt sind. First seen on it-daily.net Jump to article: www.it-daily.net/it-sicherheit/cybercrime/macos-digitstealer-stiehlt-daten
macOS Infostealer “DigitStealer” hinterlässt kaum Spuren in betroffenen Systemen

Nov 26, 2025 3:50 PM

Tags: Hardware, macOS

Dies deutet darauf hin, dass die Angreifer hinter DigitStealer ein tiefgreifendes Verständnis von macOS-Betriebssystemen aufweisen. Insbesondere die Aufteilung der Payloads und die Nutzung von Hardware-Prüfungen First seen on infopoint-security.de Jump to article: www.infopoint-security.de/macos-infostealer-digitstealer-hinterlaesst-kaum-spuren-in-betroffenen-systemen/a42971/
Hackers Trick macOS Users into Running Terminal Commands to Install FlexibleFerret Malware

Nov 26, 2025 12:49 PM

Tags: cyber, hacker, jobs, macOS, malicious, malware, north-korea, social-engineering, tactics, threat

North Korean-aligned threat actors are leveraging convincing fake job recruitment websites to deceive macOS users into executing malicious Terminal commands that deliver the FlexibleFerret malware, according to recent analysis from Jamf Threat Labs. The campaign, attributed to the Contagious Interview operation, represents a refined iteration of social engineering tactics designed to bypass macOS security protections,…
Hackers Trick macOS Users into Running Terminal Commands to Install FlexibleFerret Malware

Nov 26, 2025 12:49 PM

Tags: cyber, hacker, jobs, macOS, malicious, malware, north-korea, social-engineering, tactics, threat

North Korean-aligned threat actors are leveraging convincing fake job recruitment websites to deceive macOS users into executing malicious Terminal commands that deliver the FlexibleFerret malware, according to recent analysis from Jamf Threat Labs. The campaign, attributed to the Contagious Interview operation, represents a refined iteration of social engineering tactics designed to bypass macOS security protections,…
DPRK’s FlexibleFerret Tightens macOS Grip

Nov 25, 2025 11:49 PM

Tags: credentials, macOS, scam, social-engineering, tactics

The actor behind the Contagious Interview campaign is continuing to refine its tactics and social engineering scams to wrest credentials from macOS users. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/dprks-flexibleferret-tightens-macos-grip
New FlexibleFerret Malware Chain Targets macOS With Go Backdoor

Nov 25, 2025 3:49 PM

Tags: access, backdoor, credentials, macOS, malware

A new macOS malware chain using staged scripts and a Go-based backdoor has been attributed to FlexibleFerret, designed to steal credentials and maintain system access First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/flexibleferret-malware-macos-go/
Google Brings AirDrop Compatibility to Android’s Quick Share Using Rust-Hardened Security

Nov 21, 2025 7:49 PM

Tags: android, apple, google, iphone, macOS, rust, service

In a surprise move, Google on Thursday announced that it has updated Quick Share, its peer-to-peer file transfer service, to work with Apple’s equipment AirDrop, allowing users to more easily share files and photos between Android and iPhone devices.The cross-platform sharing feature is currently limited to the Pixel 10 lineup and works with iPhone, iPad,…
Google Brings AirDrop Compatibility to Android’s Quick Share Using Rust-Hardened Security

Nov 21, 2025 7:49 PM

Tags: android, apple, google, iphone, macOS, rust, service

In a surprise move, Google on Thursday announced that it has updated Quick Share, its peer-to-peer file transfer service, to work with Apple’s equipment AirDrop, allowing users to more easily share files and photos between Android and iPhone devices.The cross-platform sharing feature is currently limited to the Pixel 10 lineup and works with iPhone, iPad,…
Google Brings AirDrop Compatibility to Android’s Quick Share Using Rust-Hardened Security

Nov 21, 2025 7:49 PM

Tags: android, apple, google, iphone, macOS, rust, service

In a surprise move, Google on Thursday announced that it has updated Quick Share, its peer-to-peer file transfer service, to work with Apple’s equipment AirDrop, allowing users to more easily share files and photos between Android and iPhone devices.The cross-platform sharing feature is currently limited to the Pixel 10 lineup and works with iPhone, iPad,…
Google Brings AirDrop Compatibility to Android’s Quick Share Using Rust-Hardened Security

