Articles tagged "Apple"

Found 78 articles

Homebrew, the popular package manager for macOS, is enhancing its security with the introduction of a new requirement for third-party taps. Starting with version 6.0.0, any tap and its associated formula or cask must be explicitly trusted before the Ruby code is executed. This change aims to mitigate risks associated with running unverified code from external sources, which previously could execute without any restrictions. Official Homebrew taps will remain trusted by default, but users will now have options to manage trust levels for additional taps. This move is significant for users who rely on third-party software, as it adds an extra layer of security against potentially malicious code.

Read Original

This week saw several cybersecurity incidents that highlight ongoing vulnerabilities in various systems. A zero-day vulnerability was discovered in Google Chrome, which could allow attackers to execute arbitrary code. Additionally, exploits affecting UniFi devices were reported, taking advantage of outdated software. Cybercriminals are also utilizing phishing kits that are increasingly easy to rent, making them more accessible to a wider range of attackers. Meanwhile, macOS systems are facing threats from new data-stealing malware, and a flaw in VPN services was identified, potentially exposing user data. These incidents remind users and organizations of the continuous need to update their software and remain vigilant against evolving cyber threats.

Read Original

A new cyber campaign has emerged, targeting cryptocurrency firms through deceptive recruitment tactics and custom malware designed for macOS systems. Researchers from Wiz have identified this threat actor, known as JINX-0164, which employs social engineering to lure victims into downloading malicious software. The malware is tailored to exploit continuous integration and continuous deployment (CI/CD) infrastructures, increasing the risk of digital asset theft for affected organizations. As cryptocurrency firms often handle significant amounts of valuable digital assets, these attacks could lead to substantial financial losses and damage to their reputations. Companies in the crypto space need to be vigilant and enhance their security measures to protect against these sophisticated threats.

Read Original

Apple has released its post-quantum cryptography implementations in an open-source format, allowing researchers to analyze and verify the work. This move aims to safeguard encrypted data against potential future threats posed by quantum computers, which could compromise current public-key encryption methods. The release includes mathematical proofs and verification tools housed in the corecrypto library, which is integral to Apple's operating systems and services. By making this technology accessible for independent evaluation, Apple is fostering transparency and collaboration in the field of cryptography. This is important as quantum computing advances, potentially jeopardizing data security for users across various platforms.

Read Original
Actively Exploited

A new zero-click attack has been discovered that targets WhatsApp accounts on devices running iOS 16. This attack takes advantage of vulnerabilities in the ImageIO framework, specifically identified as CVE-2025-43300, and potentially CVE-2025-55177. By exploiting these flaws, attackers can gain unauthorized access to WhatsApp sessions without any user interaction. This is particularly concerning for users of iOS 16, as it opens the door for unauthorized access to private messages and data. Users should remain vigilant and consider updating their devices as soon as patches are available to mitigate this risk.

Read Original
Critical
FBI Chief Kash Patel’s Clothing Store Hacked in ClickFix Infostealer Attack

Hackread – Cybersecurity News, Data Breaches, AI and More

Actively Exploited

FBI Chief Kash Patel's clothing store fell victim to a ClickFix infostealer attack, which specifically targeted macOS users. The hackers tricked these users into downloading malware that steals sensitive information. This incident raises concerns not only for Patel as a public figure but also for the broader implications of malware targeting retail platforms. Such attacks can lead to significant data breaches, impacting customer trust and potentially leading to financial losses. Users of the compromised store should be vigilant about their personal data and consider reviewing their security measures to prevent similar threats in the future.

Read Original

A newly discovered zero-click attack is targeting WhatsApp accounts on iPhones running iOS 16, allowing attackers to take control of accounts without any user interaction or warning. This means that users can find their accounts sending unauthorized messages, often asking contacts for money transfers, without realizing they’ve been compromised. The attack is particularly concerning because it does not require any linked devices, making it harder for users to identify or prevent the intrusion. As this vulnerability is actively exploited, users of WhatsApp on iOS 16 need to be vigilant and take precautions to protect their accounts. This incident highlights the ongoing challenges of mobile security and the importance of being cautious about unsolicited messages and requests.

Read Original

In 2025, Apple took significant measures to maintain the integrity of its App Store by rejecting over 2 million app submissions. This move was part of a broader strategy to combat security threats and prevent fraud, resulting in the blocking of more than 1.1 billion accounts and the interception of $2.2 billion in potentially fraudulent transactions. The company's stringent review process aims to protect users from malicious apps and scams, ensuring a safer experience on its platform. This action highlights the ongoing challenges in app security and the need for companies to remain vigilant against fraudulent activities. Developers looking to publish apps must adhere to strict security protocols to avoid rejection, which could impact their business operations.

