Tag: macos
47 articles

ClickLock Malware Forces macOS Users to Reveal Login Passwords
Beware: a sneaky new malware called ClickLock has already compromised over 100 macOS systems in 33 countries, tricking users into revealing their login passwords. This stealthy threat has been hiding in plain sight since May, leaving a trail of vulnerable systems in its wake.

ClickLock Malware Targets macOS Users with Coercive Password Theft Tactic
Beware: a new malware called ClickLock is coercing macOS users into handing over their login passwords by rendering their desktop unusable until they comply. This sneaky tactic has already hit at least 100 targets across 33 countries since May.

PamStealer Targets Mac Users with Fake Maccy Sites and PAM Checks
Researchers have uncovered PamStealer, a sneaky macOS information stealer that tricks users into downloading it from fake Maccy sites, and it can even slip past Apple's security measures. This clever malware uses a two-stage delivery method to steal sensitive info from unsuspecting Mac users.

Cybercriminals Exploit ClickFix to Deliver Malware
Don't assume macOS is safe from cyber threats - a recent report warns that it now requires the same level of monitoring and protection as Windows to prevent malware attacks. Cybercriminals are using the ClickFix technique to deliver malware, tricking victims into running malicious commands.

Apple Bolsters Security with AI-Discovered WebKit Flaw Patches
Apple is stepping up its security game by releasing patches for over three dozen WebKit flaws, discovered with the help of AI, to protect its users from potential hacking threats. By speeding up its update process, Apple aims to outpace malicious hackers who are leveraging AI to develop exploits at an alarming rate.

macOS Flaw Enables Users to Disable EDR, MDM Tools
A security flaw in macOS has been discovered that allows users to quietly disable crucial enterprise security tools, including EDR and MDM, without needing administrator privileges. This gap in endpoint security models could leave businesses vulnerable to attacks.

MacOS Update Exposes New Artifact for Tracing Digital Intent
The latest macOS update has introduced a game-changing digital trail: the App.MenuItem stream, which meticulously logs every menu selection you make, complete with exact timestamps. This new artifact reveals a detailed narrative of your interactions with the operating system interface.

Malvertising Campaign Spreads FlutterShell Backdoor to macOS Users
macOS users beware: a sneaky malware called FlutterShell is spreading through malicious ads and infected desktop apps, allowing hackers to take control of your device and steal sensitive data. This stealthy backdoor can execute commands, access files, and even siphon off browser session info - all while masquerading as legitimate software.

Malvertising Campaign Targets macOS with FlutterShell Backdoor
Google swiftly suspended advertiser accounts linked to a massive malvertising campaign that spread a new macOS backdoor, known as FlutterShell, after researchers sounded the alarm. The culprits, tracked by Palo Alto Networks as CL-CRI-1089, used hundreds of verified Google ads and a web of shell companies to deceive ad networks.

Google Chrome Bolsters Defenses with Cookie Theft Protection Rollout
Google's new Cookie Theft Protection is a game-changer, tying session cookies to device hardware to prevent hackers from using stolen cookies to access your accounts. This cutting-edge tech binds user sessions to a machine's security chip, making it virtually impossible for thieves to get in.

ExifTool Flaw Exposes Macs to Arbitrary Command Execution
A newly discovered vulnerability in ExifTool, known as CVE-2026-3102, left Macs open to hackers who could exploit it to run malicious commands by hiding them in image metadata. This flaw allowed attackers to take control by slipping instructions into seemingly harmless image files.

Microsoft Teams Hit by macOS Update Glitch
If you're a macOS user of Microsoft Teams, you might have encountered a frustrating glitch - a location-permission dialog that just won't go away, no matter how many times you click "Don't Allow". This annoying issue started surfacing on May 11, with some users reporting they had to click "Don't Allow" up to 20 times in a row.

Reaper Stealer Targets macOS Users with Password, Wallet Theft and Backdoor Attacks
macOS users beware: Reaper Stealer malware is on the loose, stealing passwords, crypto-wallets, and installing backdoors on infected machines. This triple-threat attack puts Apple platform users and their defenders on high alert.

SHub Infostealer Variant Reaper Exploits macOS Security Updates
Researchers at SentinelOne have uncovered a sneaky new variant of the SHub macOS infostealer, called Reaper, which cleverly bypasses Apple's latest security updates by using a malicious AppleScript to trick users. This crafty malware uses fake installers to lure victims in, making it a serious threat to macOS users.

TanStack Supply Chain Attack Targets OpenAI, Forces macOS Updates
OpenAI sprang into action after detecting a sneaky supply chain attack targeting TanStack, quickly investigating and containing the threat to protect its systems. The attack impacted just two employee devices, with limited internal code repositories and credential material compromised.

macOS ClickFix Attacks Harvest Credentials via AppleScript Stealers
macOS users beware: a sneaky ClickFix campaign is using AppleScript stealers to harvest credentials from 14 browsers, 16 cryptocurrency wallets, and over 200 extensions. This targeted attack has already made off with a staggering amount of sensitive info - and it's still on the loose.
Anthropic's Claude Desktop sparks EU consent concerns
Can a single app really reach into your other software without asking for permission? The surprising behavior of Anthropic's Claude Desktop for macOS is raising eyebrows and sparking concerns about consent under EU law.

North Korea Exploits Social Engineering to Target macOS Users
Beware of a sneaky new scam where North Korean hackers trick macOS users into handing over their credentials and cryptocurrency by posing as a fake Zoom update. They're using social engineering to get you to do the work for them, making it a low-cost but hard-to-stop threat.

OpenAI Revokes macOS Certs Amid Supply Chain Breach Fallout
A recent supply chain breach has raised concerns about software trustworthiness, prompting OpenAI to revoke its macOS code-signing certificates after a malicious package was executed in its build pipeline. This swift action highlights the vulnerability of even the most secure systems to supply chain attacks.

OpenAI Disrupts macOS App Signing Process After Supply Chain Breach
OpenAI recently took swift action to protect its users by revoking a macOS app certificate after discovering a malicious library had been downloaded through a GitHub Actions workflow used to sign its applications. This move highlights the vulnerability of even trusted software signing processes to supply chain breaches, and the importance of staying vigilant in macOS app security.

MacOS ClickFix Attack Exploits Script Editor to Evade Apple Warnings
The cat-and-mouse game continues: after Apple added security warnings to Terminal, attackers behind the Atomic Stealer family adapted their ClickFix attack to exploit Script Editor instead. This latest move shows how adversaries constantly evolve to evade detection.

macOS Users Targeted in ClickFix Malware Campaign
macOS users are being targeted in a sneaky new malware campaign called ClickFix, which tricks them into executing malicious commands by abusing the Script Editor and Terminal tools. This latest attack raises a pressing question: how can we trust our trusted tools when they're being exploited by hackers?

Microsoft Grapples with Weeks-Long Exchange Online Mailbox Access Disruptions
Weeks of frustrating disruptions have left Outlook mobile and macOS users struggling to access their Exchange Online mailboxes, sparking a flurry of questions about reliability and resolution. Microsoft is actively investigating the issue, but for affected users, the wait for a fix continues.

macOS Must-Have Security Stops Admin Errors Effortlessly
Stop administrative mistakes before they become breaches: a must-have macOS safeguard quietly blocks accidental mic/camera permissions, insecure SMB v1 shares, and other everyday missteps attackers exploit. Keep the convenience you need without handing adversaries an open door.