Nov 21, 2025 7:49 PM

Tags: android, apple, google, iphone, macOS, rust, service

In a surprise move, Google on Thursday announced that it has updated Quick Share, its peer-to-peer file transfer service, to work with Apple’s equipment AirDrop, allowing users to more easily share files and photos between Android and iPhone devices.The cross-platform sharing feature is currently limited to the Pixel 10 lineup and works with iPhone, iPad,…
Tsundere Botnet Targets Windows, Linux macOS via Node.js Packages

Nov 20, 2025 9:49 PM

Tags: botnet, cyber, kaspersky, linux, macOS, russia, supply-chain, threat, windows

A Russian-speaking threat actor attributed to the username >>koneko
MacOS DigitStealer malware poses as DynamicLake, targets Apple Silicon M2/M3 devices

Nov 20, 2025 2:49 PM

Tags: apple, google, macOS, malware

A new infostealer is targeting macOS users by masquerading as the legitimate DynamicLake UI enhancement and productivity utility and possibly Google’s Drive for desktop app. … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/11/20/macos-digitstealer-malware-poses-as-dynamiclake-targets-apple-silicon-m2-m3-devices/
MacOS DigitStealer malware poses as DynamicLake, targets Apple Silicon M2/M3 devices

Nov 20, 2025 2:49 PM

Tags: apple, google, macOS, malware

A new infostealer is targeting macOS users by masquerading as the legitimate DynamicLake UI enhancement and productivity utility and possibly Google’s Drive for desktop app. … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/11/20/macos-digitstealer-malware-poses-as-dynamiclake-targets-apple-silicon-m2-m3-devices/
Nova Stealer Targets macOS Users, Swaps Legit Apps to Steal Crypto Wallets

Nov 19, 2025 9:49 PM

Tags: crypto, cyber, macOS, malicious, malware, threat, update

A sophisticated new macOS malware campaign dubbed >>Nova Stealer
New Security Tools Target Growing macOS Threats

Nov 14, 2025 10:49 PM

Tags: apple, macOS, malware, threat, tool

A public dataset and platform-agnostic analysis tool aim to help organizations in the fight against Apple-targeted malware, which researchers say has lacked proper attention. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/new-security-tools-target-growing-macos-threats
Advanced macOS DigitStealer Uses Multi-Stage Attack Chain to Evade Detection

Nov 14, 2025 1:49 PM

Tags: attack, cyber, detection, macOS, malicious, threat

Jamf Threat Labs has identified a new family of malicious stealers tracked as DigitStealer, representing a significant evolution in macOS-targeted malware. Unlike traditional infostealers that follow linear execution paths, DigitStealer introduced sophisticated multi-stage attack techniques, extensive anti-analysis checks, and novel persistence mechanisms, demonstrating the threat actors’ deep understanding of macOS architecture. The DigitStealer campaign begins…
New ClickFix Attack Targeting Windows and macOS Users to Deploy Infostealer Malware

Nov 13, 2025 9:49 AM

Tags: attack, credentials, cyber, exploit, infection, macOS, malware, social-engineering, software, threat, windows

Security researchers have uncovered a sophisticated malware campaign that leverages the ClickFix social engineering technique to distribute information-stealing malware across Windows and macOS platforms. The campaign demonstrates how threat actors are exploiting legitimate search queries for cracked software to deliver devastating payloads that compromise user credentials and sensitive data.paste.txt”‹ The infection chain begins when users…
AppleScript Abused to Spread Fake Zoom and Teams macOS Updates

Nov 12, 2025 8:49 PM

Tags: apple, hacker, macOS, malware, update

Hackers use AppleScript to disguise macOS malware as fake app updates, bypassing Apple’s protections. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/applescript-abused-to-spread-fake-zoom-and-teams-macos-updates/
AppleScript Abused to Spread Fake Zoom and Teams macOS Updates

Nov 12, 2025 8:49 PM

Tags: apple, hacker, macOS, malware, update

Hackers use AppleScript to disguise macOS malware as fake app updates, bypassing Apple’s protections. First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/threats/applescript-abused-to-spread-fake-zoom-and-teams-macos-updates/
Rideshare giant moves 200 Macs out of the cloud, saves $2.4 million