Read Original

Researchers have identified a vulnerability in ExifTool, a widely used tool for reading and writing metadata in image files, that could allow attackers to compromise macOS systems through malicious images. This vulnerability, tracked as CVE-2026-3102, poses a significant risk to users who handle image files, as it enables the execution of harmful code when a malicious image is processed. Users running macOS could be particularly affected, especially those who frequently use ExifTool or similar applications. The implications are serious, as attackers could exploit this flaw to gain unauthorized access to systems, potentially leading to data breaches or other malicious activities. It’s crucial for users to stay informed about this issue and take appropriate steps to protect their systems.

Read Original
Actively Exploited

A new variant of the SHub macOS infostealer has been discovered that tricks users into believing they need to install a security update. Using AppleScript, this malware presents a fake update message, which, when interacted with, leads to the installation of a backdoor on the user's system. This malicious software primarily targets macOS users, potentially compromising their personal information and system integrity. The ability to deceive users with a legitimate-looking update notice makes this variant particularly concerning. It underscores the need for users to be vigilant about unexpected prompts and verify updates directly from Apple's official channels.

Read Original

OpenAI reported that two of its employee devices were compromised due to a supply chain attack linked to TanStack, specifically the Mini Shai-Hulud incident. Fortunately, the company confirmed that no user data, production systems, or intellectual property were altered or stolen during this attack. Upon discovering the malicious activity, OpenAI swiftly initiated an investigation and took measures to contain the situation. This incident underscores the ongoing risks associated with supply chain vulnerabilities, highlighting the need for organizations to remain vigilant against such attacks. While no sensitive information was impacted, the event serves as a reminder of the potential threats lurking in software dependencies.

Read Original
Critical
China-Linked Twill Typhoon Uses Fake Apple and Yahoo Sites for Espionage

Hackread – Cybersecurity News, Data Breaches, AI and More

Actively Exploited

A recent report from Darktrace reveals that a group of Chinese hackers, known as Twill Typhoon, is using counterfeit websites mimicking Apple and Yahoo to conduct espionage. These fake sites are designed to lure unsuspecting users into providing sensitive information, which the attackers can then leverage for spying on various organizations. The hackers are utilizing a malware framework called FDMTP, which further aids their operations. This tactic poses a significant risk to individuals and companies who may mistakenly trust these fraudulent sites, potentially leading to data breaches and compromised security. Organizations are urged to remain vigilant and educate their employees about the dangers of phishing and counterfeit websites.

Read Original

A recent survey conducted by Cybernews found that just 18% of American smartphone users invest in third-party antivirus software. The majority rely on the built-in security features offered by their device manufacturers, such as Microsoft and Apple. This trend raises concerns about the level of protection users are receiving, especially as cyber threats continue to evolve. Many users may believe that the default security measures are sufficient, but this can leave them vulnerable to malware and other attacks. As cybercriminals become more sophisticated, it's crucial for users to understand the risks and consider additional security measures beyond the basics.

Read Original
Critical
Fake macOS Troubleshooting Sites Used to Steal iCloud Data in ClickFix Scam

Hackread – Cybersecurity News, Data Breaches, AI and More

Actively Exploited

Microsoft researchers have identified a new scam called ClickFix that targets macOS users. Attackers are creating fake troubleshooting guides on platforms like Medium and Craft, tricking users into executing Terminal commands that deploy malicious software known as AMOS and SHub Stealer. This malware is designed to steal iCloud data, which can lead to significant personal and financial loss for affected users. The campaign highlights the need for vigilance among macOS users, as these deceptive tactics can easily lure unsuspecting individuals into compromising their personal information. Awareness and skepticism towards unsolicited troubleshooting advice are crucial in protecting one's digital assets.

Read Original

The latest Security Affairs Malware newsletter highlights several emerging cybersecurity threats. One notable mention is Morpheus, a new spyware linked to IPS Intelligence, which poses risks to user privacy and data security. Additionally, the newsletter discusses DarkSword and Coruna, which are targeting vulnerabilities in iPhones, suggesting that even this previously secure platform is now at risk. Another significant threat is the Lotus Wiper, aimed at the energy and utilities sector, indicating a growing trend of cyberattacks on critical infrastructure. Lastly, a new variant of NGate has been reported, showcasing the ever-evolving landscape of malware. These developments emphasize the need for companies and individuals to stay vigilant and update their security measures.

Read Original
PreviousPage 2 of 6Next