Advertisement
JINX-0164 Targets Crypto Firms with macOS Malware and Fake Lures
The JINX-0164 threat actor targets cryptocurrency firms via recruitment-themed social engineering, macOS-specific malware, and CI/CD infrastructure exploits.
AI-Assisted macOS Kernel Exploit on Apple M5 Hardware
Security researchers used Anthropic’s Mythos AI to develop a macOS kernel memory corruption exploit for the Apple M5 chip in just five days. Patch now.
SHub Reaper Stealer Backdoors macOS via Spoofed Apps
SHub Reaper stealer targets macOS, using fake Google, Microsoft, Apple, WeChat, and Miro installers for Apple script-based execution and backdooring.
SHub macOS Infostealer Spoofs Apple Security Updates, Installs Backdoor
A new SHub macOS infostealer variant employs fake Apple security update prompts via AppleScript to install a backdoor, threatening user data and system integrity.
CVE-2024-38812: How to Mitigate VMware Fusion Privilege Escalation
VMware Fusion 13.6 fixes a high-severity local privilege escalation flaw (CVE-2024-38812) that allows attackers to gain root access on macOS hosts.
Apple macOS Sonoma 14.5 and iOS 17.5 Patch Technical Analysis
Apple addresses critical security flaws in macOS and iOS, including kernel-level RCE and a privacy bug causing deleted media to reappear on devices.
Apple May 2024 Security Updates Address 84 Vulnerabilities
Apple's May 2024 security updates patch 84 vulnerabilities across iOS, macOS, watchOS, tvOS, and visionOS. Immediate patching is crucial for all users.
MacSync Stealer Distributed via Malicious Homebrew Ad Campaign
Malicious ads for Homebrew distribute MacSync Stealer, targeting macOS users. Threat actors leverage trusted software to deploy data-stealing malware.
Sapphire Sleet's ClickFix: North Korea Targets macOS Users
North Korea-backed Sapphire Sleet is deploying ClickFix malware via fake job offers and phony Zoom updates to steal macOS user credentials and data. Learn how to detect
OpenAI Revokes macOS App Certificate Following Supply Chain Attack
OpenAI revokes its macOS app signing certificate after a GitHub Actions workflow downloaded a malicious Axios library version during a supply chain incident.
Exchange Online Mailbox Access Issues Persist for Outlook Users
Microsoft Exchange Online users on Outlook mobile and macOS are experiencing intermittent mailbox access issues for weeks; investigation ongoing.
Apple DarkSword Protection Expands: Mitigating CVE-2023-38604 Zero-Click Exploits
Apple expands DarkSword exploit protection to all users, enhancing defenses against state-sponsored and commercial zero-click attacks like CVE-2023-38604.