Nov 7, 2025 7:20 PM

Tags: apple, cloud, macOS

Grab tried to virtualize macOS, but Apple doesn’t make that easy First seen on theregister.com Jump to article: www.theregister.com/2025/11/07/grab_macos_cloud_repatriation_savings/
9 top bug bounty programs launched in 2025

Nov 7, 2025 2:20 PM

Tags: ai, api, apple, attack, best-practice, browser, bug-bounty, chatgpt, chrome, cloud, computer, corporate, cyber, cybersecurity, data, defense, exploit, finance, flaw, framework, google, government, hacker, hacking, healthcare, identity, infrastructure, injection, intelligence, iphone, macOS, microsoft, mitigation, mobile, nis-2, nvidia, openai, phishing, risk, service, spyware, strategy, technology, theft, threat, unauthorized, update, vulnerability, zero-day

Bug bounty programs focus in 2025: For ethical hackers, best practice for bug bounty hunting in 2025 involves thorough reconnaissance of a target organization’s technology stack, rather than just running automated tools.Leading bug bounty platforms such as Bugcrowd, HackerOne, Synack, YesWeHack, and Intigriti offer rewards for identifying and reporting security vulnerabilities. Platforms connect ethical hackers…
9 top bug bounty programs launched in 2025

Nov 7, 2025 2:20 PM

Tags: ai, api, apple, attack, best-practice, browser, bug-bounty, chatgpt, chrome, cloud, computer, corporate, cyber, cybersecurity, data, defense, exploit, finance, flaw, framework, google, government, hacker, hacking, healthcare, identity, infrastructure, injection, intelligence, iphone, macOS, microsoft, mitigation, mobile, nis-2, nvidia, openai, phishing, risk, service, spyware, strategy, technology, theft, threat, unauthorized, update, vulnerability, zero-day

Bug bounty programs focus in 2025: For ethical hackers, best practice for bug bounty hunting in 2025 involves thorough reconnaissance of a target organization’s technology stack, rather than just running automated tools.Leading bug bounty platforms such as Bugcrowd, HackerOne, Synack, YesWeHack, and Intigriti offer rewards for identifying and reporting security vulnerabilities. Platforms connect ethical hackers…
9 top bug bounty programs launched in 2025

Nov 7, 2025 2:20 PM

Tags: ai, api, apple, attack, best-practice, browser, bug-bounty, chatgpt, chrome, cloud, computer, corporate, cyber, cybersecurity, data, defense, exploit, finance, flaw, framework, google, government, hacker, hacking, healthcare, identity, infrastructure, injection, intelligence, iphone, macOS, microsoft, mitigation, mobile, nis-2, nvidia, openai, phishing, risk, service, spyware, strategy, technology, theft, threat, unauthorized, update, vulnerability, zero-day

Bug bounty programs focus in 2025: For ethical hackers, best practice for bug bounty hunting in 2025 involves thorough reconnaissance of a target organization’s technology stack, rather than just running automated tools.Leading bug bounty platforms such as Bugcrowd, HackerOne, Synack, YesWeHack, and Intigriti offer rewards for identifying and reporting security vulnerabilities. Platforms connect ethical hackers…
9 top bug bounty programs launched in 2025

Nov 7, 2025 2:20 PM

Tags: ai, api, apple, attack, best-practice, browser, bug-bounty, chatgpt, chrome, cloud, computer, corporate, cyber, cybersecurity, data, defense, exploit, finance, flaw, framework, google, government, hacker, hacking, healthcare, identity, infrastructure, injection, intelligence, iphone, macOS, microsoft, mitigation, mobile, nis-2, nvidia, openai, phishing, risk, service, spyware, strategy, technology, theft, threat, unauthorized, update, vulnerability, zero-day

Bug bounty programs focus in 2025: For ethical hackers, best practice for bug bounty hunting in 2025 involves thorough reconnaissance of a target organization’s technology stack, rather than just running automated tools.Leading bug bounty platforms such as Bugcrowd, HackerOne, Synack, YesWeHack, and Intigriti offer rewards for identifying and reporting security vulnerabilities. Platforms connect ethical hackers…
9 top bug bounty programs launched in 2025

