Google and Mozilla have issued security patches for Chrome and Firefox to address high-severity vulnerabilities, including remote code execution risks. These updates help protect users from potential exploits targeting browser weaknesses using advanced vulnerability detection tools like Google’s Big Sleep AI. #V8JavaScriptEngine #BigSleepAI…
Tag: MACOS
![Threat Research | Weekly Recap [17 Aug 2025]](https://www.hendryadrian.com/tweet/image/WeeklyRecap.png "Threat Research | Weekly Recap [17 Aug 2025]")
This weekly recap highlights ongoing phishing campaigns involving malware like Lokibot and cyber-espionage activities by threat actors such as Sidewinder, Educated Manticore, and Lazarus Group. It emphasizes evolving tactics including supply-chain risks, zero-…
![Cybersecurity News | Daily Recap [14 Aug 2025]](https://www.hendryadrian.com/tweet/image/DailyRecap.png "Cybersecurity News | Daily Recap [14 Aug 2025]")
This Cybersecurity News recap highlights recent vulnerabilities in HTTP/2 protocol, exploited flaws in N-able N-central, Zoom, and FortiSIEM, leading to critical patches and urgent updates. It also covers expanding malware campaigns, data breaches affecting go…
From Sept–Dec 2024 JPCERT/CC observed incidents using CrossC2 (a C/C++-based Cross-platform Cobalt Strike Beacon/builder) together with tools like PsExec, Plink, SystemBC, and a custom Nim loader dubbed ReadNimeLoader to deploy Cobalt Strike Beacons across multiple countries. The campaign shows overlaps with BlackBasta-related infrastructure and techniques, and JPCERT/CC published a CrossC2 config parser to aid analysis. #CrossC2 #ReadNimeLoader
Cybercriminals are using Unicode homoglyphs, such as the Japanese character ん, to create convincing phishing links that mimic legitimate domains like Booking.com and Intuit. These tactics aim to deceive users into clicking malicious links that lead to malware …
Japan’s CERT observed cyberattacks using CrossC2, a tool that extends Cobalt Strike capabilities to multiple platforms including Linux and macOS. The attacks involved sophisticated malware loaders like ReadNimeLoader, which deploy in-memory shellcode to evade detection. #CrossC2 #ReadNimeLoader…
Researchers observed a ClickFix phishing campaign targeting macOS that delivers an AppleScript-based stealer (Odyssey Stealer) via a fake CAPTCHA and terminal “base64 -d | bash” command, harvesting browsers, crypto wallets, Keychain items, and files before exfiltrating to a remote server. IOCs and protections show the infrastructure centered on 45.146.130[.]131 and the phishing domain tradingviewen[.]com. #OdysseyStealer #tradingviewen #45.146.130.131
REVENANT describes a five-stage, fileless attack methodology that persists across endpoints, application UI resources, clipboard history, AI model context, and telemetry channels to evade traditional detection. The research demonstrates how font downloads, clipboard sequences, localization tampering, AI prompt poisoning, and crash-report exfiltration can be chained to achieve stealthy persistence and covert data transfer. #REVENANT #Tesseract
Adobe has released a comprehensive security update fixing over 60 vulnerabilities across its software, including critical issues in Adobe Commerce, Substance 3D, Illustrator, Photoshop, and other products. While no active exploits are known, immediate patching is recommended to prevent risks like code execution, DoS, and privilege escalation. #AdobeCommerce #Substance3D #Illustrator #Photoshop…
ENHANCED STEALTH WALLETDRAINER is a malicious NPM package (@kodane/patch-manager) that installs hidden scripts, achieves persistence, connects to a public C2, and drains Solana wallets using a hard-coded RPC and destination address. Analysis suggests the package and documentation were AI-generated to appear legitimate while abusing NPM to spread; notable IOCs include the C2 domain and Solana address. #ENHANCEDSTEALTHWALLETDRAINER
In early 2024, attackers evolved from ClearFake’s fake browser update malware delivery to the more effective ClickFix fake captcha technique, leading to widespread credential theft. This evolution demonstrates sophisticated propagation, social engineering narratives, and technical evasion strategies, including abuse of trusted platforms like Google Scripts and cross-platform payloads. #ClearFake #ClickFix #LummaStealer…
MITRE’s ecosystem provides a comprehensive framework for modeling, detecting, and responding to cyber threats through tools like ATT&CK, D3FEND, and CALDERA. It enhances cybersecurity operations by enabling standardized tactics, techniques, and proactive engagement strategies across different security roles. #MITREATT&CK #D3FEND #CALDERA
SocGholish, operated by TA569, is a Malware-as-a-Service platform that sells access to compromised systems using deceptive fake browser update lures and Traffic Distribution Systems (TDSs) such as Parrot TDS and Keitaro TDS. Its infrastructure supports various financially motivated threat actors, including Russian groups like Evil Corp (DEV-0243) and UNC2165, and is…
ClickFix is a sophisticated social engineering attack that uses advanced evasion techniques and trusted infrastructure to infect victims’ machines. It has quickly replaced previous scams like ClearFake by employing diverse propagation methods and persuasive messaging. #ClickFix #SocialEngineering #GuardioLabs…
Proton fixed a critical bug in its iOS Authenticator app that inadvertently logged TOTP secrets in plaintext, risking exposure if logs were shared. The fix addresses a privacy concern, emphasizing that local log sharing could reveal sensitive multi-factor authentication data. #ProtonAuthenticator #TOTPSecrets #iOSSecurity