macOS Archives • Page 5 of 7 • Daily CyberSecurity

XCSSET Malware Returns with Enhanced Capabilities to Target macOS Users macOS malware 2024 XCSSET

XCSSET Malware Returns with Enhanced Capabilities to Target macOS Users

Do Son February 17, 2025

Microsoft Threat Intelligence has discovered a new variant of the XCSSET malware targeting macOS users. This sophisticated...

North Korean-Linked Malware ‘FlexibleFerret’ Expands macOS Attack Surface North Korean Laptop Farm DPRK Insider Threat North Korea WMD Cyber Funding, Australia Sanctions Insider threat, North Korean hackers Kimsuky, cyber-espionage NPM Malware, North Korea Cyber-espionage North Korea, Remote IT Job Scam Laptop Farm - DriverEasy - Kimsuky Watering Hole Attack

North Korean Laptop Farm DPRK Insider Threat North Korea WMD Cyber Funding, Australia Sanctions Insider threat, North Korean hackers Kimsuky, cyber-espionage NPM Malware, North Korea Cyber-espionage North Korea, Remote IT Job Scam Laptop Farm - DriverEasy - Kimsuky Watering Hole Attack

North Korean-Linked Malware ‘FlexibleFerret’ Expands macOS Attack Surface

Do Son February 5, 2025

Cybersecurity researchers at SentinelOne have uncovered new macOS malware variants attributed to North Korean threat actors, expanding...

Crazy Evil Cryptoscam Group Steals Millions from Crypto Enthusiasts Crazy Evil Cryptoscam Gang

Crazy Evil Cryptoscam Group Steals Millions from Crypto Enthusiasts

Do Son January 28, 2025

The Insikt Group has uncovered the operations of a prolific Russian-speaking cybercriminal group, named Crazy Evil, which...

Homebrew Phishing Site Appears in Google Search, Raising Concerns

Do Son January 21, 2025

In a recent discovery, a phishing website targeting Homebrew, an open-source package manager for macOS, was found...

Lazarus APT Targets Job Seekers with “Contagious Interview” Campaign Using ClickFix Technique Mercenary Akula European Financial Targeting AI-Generated Malware React2Shell Exploit UAT-8837 Critical Infrastructure Attack APT36, BOSS Linux BRICKSTORM Malware, China Espionage Curly COMrades, MucorAgent Chinese APT - HTTP Client Tools Shuckworm Cyber Espionage

Mercenary Akula European Financial Targeting AI-Generated Malware React2Shell Exploit UAT-8837 Critical Infrastructure Attack APT36, BOSS Linux BRICKSTORM Malware, China Espionage Curly COMrades, MucorAgent Chinese APT - HTTP Client Tools Shuckworm Cyber Espionage

Lazarus APT Targets Job Seekers with “Contagious Interview” Campaign Using ClickFix Technique

Do Son January 18, 2025

North Korea’s notorious Lazarus APT group has been observed employing advanced social engineering tactics in a campaign...

Yubico Addresses Authentication Bypass Vulnerability CVE-2025-23013 in pam-u2f Package

Do Son January 16, 2025

Yubico, a leading provider of security keys and authentication solutions, has issued a security advisory to address...

Microsoft Unveils CVE-2024-44243: A macOS System Integrity Protection Bypass Through Kernel Extensions

Do Son January 13, 2025

Microsoft Defender Research Team has revealed a macOS vulnerability—CVE-2024-44243—that allows attackers to bypass Apple’s robust System Integrity...

Recruitment Scam Targets Job Seekers with Fake CrowdStrike Branding CrowdStrike phishing campaign

Recruitment Scam Targets Job Seekers with Fake CrowdStrike Branding

Do Son January 10, 2025

Recently, CrowdStrike uncovered a phishing campaign exploiting its trusted recruitment branding to distribute the XMRig cryptominer. Disguised...

Malware Alert: Banshee Stealer Targets macOS Users macOS malware 2024 XCSSET

Malware Alert: Banshee Stealer Targets macOS Users

Do Son January 9, 2025

Cybersecurity researchers at Check Point Research (CPR) have identified a new and sophisticated version of the Banshee...

macOS Vulnerability CVE-2024-54527 Unveiled: TCC Bypass PoC Exploit Code Released Apple Zero-Day CVE-2025-43529 WebKit Zero-Day, Targeted iOS Spyware Apple spyware alerts, zero-click attacks Apple, trademark lawsuit CVE-2024-54527 PoC exploit Apple, App Store

Apple Zero-Day CVE-2025-43529 WebKit Zero-Day, Targeted iOS Spyware Apple spyware alerts, zero-click attacks Apple, trademark lawsuit CVE-2024-54527 PoC exploit Apple, App Store

macOS Vulnerability CVE-2024-54527 Unveiled: TCC Bypass PoC Exploit Code Released

Do Son January 8, 2025

A detailed technical and a proof-of-concept (PoC) exploit code from security researcher Mickey Jin has unveiled a...

