-
Lazarus Group is abusing “ClickFix” social engineering to push a new macOS malware kit dubbed “Mach-O Man,” giving attackers a direct path to credentials, Keychain secrets, and corporate access in fintech and crypto environments. This research is autho…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Researchers are warning that widely trusted local tools such as macOS’s textutil and KeePassXC can pose unexpected security risks when used within automated workflows. The issue is not traditional vulnerabilities such as memory corruption or code…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A new macOS-focused cyber campaign linked to the North Korean threat actor Sapphire Sleet, highlighting how attackers are increasingly relying on social engineering rather than software vulnerabilities to compromise systems. Rather than exploiting secu…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A sophisticated macOS-focused cyber campaign orchestrated by the North Korean threat actor Sapphire Sleet, revealing a shift toward social engineering over traditional software exploitation. Instead of relying on vulnerabilities, the attackers trick us…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
OpenAI rotates macOS certificates after downloading a compromised Axios version, urging users to update apps before revoked certificates are blocked in May 2026.
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Hackers are abusing ClickFix commands and booby-trapping DMG installers to deliver a new macOS stealer called notnullOSX, built to loot high-value crypto wallets from Mac users. The story starts with 0xFFF, a malware developer who abruptly quit a major…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A refreshed ClickFix campaign that swaps macOS Terminal for Script Editor to deliver an Atomic Stealer payload to unsuspecting Mac users quietly. By abusing the applescript:// URL scheme, attackers sidestep Apple’s new paste-protection in Terminal on m…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A North Korea–nexus threat actor has hijacked the popular Axios NPM package in a high‑impact software supply chain attack that can silently backdoor Windows, macOS, and Linux systems. Between March 31, 2026, 00:21 and 03:20 UTC, attackers used a compro…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
Apple has silently introduced a new security mechanism in macOS Tahoe 26.4 to protect users against social engineering campaigns known as ClickFix attacks. This defense intercepts potentially harmful commands before they are pasted into the Terminal ap…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
-
A newly discovered macOS infostealer dubbed Infiniti Stealer is being actively distributed through deceptive Cloudflare-style CAPTCHA pages, marking a notable evolution in social engineering attacks targeting Apple users. Initially tracked as “NukeChai…
¶¶¶¶¶
¶¶¶¶¶
¶¶¶¶¶
