A new macOS stealer by MentalPositive has been identified targeting Ledger Live users in 2025, potentially representing a variant of the 2023 Atomic macOS Stealer (AMOS). This new malware exhibits similarities in credential and crypto wallet theft but uses different programming languages and introduces unique build IDs for campaign management. #MentalPositive #AMOS #LedgerLive
Tag: MACOS
Google has released security updates addressing a zero-day vulnerability in Chrome, which has an exploit actively used in the wild. The vulnerability involves a type confusion flaw in the V8 engine that could enable remote code execution and targeted attacks. #CVE-2025-6554 #V8JavaScriptEngine…
Google has released a Chrome update to fix a high-severity vulnerability, CVE-2025-6554, which is actively exploited in the wild. The bug involves a type confusion issue in the V8 JavaScript engine and could allow remote code execution. #CVE-2025-6554 #V8JavaScriptEngine…
![Threat Research | Weekly Recap [29 Jun 2025]](https://www.hendryadrian.com/tweet/image/cybersecuritynews.png "Threat Research | Weekly Recap [29 Jun 2025]")
This week’s cybersecurity recap highlights sophisticated state-sponsored espionage campaigns by North Korea and Iran, targeting financial, technological, and critical infrastructure sectors globally. Additionally, emerging malware, supply chain attacks, and phishing campaigns continue to evolve, including AI-related threats using prompt injection techniques. #APT38 #IranianCyberThreats #ContagiousInterview #CVE-2025-5777 #RapperBot
North Korean threat actor Lazarus Group and its financially motivated subgroup APT38 (Bluenoroff) have conducted extensive cyberattacks targeting financial institutions worldwide, including the notable 2016 Bangladesh Bank heist. The malware family Cosmic Rust, associated with APT38, targets macOS and communicates with known command and control servers, aiding threat hunting efforts using identified IPs and domains. #LazarusGroup #APT38 #CosmicRust
![Cybersecurity News | Daily Recap [27 Jun 2025]](https://www.hendryadrian.com/tweet/image/DailyRecap.png "Cybersecurity News | Daily Recap [27 Jun 2025]")
Recent cybersecurity developments include massive data breaches affecting millions, such as Ahold Delhaize and UNFI, alongside sophisticated malware campaigns like PUBLOAD and Sainbox RAT targeting Asian organizations. Key threat actors like Mustang Panda, Hive0154, and North Korea’s BlueNoroff continue to exploit vulnerabilities and conduct social engineering fraud, while nations enhance cyber defense policies, notably in NATO and the US. #AholdDelhaizeBreach #MustangPanda #BlueNoroff
North Korean hacking group BlueNoroff is employing deepfakes and social engineering techniques via Zoom calls to steal cryptocurrency and infect macOS devices with malware. This sophisticated campaign targets company employees through impersonation, deepfake meetings, and malicious links, highlighting a rising threat to macOS security. #BlueNoroff #DeepfakeScams…
The rise of ClickFix social engineering attacks, which manipulate fake CAPTCHA verifications, has led to a significant increase in malicious payload delivery worldwide. Threat actors are expanding their tactics with new methods like FileFix and deploying sophisticated phishing campaigns targeting various organizations and platforms. #ClickFix #FileFix #PhishingCampaigns…
The Socket Threat Research Team uncovered an ongoing North Korean supply chain attack using typosquatted npm packages to distribute multi-stage malware including HexEval Loader, BeaverTail, and InvisibleFerret. The threat actors use social engineering on LinkedIn to lure developers into executing malicious code, enabling persistent infostealing and keylogging capabilities. #ContagiousInterview #HexEval #BeaverTail #InvisibleFerret
Elastic’s TRADE team analyzed OAuth phishing attacks targeting Microsoft Entra ID, inspired by Volexity’s findings on UTA0352 threat actor exploiting OAuth workflows to access Microsoft 365 resources. Their research includes hands-on emulation of attacks, revealing token abuse mechanics, device registration, and detection strategies to mitigate such identity-based threats. #UTA0352 #MicrosoftEntraID #ROADtools
A new North Korea-led campaign exploits malicious npm packages to infect developers’ devices with infostealers and backdoors. This ongoing operation involves sophisticated social engineering tactics and multiple payloads targeting software engineers. #NorthKorea #npm #Infostealers #Backdoors #CyberEspionage
Cybersecurity researchers revealed two security flaws in SAP GUI that stored sensitive input history insecurely, potentially exposing personal data. These vulnerabilities have been patched, but they highlight ongoing risks in local data storage mechanisms. #SAPGUI #CVE2025-0055 #CVE2025-0056…
Researchers identified a threat actor cluster named CL-CRI-1014 targeting financial institutions in Africa using open-source tools like PoshC2, Chisel, and Classroom Spy to gain initial access and sell it on dark web markets. The attackers employ evasion techniques such as forging legitimate file signatures and disguising malware to maintain persistence and…
The malicious Python package psslib, published by threat actor umaraq, masquerades as a password security tool but forces immediate Windows system shutdowns upon incorrect password entry. This typosquatting attack targets developers relying on the legitimate passlib library and highlights risks in software supply chains. #psslib #umaraq #passlib
Recent cybersecurity developments highlight nation-state cyber espionage campaigns, including Russian APT28 targeting Ukraine and Chinese Salt Typhoon exploiting CVE-2023-20198 to attack Canadian telecoms. The report also details significant ransomware breaches such as Disneyland Paris and Michigan’s McLaren Health Care, alongside emerging malware threats like XDigo and UMBRELLA STAND, emphasizing evolving attack vectors and vulnerabilities. #APT28 #SaltTyphoon #AnubisRansomware #XDigoMalware #UMBRELLASTAND