Cybersecurity researchers have uncovered a new, notarized version of the MacSync information stealer disguised as a messaging app installer, exploiting Apple’s security measures. This campaign demonstrates evolving evasion techniques, including signing, notarization, and embedding large, seemingly legitimate files to evade detection. #MacSync #MacC0de #AppleSecurity…
Tag: MACOS
![Cybersecurity News | Daily Recap [23 Dec 2025]](https://www.hendryadrian.com/tweet/image/DailyRecap.png "Cybersecurity News | Daily Recap [23 Dec 2025]")
Daily Recap, global cybersecurity incidents disrupted services from banking and postal providers to critical infrastructure, with law enforcement actions and incident responses spanning multiple regions. Highlights include the La Poste DDoS disruption, a guilty plea in the Nefilim ransomware case, BitLocker ransomware affecting Romania’s water agency, and BRICKSTORM backdoor guidance from CISA. #LaPoste #Nefilim
A legitimate open-source tool called Nezha is being exploited by hackers to gain full control over computers through a Remote Access Trojan (RAT). Experts warn that Nezha’s widespread use and ease of deployment make it a significant threat, especially when used to evade detection and maintain persistence. #Nezha #RemoteAccessTrojan…
The latest version of MacSync, a macOS information stealer, is delivered via a signed and notarized Swift application, marking a significant evolution in evasion techniques. Despite its initial valid signature, the certificate was revoked after a report to Apple, highlighting the ongoing threat. #MacSync #Mentalpositive
The MacSync Stealer malware has recently upgraded its delivery method, removing the need for user interaction and employing more sophisticated stealth techniques. This malware, a rebranded version of Mac.c, now uses signed and notarized applications to evade detection and infect macOS devices more effectively. #MacSyncStealer #macOSMalware…
This cybersecurity news roundup highlights recent developments including government strategies, geopolitical risks, and emerging threats in the digital world. Key topics include US private sector offensive cyber plans, Chinese-made power equipment vulnerabilities, and innovative malware threats. #USCyberStrategy #ChinesePowerEquipment…
SentinelLABS assesses that LLMs are accelerating the ransomware lifecycle by increasing speed, volume, and multilingual reach across reconnaissance, phishing, tooling assistance, data triage, and negotiation, while not producing a fundamental change in attacker tactics or novel capabilities. Adversaries are migrating toward self‑hosted, open models (e.g., Ollama) and proof‑of‑concept tools such as Claude Code, PromptLock, MalTerminal, and QUIETVAULT to evade provider guardrails and automate extortion and data theft; #ClaudeCode #QUIETVAULT
CVE-2025-55182 (React2Shell) is a critical pre‑authentication RCE in React Server Components and Next.js that allows attackers to execute arbitrary code on vulnerable servers via a single malicious HTTP request. Microsoft observed exploitation activity beginning December 5, 2025 with real‑world attempts delivering payloads including cryptominers and RATs, impacting both Windows and Linux environments. #React2Shell #XMRig
![Threat Research | Weekly Recap [14 Dec 2025]](https://www.hendryadrian.com/tweet/image/WeeklyRecap.png "Threat Research | Weekly Recap [14 Dec 2025]")
Cybersecurity Threat Research ‘Weekly’ Recap: A critical unauthenticated deserialization RCE in React Server Components (React2Shell, CVE-2025-55182) is being weaponized for mass scanning and arbitrary code execution, prompting patches and WAF/runtime protections while defenders hunt for indicators (MINOCAT, SNOWLIGHT, HISONIC, XMRig). A broad surge of activity across loaders, backdoors, info stealers, phishing, ransomware, and APTs—featuring EtherRAT, GhostPenguin, NANOREMOTE, CastleRAT, ValleyRAT, GrayBravo, AshTag, AshenLepus, Group123, APT31, Salt Typhoon, GOLD_SALEM, Warlock, Makop, 01flip, Storm-0249, and others—underscores supply-chain abuse, credential theft, and geopolitical intrusions.
#React2Shell #CVE-2025-55182 #MINOCAT #SNOWLIGHT #HISONIC #XMRig #EtherRAT #GhostPenguin #NANOREMOTE #CastleRAT #ValleyRAT #GrayBravo #AshTag #AshenLepus #Group123 #APT31 #SaltTyphoon #GOLD_SALEM #Warlock #Makop #01flip #Storm_0249 #FrostBeacon #Shai_Hulud_2_0 #NexusRoute #RTO_Challan #DroidLock #PhantomStealer #AMOSStealer #Banshee #LummaStealer #JSCEAL #NoteGPT #MoneyMount #VSCodeExtensions
Daily Recap, the security landscape today spans zero-day exploits patched in Apple WebKit and active Gogs exploitation affecting hundreds of self-hosted instances, along with critical flaws in Varex Imaging, GDCM, and Johnson Controls iSTAR Ultra impacting medical and industrial systems. The report also highlights Lazarus Group and Ashen Lepus espionage campaigns, major data breaches at Coupang and Pierce County Library, and a surge of malware kits and phishing tools including PyStoreRAT, Agent Tesla, BlackForce, GhostFrame, InboxPrime AI, and DroidLock. #LazarusGroup #AshenLepus #Coupang #PierceCountyLibrary #PyStoreRAT #AgentTesla #BlackForce #GhostFrame #InboxPrimeAI #DroidLock #AppleWebKit #Gogs #VarexImaging #GDCM #JohnsonControls #AshTag
Apple has issued emergency patches for two critical WebKit zero-day vulnerabilities exploited in targeted, highly sophisticated attacks on specific individuals. These vulnerabilities, tracked as CVE-2025-43529 and CVE-2025-14174, affected various Apple devices and were also addressed by Google Chrome in coordination with Apple. #WebKitVulnerabilities #TargetedAttacks
Apple has released security updates for multiple platforms to fix two critical vulnerabilities in WebKit that have been exploited in the wild, including one previously patched by Google Chrome. These flaws are believed to have been used in targeted spyware attacks, affecting a wide range of Apple devices and browsers. #WebKitVulnerabilities…
This week’s cybersecurity roundup highlights emerging threats such as the PromptPwnd attack exploiting AI models and the US Pentagon’s push towards post-quantum cryptography. It also covers international efforts to combat GPU smuggling, industry investments, and malware targeting Android devices. #PromptPwnd #SaltTyphoon…
Daily Recap, authorities pursue a broad set of cybercrime actions—from Myanmar digital arrest-fraud charges and Accenture fraud to FedRAMP-related contractor concerns and indictments targeting Russian-linked hacktivists. The recap also flags data breaches and privacy risks at Pierce County Library, LastPass fines, Petco Vetco exposure, doorbell and camera privacy debates, and widespread vulnerabilities and malware activity including NANOREMOTE, BRICKSTORM, Mirai, CastleLoader, Spiderman Phishing, DroidLock, and large Docker Hub credential leaks.
#NANOREMOTE #BRICKSTORM #WarpPanda #LastPass #PierceLibrary #Petco #Vetco #DroidLock #CastleLoader #SpidermanPhishing #DockerHub #Mirai
-1200x630.webp "A High Severity WebAssembly Boundary Condition Vulnerability in Firefox CVE-2025-13016")
A subtle pointer-arithmetic bug in Firefox’s WebAssembly implementation (CVE-2025-13016) caused a stack buffer overflow that could enable arbitrary code execution in Firefox releases 143–144 and early 145 and in ESR 140.0–140.4, potentially affecting over 180 million users. The flaw, introduced April 7, 2025, survived code review and a regression test and…