New macOS ClickFix attack silently mounts DMGs to push infostealer

A new macOS ClickFix campaign is using Terminal commands to silently download, mount, and launch info-stealing malware from ...
Crowdfund Insider

Malware Attacks on SMBs Surging, Now Increasingly Disguised as AI Services : Research

Cybersecurity firm Kaspersky has documented a sharp increase in malware campaigns targeting small and medium-sized businesses (SMBs) that impersonate popular ...
Bleeping Computer

New IronWorm malware hits 36 packages in npm supply-chain attack

A new supply-chain attack has infected 36 packages on the Node Package Manager (npm) index with infostealer malware called IronWorm. The malware targets 86 environment variables (key-value pairs) and ...
CoinTelegraph

‘TrapDoor’ malware targets crypto dev tools in supply chain attack

Socket says a campaign of malicious packages is aiming to steal crypto and is injecting hidden instructions that hijack popular AI coding assistants. An active supply chain attack is targeting crypto ...
TechCrunch

FBI says Iranian hackers are using Telegram to steal data in malware attacks

Iranian government hackers are using Telegram as a way to steal data from hacked dissidents, opposition groups, and journalists who oppose the regime around the world, according to an FBI alert ...
CSOonline

New ‘StoatWaffle’ malware auto‑executes attacks on developers

The newly observed malware abuses VS Code’s “runOn:folderOpen” feature to execute automatically from trusted projects, enabling near-frictionless compromise. A newly disclosed malware strain dubbed ...