Cybersecurity researchers have uncovered a sophisticated malware campaign that uses paid search ads and manipulated GitHub links to deliver malicious payloads, targeting Western European IT and software firms. The campaign employs advanced evasion techniques like encrypted payloads and GPU-based decryption routines, posing significant threats to organizations. #GPUGate #Malvertising…
Tag: MACOS
Cybercriminals exploited secrets stolen during the Nx supply chain attack to publicly release over 6,700 private repositories, leading to widespread data exposure. The attack involved malicious Nx package versions, AI CLI exploitation, and data exfiltration of sensitive credentials and files, impacting hundreds of users and organizations. #NxSupplyChain #s1ngularity #GitHubRepositories #AIExfiltration…
Electron CVE-2025-55305 is a framework-level bypass that allows attackers to backdoor Chromium-based applications by tampering with V8 heap snapshot files, enabling unsigned JavaScript to run despite integrity checks. Proofs of concept showed backdoors in Signal, 1Password (patched in v8.11.8-40), Slack, and Chrome derivatives by overwriting snapshots to clobber builtins like Array.isArray….
The Nx “s1ngularity” supply chain attack led to the leak of thousands of account tokens and repository secrets, affecting millions of users and exposing sensitive data. The incident involved a malicious NPM package with post-install malware and advanced prompt tuning techniques employed by threat actors. #Nx #s1ngularity #GitHub #NPM #telemetry.js
![Cybersecurity News | Daily Recap [05 Sep 2025]](https://www.hendryadrian.com/tweet/image/DailyRecap.png "Cybersecurity News | Daily Recap [05 Sep 2025]")
Two major vulnerabilities and patch guidance dominated this recap, including active exploitation of SAP S/4HANA (CVE-2025-42957) and Sitecore (CVE-2025-53690) zero-days prompting rapid patching and monitoring. The report also covers notable APT activity, law enforcement actions, data breaches, and evolving malware campaigns affecting organizations and industries worldwide. #CVE-2025-42957 #CVE-2025-53690 #NotDoor #Kimsuky #GhostRedirector #PowerSchool #JLR #SalesforceDrift
Forcepoint and CloudSEK analysis identifies a clickfix campaign that impersonates Microsoft Teams to deliver the Odyssey AppleScript stealer, which harvests credentials, browser cookies, Apple Notes, and numerous desktop/extension cryptocurrency wallets before zipping and exfiltrating data to a C2. The malware establishes persistence via LaunchDaemons and replaces Ledger Live with a trojanized version to enable long-term access and financial theft. #Odyssey #LedgerLive
Cybersecurity researchers have uncovered a malware campaign using SVG files to carry out phishing attacks impersonating the Colombian judicial system. The campaign employs obfuscated code to bypass antivirus detection and targets macOS users with information stealers like Atomic macOS Stealer. #SVGPhishing #AtomicMacOSStealer…
North Korean hackers have targeted over 230 individuals through fake cryptocurrency job interviews, employing sophisticated social engineering techniques. These attacks include impersonating finance companies and exploiting advanced malware like ClickFix and RemotePE. #ContagiousInterview #NorthKoreanHackers…
GLOBAL Ransomware is a mid-2025 RaaS rebrand of earlier families like Mamona and BlackLock that offers multi-platform payloads, an AI negotiation chatbot, and unusually high affiliate revenue shares to rapidly scale operations. Its campaigns target high-impact sectors (notably healthcare) across the U.S., Europe, Australia and Brazil and use affiliate-supplied initial access, ChaCha20-Poly1305 encryption, and Tor-based leak/negotiation portals. #GLOBAL #BlackLock
Trend Research analyzed an Atomic macOS Stealer (AMOS) campaign that lures macOS users with trojanized “cracked” apps and malicious copy‑paste Terminal commands to install a data‑stealer. The campaign uses rotating redirector domains and URL rotation to evade takedowns and exfiltrates stolen credentials, browser data, crypto wallets, Telegram data, keychain items, and…
North Korea-aligned actors behind the Contagious Interview cluster used cyber threat intelligence platforms (Validin, VirusTotal, Maltrail) and coordinated team workflows (likely Slack) to monitor, scout, and rapidly replace exposed infrastructure while conducting ClickFix social engineering against job seekers in the crypto sector. SentinelLABS recovered ContagiousDrop server logs showing over 230 victims and numerous IOCs including domains, IPs, email addresses, and SHA-1 hashes. #ContagiousInterview #ClickFix
This article features an interview with MacSync, a rebranded macOS stealer project with a MaaS business model, highlighting its features and market position. The discussion also covers future developments, industry competition, and evolving cybersecurity threats targeting Mac users. #MacSync #MacOSStealer
Browser-based attack techniques have become the primary threat in 2025, targeting the browser as the new battleground for enterprise security. Effective detection and response are crucial as attackers exploit browser vulnerabilities, phishing, malicious code, and OAuth integrations to compromise business data. #AiTM #ClickFix
A Lazarus subgroup targeting financial and cryptocurrency organizations used social engineering and likely a Chrome zero-day to deploy multiple RATs — PondRAT, ThemeForestRAT and RemotePE — progressing from initial loaders to a more advanced in-memory RAT. The actor used phantom DLL persistence via PerfhLoader, extensive discovery tools, and cleaned up artifacts before deploying RemotePE, linking activity to AppleJeus, POOLRAT, Citrine Sleet and Gleaming Pisces. #PondRAT #ThemeForestRAT
Google has released Chrome 140 with patches for six vulnerabilities, including a critical use-after-free bug in the V8 JavaScript engine. Users are encouraged to update their browsers to mitigate potential exploits targeting these security flaws. #V8JavaScriptEngine #UseAfterFree #ChromeSecurity…