ClickFix Campaigns Spread MacSync macOS Infostealer Via Fake AI Tool Installers

, , ,

Multiple ClickFix campaigns have been identified spreading the MacSync macOS information stealer through fake AI tool installers that trick users into running malicious Terminal commands. These campaigns leverage malvertising and social engineering, often using trusted platforms and search ads to lure victims, with recent variants employing advanced evasion techniques to harvest sensitive data like credentials and cryptocurrency wallet seed phrases. Security experts warn that these evolving tactics exploit developers’ trust in command-line installs and have been adopted by multiple threat actors targeting both macOS and Windows environments.

https://thehackernews.com/2026/03/clickfix-campaigns-spread-macsync-macos.html

Face Value: What It Takes to Fool Facial Recognition

, ,

ESET Global Cybersecurity Advisor Jake Moore demonstrated how widely-used facial recognition systems can be fooled using modified smart glasses for real-time identification, AI-generated fake faces to bypass bank identity verification, and face swap technology to evade police watchlists. His experiments reveal significant vulnerabilities in facial recognition technology that is increasingly trusted for security, highlighting the need for these systems to be rigorously tested against such attacks. Moore will present these findings live at RSAC 2026 to raise awareness about the risks of relying solely on facial biometrics for identity verification.

https://www.welivesecurity.com/en/privacy/face-value-what-takes-fool-facial-recognition/

The Who, What, and Why of the Attack That Has Shut Down Stryker’s Windows Network

, , ,

Stryker, a major multinational medical device supplier, confirmed a cyberattack that disrupted much of its Microsoft network, with a hacking group called Handala Hack—linked to the Iranian government—claiming responsibility. The attack, suspected to have involved remote wiping of devices via Microsoft’s InTune tool rather than typical malware, followed recent US and Israeli airstrikes on Iran, suggesting retaliation through cyber means. Despite the disruption, Stryker’s critical medical devices remain operational, though the company has not yet provided a timeline for full recovery.

https://arstechnica.com/security/2026/03/whats-known-about-wiper-attack-on-stryker-a-major-supplier-of-lifesaving-devices/

Iran-Backed Hackers Claim Wiper Attack on Medtech Firm Stryker

, ,

Iran-linked hacktivist group Handala claims responsibility for a data-wiping attack on Stryker, a major medical technology company. The attack forced the shutdown of Stryker's global operations, impacting over 200,000 devices and disrupting supply chains for healthcare providers. The group stated the action was retaliation for a missile strike in Iran that killed many civilians. The incident has raised concerns about cybersecurity in the healthcare sector, as hospitals consider disconnecting from Stryker's services amid the attack.

https://krebsonsecurity.com/2026/03/iran-backed-hackers-claim-wiper-attack-on-medtech-firm-stryker/

Law Enforcement Shuts Down Botnet Made of Tens of Thousands of Hacked Routers

Global law enforcement shut down the SocksEscort botnet, compromising 369,000 routers, facilitating crimes like bank hacks and fraudulent claims, costing millions. The criminal service offered proxy access to hacked devices. The botnet posed significant threats, with many victims in the US and UK.

https://techcrunch.com/2026/03/12/law-enforcement-shuts-down-botnet-made-of-tens-of-thousands-of-hacked-routers/

How We Hacked McKinsey’s AI Platform

, ,

CodeWall's autonomous agent hacked McKinsey's AI platform, Lilli, by exploiting a publicly exposed SQL injection vulnerability, gaining access to sensitive data including 46.5 million chat messages, 728,000 files, and 57,000 user accounts. The agent demonstrated that AI prompts are valuable targets and highlighted security failures in a prestigious firm's system that should have been protected.

https://codewall.ai/blog/how-we-hacked-mckinseys-ai-platform

After Outages, Amazon to Make Senior Engineers Sign Off on AI-assisted Changes

, ,

Amazon is experiencing a trend of outages, some linked to AI coding tools, prompting a meeting with engineers to address the issue. The company will require a senior engineer's sign-off for AI-assisted changes and focus on improving website availability. AWS also experienced incidents involving AI coding assistants, including a 13-hour interruption of a cost calculator.

https://arstechnica.com/ai/2026/03/after-outages-amazon-to-make-senior-engineers-sign-off-on-ai-assisted-changes/

Top Dark Web Telegram Groups & Channels (2026)

,

Telegram has become a significant platform for cybercriminal activity, with its features attracting threat actors. Key categories of dark Telegram channels include credential dumps, financial fraud, hacktivism, and ransomware announcements. Effective monitoring requires automated tools and context-aware analysis, avoiding manual approaches for scalability. Legal considerations vary, but organizations can generally monitor these channels without engaging in illicit activities. The landscape has shifted due to AI moderation on Telegram, prompting criminals to migrate to other platforms, making comprehensive monitoring essential.