SysBumps: Breaking Kernel Address Space Layout Randomization on macOS for Apple Silicon DarkSword exploit kit iOS 18.7.7 security update CVE-2024-44308 & CVE-2024-44309 Apple appeal, Epic Games lawsuit

DarkSword exploit kit iOS 18.7.7 security update CVE-2024-44308 & CVE-2024-44309 Apple appeal, Epic Games lawsuit

SysBumps: Breaking Kernel Address Space Layout Randomization on macOS for Apple Silicon

Do Son January 2, 2025

In a recent study, researchers from Korea University have unveiled “SysBumps,” the first successful Kernel Address Space...

NotLockBit: New Cross-Platform Ransomware Threatens Windows and macOS NotLockBit Ransomware

NotLockBit: New Cross-Platform Ransomware Threatens Windows and macOS

Do Son December 22, 2024

Pranita Pradeep Kulkarni, Senior Engineer in Threat Research at Qualys, has detailed a new ransomware strain dubbed...

Researcher Details CVE-2024-44131 – A Critical TCC Bypass in macOS and iOS Apple Background Security CVE-2026-20643 Apple Background Security Improvement Apple Backdoor Apple Lawsuit, Data Exfiltration CVE-2024-44131 - CVE-2025-24118 PoC

Apple Background Security CVE-2026-20643 Apple Background Security Improvement Apple Backdoor Apple Lawsuit, Data Exfiltration CVE-2024-44131 - CVE-2025-24118 PoC

Researcher Details CVE-2024-44131 – A Critical TCC Bypass in macOS and iOS

Do Son December 10, 2024

Jamf Threat Labs has identified a vulnerability in Apple’s Transparency, Consent, and Control (TCC) security framework. Designated...

Meeten Malware: AI-Powered Cyber Campaign Targets Web3 Professionals ahost.exe DLL Sideloading Signed Application Abuse PS1Bot, malware ransomware attacks bill

ahost.exe DLL Sideloading Signed Application Abuse PS1Bot, malware ransomware attacks bill

Meeten Malware: AI-Powered Cyber Campaign Targets Web3 Professionals

Do Son December 9, 2024

Cado Security Labs has uncovered a highly sophisticated cyber campaign targeting professionals in the Web3 space. At...

Godot Engine Compromised: Malware Distributed via GodLoader mal

Godot Engine Compromised: Malware Distributed via GodLoader

Do Son November 28, 2024

Check Point Research has identified the misuse of the Godot game engine—a popular, open-source tool for game...

macOS Security Compromised: Novel Exploit Bypasses Sandbox Protections

Do Son November 14, 2024

A newly discovered vulnerability in macOS could allow attackers to bypass critical security mechanisms and gain unauthorized...

JavaScript Drive-By Attacks: New Exploits without 0-Day in Google Chrome Google Chrome Helper

JavaScript Drive-By Attacks: New Exploits without 0-Day in Google Chrome

Do Son November 11, 2024

Security researcher Ron Masas from Imperva Threat Research has uncovered a new way attackers can target Chrome...

Ethereum Smart Contracts Enable Evasive C2 in New Supply Chain Attack Ethereum Smart Contracts Malware

Ethereum Smart Contracts Enable Evasive C2 in New Supply Chain Attack

Do Son November 6, 2024

A recent report from the Checkmarx Security Research Team reveals a sophisticated supply chain attack targeting the...

Gatekeeper Bypass: Malicious Apps Could Slip Through macOS Defenses

Do Son October 18, 2024

A new report from Unit 42 researchers has uncovered significant weaknesses in macOS’s Gatekeeper security mechanism, which...

HM Surf (CVE-2024-44133): macOS Flaw Exposing Cameras and Microphones to Hackers, PoC Published CVE-2024-44133 - HM Surf

HM Surf (CVE-2024-44133): macOS Flaw Exposing Cameras and Microphones to Hackers, PoC Published

Do Son October 17, 2024

In a significant discovery by Microsoft Threat Intelligence, a vulnerability in macOS, identified as CVE-2024-44133, has been...

Critical Alert 1 Active Exploit Detected Today