![Threat Research | Weekly Recap [24 Aug 2025]](https://www.hendryadrian.com/tweet/image/WeeklyRecap.png "Threat Research | Weekly Recap [24 Aug 2025]")
The weekly Cybersecurity Threat Research recap highlights significant ransomware operations, including SharePoint exploitation by WarLock and advanced RaaS variants targeting multiple platforms. It also covers emerging backdoors like Cornflake V3 and PipeMagic, sophisticated phishing campaigns such as Salty 2FA, and targeted APT campaigns like APT36 and Static Tundra. #WarLock #CornflakeV3
Tag: MACOS
![Cybersecurity News | Daily Recap [23 Aug 2025]](https://www.hendryadrian.com/tweet/image/DailyRecap.png "Cybersecurity News | Daily Recap [23 Aug 2025]")
This cybersecurity recap highlights the ongoing activities of state-linked APT groups such as Murky Panda, Silk Typhoon, and APT36, which employ supply-chain tactics and zero-day exploits against SaaS providers and government targets. Additionally, it covers recent malware campaigns involving GeoServer, Redis, Shamos, and cybercrime law enforcement efforts across Africa. #MurkyPanda #SilkTyphoon #APT36 #GeoServer #Shamos #Interpol
Apple addressed a zero-day vulnerability (CVE-2025-43300) in iOS, iPadOS, and macOS that could lead to memory corruption through malicious images. The fix came after reports of sophisticated exploits targeting specific individuals. #CVE202543300 #AppleVulnerability…
Chinese-linked groups such as Silk Typhoon and Murky Panda continue to increase cloud and telecom espionage activities across North America, exploiting zero-day vulnerabilities to compromise cloud trust and steal sensitive data. The report also highlights major ransomware breaches involving DaVita and Nissan, law enforcement operations disrupting cybercrime, critical vulnerabilities in software systems, and evolving malware delivery techniques. #SilkTyphoon #MurkyPanda #DaVita #Qilin #Atomic #VShell #CORNFLAKEV3
A new Mac-targeting infostealer malware called ‘Shamos’, developed by “COOKIE SPIDER”, is spreading through ClickFix attacks that trick users with fake troubleshooting guides. This malware steals sensitive data, including credentials, cryptocurrency wallets, and browser information, and has been detected in over 300 environments worldwide since June 2025. #Shamos #COOKIE_SPIDER
A recent vulnerability in Apple products, CVE-2025-43300, has prompted urgent patching by government agencies due to its exploitation in targeted attacks. The flaw affects Apple’s ImageIO framework and can be triggered by malicious images, which may be delivered via messages or web content. #CVE-2025-43300 #AppleSecurity #ImageIOVulnerability…
CrowdStrike reports an increase in attacks targeting macOS users with a variant of the Atomic macOS Stealer (AMOS), called SHAMOS. The campaign used malvertising and fraudulent websites to trick users into executing malicious commands that steal credentials and other sensitive data. #AtomicMacOSStealer #SHAMOS #CookieSpider #macOSThreats…
This daily recap highlights urgent vulnerabilities patched by Apple, Docker, Chrome, and Cisco, emphasizing the importance of timely updates. It also covers ongoing exploits by Russian APT groups targeting Cisco devices, significant data breaches, and advancements in malware infrastructure attacks. #CVE-2025-43300 #CVE-2025-9074 #CVE-2025-9132 #AV25-532 #StaticTundra #BerserkBear #CiscoExploit #Qilin #ScatteredSpider
ClickFix is a social-engineering technique that tricks users into copying, pasting, and executing malicious commands (via Run, PowerShell, Terminal, etc.) to deliver in-memory loaders, infostealers, RATs, and rootkits across Windows and macOS. Microsoft observed widespread campaigns delivering payloads such as Lumma Stealer, Lampion, MintsLoader, Latrodectus, and AMOS and recommends user education, device hardening, and Defender XDR protections. #LummaStealer #Lampion
Apple has released security updates to fix a zero-day vulnerability in the ImageIO framework, which has been actively exploited in targeted attacks. These updates address multiple zero-day flaws and enhance security across iOS, iPadOS, and macOS systems. #CVE-2025-43300 #ImageIO #macOS #iOS #iPadOS…
Apple rapidly released security patches for its iOS, iPadOS, and macOS devices to fix a zero-day vulnerability exploited in targeted attacks. This out-of-bounds write bug in the ImageIO framework could lead to memory corruption and was potentially exploited by commercial spyware vendors. #CVE-2025-43300 #ImageIO…
Between June and August 2025, COOKIE SPIDERβs SHAMOS (an AMOS variant) was distributed via malvertising and malicious one-line installation commands to target macOS users across many countries, with CrowdStrike Falcon blocking attempts to compromise over 300 customer environments. The campaign used Base64-obfuscated URLs and Bash scripts to bypass Gatekeeper, capture credentials…
Apple has issued urgent updates to fix a zero-day vulnerability, CVE-2025-43300, exploited in highly sophisticated targeted attacks. This flaw involved out-of-bounds write in the Image I/O framework, affecting numerous Apple devices with potential for remote cβ¦
Google Chrome 139 has fixed a critical vulnerability in the V8 JavaScript engine, identified as CVE-2025-9132, which could potentially be exploited for malicious purposes. The flaw was discovered by Big Sleep AI, an automated vulnerability detection system developed by Google DeepMind and Project Zero. #CVE-2025-9132 #V8JavaScriptEngine…
A critical vulnerability in Google Chrome’s V8 JavaScript engine has been identified, potentially allowing remote code execution. Users are urged to update to the latest Chrome version to stay protected from exploitation attempts. #CVEβ2025β9132 #V8 #GoogleChrome…