https://www.dexpose.io/dark-web-telegram-groups-channels/

Anthropic Finds 22 Firefox Vulnerabilities Using Claude Opus 4.6 AI Model

, , ,

Anthropic identified 22 vulnerabilities in Firefox using its AI model, Claude Opus 4.6. Among these, 14 are high severity, discovering a significant number of issues addressed in Firefox 148. The model's efficiency in finding issues, compared to creating exploits, raises security concerns, highlighting AI's role in enhancing browser security. Mozilla reported additional vulnerabilities found through this collaboration, showcasing the benefits of AI-assisted analysis for continuous improvement in security.

https://thehackernews.com/2026/03/anthropic-finds-22-firefox.html

One Click on This Fake Google Meet Update Can Give Attackers Control of Your PC

,

Fake Google Meet update pages can give attackers control of your Windows PC with one click. This phishing attack uses a legitimate Windows feature for device enrollment, allowing control without malware or stolen credentials, bypassing typical security checks. Victims should check their device settings for unauthorized enrollments and disconnect if necessary.

https://www.malwarebytes.com/blog/threat-intel/2026/03/one-click-on-this-fake-google-meet-update-can-give-attackers-control-of-your-pc

InstallFix: Weaponizing Malvertized Install Guides

, ,

Attackers are using a technique called InstallFix, a social engineering attack where they clone installation pages of legitimate CLI tools and present victims with malicious install commands disguised as the real thing. This technique is particularly effective because it exploits the common practice of copying and pasting installation commands from websites, bypassing traditional security controls like email filtering. The attackers are using malvertising, specifically sponsored search results on Google, to distribute these fake installation pages, targeting popular tools like Claude Code.

https://pushsecurity.com/blog/installfix/

Vulnerability Landscape in Q4 2025

,

Q4 2025 saw a surge in high-profile vulnerability disclosures, with attackers exploiting several critical flaws in popular libraries and applications. The most prevalent exploits targeted Microsoft Office products and directory traversal vulnerabilities in WinRAR, highlighting the importance of timely security updates. Additionally, a significant increase in Linux-based exploit attempts underscores the need for robust security measures on these devices.

https://securelist.com/vulnerabilities-and-exploits-in-q4-2025/119105/

Microsoft Reveals ClickFix Campaign Using Windows Terminal to Deploy Lumma Stealer

, , , ,

Microsoft revealed a new phishing campaign, ClickFix, using Windows Terminal to deploy Lumma Stealer malware. The campaign tricks users into executing commands via a trusted app, bypassing detection methods aimed at the Run dialog. It executes a multi-stage attack: downloading and extracting malicious scripts, collecting credentials from browsers, and establishing persistence. The malware targets sensitive data, emphasizing the risks of social engineering tactics in cybersecurity.

https://thehackernews.com/2026/03/microsoft-reveals-clickfix-campaign.html

Coruna: The Mysterious Journey of a Powerful iOS Exploit Kit

, , ,

Google's Threat Intelligence Group identified a new iOS exploit kit, “Coruna,” targeting iPhone models from iOS 13.0 to 17.2.1. Coruna comprises five exploit chains and uses advanced techniques to bypass mitigations. It was initially discovered with links to commercial surveillance, later leveraged by Russian espionage and Chinese financial criminals. Users are urged to update their devices to the latest iOS version or enable Lockdown Mode for security. The kit features sophisticated mechanisms for targeting and data theft, indicating a growing market for reused zero-day exploits.

https://cloud.google.com/blog/topics/threat-intelligence/coruna-powerful-ios-exploit-kit

APT36: a Nightmare of Vibeware

, ,

APT36, known as Transparent Tribe, shifts from conventional malware to “vibeware,” an AI-generated model producing numerous low-quality implants using niche languages like Nim, Zig, and Crystal. This evolution aims to evade detection and employs trusted cloud services for command and control. Despite technical flaws leading to ineffective malware, this model's production volume overwhelms defenses, indicating a trend towards automated, high-volume cyberattacks. Their targeted attacks focus on the Indian government, utilizing sophisticated social engineering tactics and established frameworks alongside new, poorly coded variants. Overall, APT36 embraces a strategy of integrating AI into malware design, resulting in mass-produced threats lacking true innovation but full of operational risk.

https://businessinsights.bitdefender.com/apt36-nightmare-vibeware

Scroll to Top