Attackers created multiple spoofed Homebrew installer sites that copied brew.sh but forced users to use a page Copy button which injects a hidden malicious shell command into the clipboard, leading to parallel download and execution of payloads like Odyssey Stealer. Kandji observed the infrastructure, Russian-language code comments suggesting payload-as-a-service and exfiltration to Telegram, and listed domains and a malicious curl command used in the campaign. #OdysseyStealer #HomebrewOnline
Tag: MACOS
Cybersecurity researchers have uncovered a campaign targeting WordPress sites with malicious JavaScript injections leading to site redirection and malware distribution. The campaign uses sophisticated techniques like remote payload loading and cache smuggling to evade detection and deliver malicious content, emphasizing the importance of securing WordPress environments and implementing strong security measures….
A new FileFix social engineering attack uses cache smuggling to covertly download malicious ZIP files, bypassing security measures. The attack impersonates a Fortinet VPN compliance check to trick users into executing hidden PowerShell commands. #FileFix #CacheSmuggling #ThreatActors #FortinetVPN
Attackers are commoditizing the ClickFix social-engineering technique into phishing kits like the IUAM ClickFix Generator to automate creation of spoofed browser-verification pages that trick victims into manually executing malware. Observed campaigns delivered DeerStealer and Odyssey infostealer using clipboard-injection and OS-detection features from hosted phishing pages. #IUAM_ClickFix_Generator #DeerStealer #Odyssey…
A critical vulnerability (CVE-2025-59489) in Unity allows attackers to execute arbitrary code via malicious command-line arguments, mainly impacting applications supporting debugging features. Updates released by Unity, Microsoft, and Valve aim to mitigate the risk, but the threat poses significant concerns for affected systems. #UnityCVE #UnityPlayerDll…
A critical vulnerability in the Unity game engine allows remote code execution and privilege escalation across multiple platforms, impacting popular games and real-time applications. Developers and users are urged to update their Unity versions to mitigate the risk, with official advisories from Valve and Microsoft. #CVE-2025-59489 #UnityVulnerability
This article explores the innovative use of AWS X-Ray as a covert communication channel for command and control (C2) in cyber operations, bypassing traditional detection methods. It details the attack flow, setup procedures, and tools involved, emphasizing the stealth capabilities of cloud infrastructure exploitation. #MeetC2 #XRayC2…
A security vulnerability in Unity versions 2017.1 and later has prompted urgent security updates and game removals across platforms like Steam. Despite no current exploits, developers are urged to update and patch their projects to prevent potential risks. #UnityVulnerability #GameSecurity…
Encrypted DNS enhances online privacy by encrypting DNS queries using protocols like DoH, DoT, and others, preventing third parties from monitoring or manipulating internet traffic. Popular providers such as NextDNS, Cloudflare DNS, and AdGuard DNS offer secure, customizable, and privacy-focused DNS services that help protect users from threats and censorship. #NextDNS #CloudflareDNS #AdGuardDNS
Microsoft is addressing a bug in Defender for Endpoint that incorrectly flags Dell device BIOS as outdated, leading to unnecessary update prompts. The company has developed a fix and is preparing for deployment, while also resolving other security issues affecting macOS, Microsoft Teams, and Exchange Online. #Dell #DefenderForEndpoint
Google has introduced an AI-powered security feature for Google Drive that detects and pauses file syncing during ransomware attacks, protecting stored documents. This innovative tool leverages AI trained on real-world ransomware samples and is available to many Google Workspace users, enhancing backup recovery and threat response. #GoogleDrive #RansomwareDetection
This article emphasizes the importance of managing Windows privacy settings to control data collection and prevent leaks. It highlights tools and practices for enhancing privacy, including disabling telemetry and carefully configuring permissions. #O&OShutUp10++ #PrivacySexy
ASEC observed attacks against exposed MS-SQL servers that used weak credentials to install JuicyPotato for privilege escalation and deploy the XiebroC2 C2 framework, often alongside CoinMiner. The report includes specific IOCs and configuration details for XiebroC2 such as HostPort, Protocol, ListenerName, and AesKey. #XiebroC2 #JuicyPotato…
Apple has released security updates across iOS, macOS, and other platforms to fix a critical font parser vulnerability (CVE-2025-43400). These patches address a flaw that could allow malicious fonts to cause memory corruption or remote code execution, emphasizing the importance of timely updates. #CVE-2025-43400 #AppleSecurityUpdate…
Guardio uncovered ClickFix, a browser-based stealer that used fake CAPTCHA pages to trick users into executing a malicious PowerShell command and exfiltrate credentials, and published 172 IoCs including 156 domains and 16 IPs. WhoisXML API’s analysis expanded those IoCs—finding thousands of related domains, IPs, registrant- and email-linked domains, and early warnings for 30 domains—and linked broad DNS and WHOIS artifacts to the campaign. #ClickFix #Guardio