Nov 7, 2025 2:20 PM

Tags: ai, api, apple, attack, best-practice, browser, bug-bounty, chatgpt, chrome, cloud, computer, corporate, cyber, cybersecurity, data, defense, exploit, finance, flaw, framework, google, government, hacker, hacking, healthcare, identity, infrastructure, injection, intelligence, iphone, macOS, microsoft, mitigation, mobile, nis-2, nvidia, openai, phishing, risk, service, spyware, strategy, technology, theft, threat, unauthorized, update, vulnerability, zero-day

Bug bounty programs focus in 2025: For ethical hackers, best practice for bug bounty hunting in 2025 involves thorough reconnaissance of a target organization’s technology stack, rather than just running automated tools.Leading bug bounty platforms such as Bugcrowd, HackerOne, Synack, YesWeHack, and Intigriti offer rewards for identifying and reporting security vulnerabilities. Platforms connect ethical hackers…
9 top bug bounty programs launched in 2025

Nov 7, 2025 2:20 PM

Tags: ai, api, apple, attack, best-practice, browser, bug-bounty, chatgpt, chrome, cloud, computer, corporate, cyber, cybersecurity, data, defense, exploit, finance, flaw, framework, google, government, hacker, hacking, healthcare, identity, infrastructure, injection, intelligence, iphone, macOS, microsoft, mitigation, mobile, nis-2, nvidia, openai, phishing, risk, service, spyware, strategy, technology, theft, threat, unauthorized, update, vulnerability, zero-day

Bug bounty programs focus in 2025: For ethical hackers, best practice for bug bounty hunting in 2025 involves thorough reconnaissance of a target organization’s technology stack, rather than just running automated tools.Leading bug bounty platforms such as Bugcrowd, HackerOne, Synack, YesWeHack, and Intigriti offer rewards for identifying and reporting security vulnerabilities. Platforms connect ethical hackers…
Google Issues Emergency Chrome 142 Update to Fix Multiple High-Risk Vulnerabilities

Nov 6, 2025 4:19 PM

Tags: android, browser, chrome, control, google, linux, macOS, remote-code-execution, risk, update, vulnerability, windows

Google has rolled out an emergency update for its Chrome browser, version 142, to address a series of serious remote code execution (RCE) vulnerabilities that could allow attackers to take control of affected systems. The update, released on November 5, 2025, is being distributed gradually across desktop platforms, Windows, macOS, and Linux, as well as…
Google Issues Emergency Chrome 142 Update to Fix Multiple High-Risk Vulnerabilities

Nov 6, 2025 4:19 PM

Tags: android, browser, chrome, control, google, linux, macOS, remote-code-execution, risk, update, vulnerability, windows

Google has rolled out an emergency update for its Chrome browser, version 142, to address a series of serious remote code execution (RCE) vulnerabilities that could allow attackers to take control of affected systems. The update, released on November 5, 2025, is being distributed gradually across desktop platforms, Windows, macOS, and Linux, as well as…
Critical React Native NPM Vulnerability Exposes Developer Systems to Remote Attacks

Nov 5, 2025 5:19 PM

Tags: attack, cve, flaw, linux, macOS, open-source, remote-code-execution, vulnerability, windows

A severe vulnerability was discovered in the React Native Community CLI, a popular open-source package downloaded nearly two million times every week by developers building cross-platform applications. Tracked as CVE-2025-11953, this flaw allows unauthenticated remote code execution across Windows, macOS, and Linux systems. In practical terms, attackers can execute arbitrary commands on a developer’s machine…
Apple-Updates: iOS 26.1; macOS 26.1 und mehr (3. Nov. 2025)

Nov 4, 2025 9:19 AM

Tags: apple, iphone, macOS, update

Apple hat zum 3. November 2025 diverse Sicherheitsupdates für seine Betriebssysteme macOS und iOS bzw. iPadOS veröffentlich. Für iPhone und iPad ist beispielsweise iOS 26.1 erschienen. Auch macOS hat diverse Sicherheitsupdates erhalten. Die Liste der Updates lässt sich auf dieser … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/11/04/apple-updates-ios-26-1-macos-26-1-und-mehr-3-nov-2025/