Several malicious npm packages have been discovered, capable of harvesting system information and deploying destructive payloads, often masquerading as legitimate tools. These threats highlight ongoing supply chain attacks within open-source repositories, involving threat actors like xuxingfeng and MUT-9332. #xuxingfeng #MUT-9332…
Tag: MACOS
Cyber threats are increasingly complex, layered, and often hidden until they cause damage, emphasizing the need for proactive detection and focused analysis. Recent actions include takedowns of malware infrastructure like Lumma Stealer and DanaBot, and new exploitation techniques such as AI-generated videos and malicious Chrome extensions. #DanaBotDisruption #TikTokMalware #APT28 #ChromeExtensions #StarkIndustries…
A MacOS infostealer disguised as a dylib file named libsystd.dylib was discovered, designed to steal sensitive user data like keychain passwords and SSH configs and upload them to the attacker’s server. The malware uses Objective-C, AES encryption for C2 URLs, Grand Central Dispatch for scheduling, and executes scripts from a command and control server named appleprocesshub[.]com. #libsystd #appleprocesshub #MoonlockLab
![Cybersecurity News | Daily Recap [23 May 2025]](https://www.hendryadrian.com/tweet/image/DailyRecap.png "Cybersecurity News | Daily Recap [23 May 2025]")
This cybersecurity recap highlights law enforcement operations that dismantled major ransomware networks like QakBot, TrickBot, and DanaBot, seizing servers and assets worldwide. It also covers notable exploits, such as Chinese hackers targeting U.S. government agencies with zero-day vulnerabilities, along with emerging malware campaigns using AI-generated content and social engineering tactics. #QakBot #DanaBot
Katz Stealer is a credential-stealing malware as a service that targets browsers, communication apps, crypto wallets, and gaming platforms to exfiltrate sensitive data using sophisticated evasion and injection techniques. Its infection chain involves obfuscated JavaScript and PowerShell scripts, .NET loader payloads, process hollowing, UAC bypass, and geofencing, with detailed YARA and Sigma detection rules available. #KatzStealer #ProcessHollowing #DiscordHijacking #AppBoundEncryption
%20(1).webp "Apple XNU Kernel Flaw Enables Attackers to Escalate Privileges")
Apple has issued critical security updates addressing a high-severity kernel vulnerability (CVE-2025-31219) affecting multiple Apple operating systems. The flaw allows local attackers to escalate privileges and potentially fully compromise affected devices. #CVE-2025-31219 #XNUkernel #AppleSecurityUpdates…
The Latrodectus malware now uses the ClickFix technique for undetectable in-memory execution and is part of a broader threat landscape involving various malware campaigns. These attacks leverage social media platforms like TikTok and fake apps to trick users into executing malicious commands and stealing sensitive information. #Latrodectus #ClickFix #TikTokMalware #LedgerFraud…
Cisco Talos analyzed over 3 million PowerShell network connection logs from June to December 2024, discovering that rare domains contacted by PowerShell were more likely to be malicious than frequently contacted domains. The study also highlighted the importance of analyzing subdomains, as demonstrated by malicious activity found in the ‘raw.githubusercontent.com’ subdomain….
Cybercriminals are leveraging TikTok’s widespread reach and AI-generated videos to trick users into executing PowerShell commands that install Vidar and StealC malware, leading to credential, credit card, and cryptocurrency theft. This campaign highlights the use of automated, social engineering techniques in broad-scale malware distribution, with state-sponsored groups also adopting similar tactics. #Vidar #StealC #ClickFix #TikTokThreats #AIGeneratedVideos
Socket’s Threat Research Team identified an ongoing malicious campaign involving 60 npm packages across three accounts, each embedding a script that collects and exfiltrates detailed network and host information to a Discord webhook. The campaign targets Windows, macOS, and Linux systems, leveraging sandbox evasion to focus on active developer and CI environments, posing a strategic risk for future supply chain attacks. #npm #supplychaincompromise #DiscordWebhook
Cybercriminals are deploying fake Ledger apps on macOS to deceive users and steal their seed phrases, which are vital for accessing cryptocurrency wallets. Recent campaigns have evolved to include sophisticated malware like Odyssey and AMOS that mimic legitimate Ledger interfaces and exfiltrate sensitive recovery information. #Odyssey #AMOS #LedgerSecurity #SeedPhraseTheft
Signal has enhanced its Windows app with a default “screen security” feature to prevent Microsoft’s Recall from capturing screenshots of Signal conversations. This update aims to protect user privacy on Windows 11 devices amid concerns about Recall’s security risks and data privacy implications. #Recall #Signal #Windows11
Socket’s Threat Research Team uncovered a multi-year campaign involving eight malicious npm packages targeting popular JavaScript frameworks like React, Vue.js, and Vite. These packages employ typosquatting, progressive attacks including file deletion, data corruption, and system shutdowns to disrupt developer workflows and production environments. #vite-plugin-bomb #js-hood #quill-image-downloader #js-bomb #xuxingfeng
A global operation disrupted the Lumma malware-as-a-service, seizing thousands of domains and infrastructure to stop its widespread data theft. This coordinated effort involved Microsoft, law enforcement agencies, and cybersecurity companies to weaken Lumma’s operations and slow its malware spread. #LummaStealer #CybercrimeMarketplace
FrigidStealer is a macOS-targeting information-stealing malware that disguises itself as a browser update to exfiltrate sensitive user data, including credentials and cryptocurrency wallets. This article explains its behavior and demonstrates how to detect FrigidStealer using Wazuh custom decoders and rules on macOS endpoints. #FrigidStealer #EvilCorp