LastPass warns of a campaign targeting macOS users with malicious apps impersonating popular software, delivered through fraudulent GitHub repositories. The campaign uses SEO tactics to promote fake apps that install the Atomic (AMOS) info-stealing malware, now with added backdoor capabilities. #LastPass #AtomicMalware #ClickFix #GitHubThreats
Tag: MACOS
ReversingLabs discovered the Shai-Hulud self-replicating worm in the npm registry that hijacks maintainer accounts, injects post-install malicious scripts, and trojanizes packages to steal tokens, keys, and other secrets while propagating across the ecosystem. Hundreds of packages (including @ctrl/tinycolor, ngx-bootstrap, and ng2-file-upload) and over 500 versions were compromised, with exfiltration to attacker-controlled webhooks and GitHub repositories named Shai-Hulud. #Shai-Hulud #@ctrl/tinycolor
![Threat Research | Weekly Recap [21 Sep 2025]](https://www.hendryadrian.com/tweet/image/WeeklyRecap.png "Threat Research | Weekly Recap [21 Sep 2025]")
Cybersecurity Threat Research ‘Weekly’ Recap. The report highlights a week of widespread vulnerability disclosures, supply-chain attacks, and ransomware trends, including a self-replicating npm worm (Shai-Hulud) and numerous loader, adware, and credential-stealing campaigns that span multiple platforms from Windows to macOS and mobile. It also covers APT/state-aligned operations, targeted phishing, and defensive tooling to enhance detection and response.
#Shai-Hulud #SystemBC #ChillyHell #Oyster #Kawa4096 #BlackLock #Qilin #Kimsuky #TA415 #TA415 WhirlCoil
North Korean threat actors are using ClickFix-style social engineering to deliver malware like BeaverTail and InvisibleFerret, targeting marketing and trading roles in cryptocurrency and retail sectors. These campaigns are evolving with the use of compiled binaries and fake job platforms, reflecting operational adaptation by Lazarus subgroup. #NorthKoreanThreats #Lazarus #BeaverTail #InvisibleFerret…
CRIL tracked over 1,045 vulnerabilities disclosed Sept 10–16, 2025, with more than 135 PoCs accelerating exploit risk and active weaponization discussed on underground forums. High-impact flaws affect Apple OS, Zimbra, Samsung Android, Adobe Commerce, and DELMIA Apriso, with exploits and a claimed Google-domain zero-day circulating. #CVE-2025-43362 #CVE-2025-54236
![Cybersecurity News | Daily Recap [20 Sep 2025]](https://www.hendryadrian.com/tweet/image/DailyRecap.png "Cybersecurity News | Daily Recap [20 Sep 2025]")
Daily Recap, Researchers expose MalTerminal and ShadowLeak, highlighting growing LLM abuse and zero-click data exfiltration risks in AI-enabled threats. The report covers state-backed operations, ransomware trends, and notable breaches involving Jaguar Land Rover, ShinyHunters, and MrBeast, underscoring the widening attack surface across AI, OT, and consumer ecosystems. #MalTerminal #ShadowLeak #Turla #Gamaredon #UNC1549 #Lapsus$Hunters #JaguarLandRover #ShinyHunters #MrBeast
LastPass warns of a widespread campaign targeting macOS users through fake GitHub repositories hosting malware disguised as legitimate tools. The attack uses SEO poisoning and multiple compromised GitHub accounts to distribute the Atomic infostealer malware, impacting various popular apps. #AtomicStealer #GitHubThreats…
A phishing campaign targets crypto influencers and developers by impersonating a popular Web3 podcast, distributing AMOS Stealer malware through fake platform websites. This sophisticated scam involves malicious macOS installers and obfuscated scripts to infect victims’ devices and steal sensitive information. #AMOSStealer #CryptoPhishing…
Daily Recap, Cybersecurity News highlights a wave of state and geopolitical activity, including APT28’s Phantom Net targeting Ukraine and TA415’s Silent Spy operations leveraging VS Code remote tunnels, plus AI-driven disinformation tied to Romania and cross-border attacks against India’s infrastructure. The cybercrime section notes high-profile breaches (Tiffany, Insight Partners, Brevard) and evolving tooling (CountLoader, SystemBC) alongside AI-enabled phishing and credential theft on cloud platforms, with notable incidents like Scattered Spider and JLR, and regulatory actions shaping the risk landscape. #PhantomNet #SilentSpy #RomaniaInfluence #IndiaAttacks #AfghanistanNetban #PolandResponse #ScatteredTeens #JLRAttack #CountLoader #SystemBC #RevengeHotels #SonicWallNotice #ShadowLeak #AICrypto #ShinyHunters #GhostActionTokens #Shai-hulud #SilentSync #GlassAction
MCP tools expose new attack surfaces where malicious tool metadata, parameters, or orchestration across servers can enable prompt injection, data exfiltration, and privilege escalation. The article details examples (obfuscated instructions, rug-pulls, cross-tool orchestration), detection via LLM prompts, and defensive recommendations like sandboxing, least privilege, and requiring human approval. #MCP #FastMCP
Cybersecurity researchers uncovered two malicious Python packages in PyPI that deploy the SilentSync remote access trojan on Windows, Linux, and macOS systems. These packages use sophisticated mechanisms to exfiltrate data, execute commands, and avoid detection, exemplifying the rising threat of software supply chain attacks. #SilentSync #PyPI #SupplyChainAttacks…
Google has released security updates for Chrome to fix four vulnerabilities, including a zero-day that has been exploited in the wild. The high-severity flaw, CVE-2025-10585, is a type confusion bug in the V8 engine that could lead to arbitrary code execution. #CVE-2025-10585 #V8JavaScriptEngine…
Google urgently updates Chrome to fix the critical CVE-2025-10585 vulnerability in the V8 JavaScript engine, which is actively exploited in attacks. Users must update their browsers immediately to prevent potential system compromises. #CVE-2025-10585 #ChromiumV8…
A self-replicating worm called “Shai-hulud” is rapidly infecting npm packages by stealing credentials and exfiltrating sensitive data through compromised GitHub repositories. The attack exploits npm tokens and GitHub access, turning private repositories public and adding malicious workflows, representing a significant supply chain threat. #Shaihulud #npmsecurity #GitHubThreats…
Zscaler ThreatLabz discovered two malicious PyPI packages, sisaws and secmeasure, that deliver the Python-based RAT SilentSync which provides remote command execution, file exfiltration, screen capture, and browser data theft. The packages use typosquatting and a Pastebin-hosted payload fetched via a hex-decoded curl command, with SilentSync communicating to C2 at 200.58.107[.]25 and the Pastebin raw URL https://pastebin[.]com/raw/jaH2uRE1. #SilentSync #sisaws