apple

New macOS Stealer Campaign Uses Script Editor in ClickFix Attack

A new macOS malware campaign delivering the Atomic Stealer exploits the built-in Script Editor app via a variation of the ClickFix attack, tricking users into running malicious scripts without manual Terminal interaction. The attack uses fake Apple-themed websites that launch Script Editor with pre-filled code to download and execute obfuscated payloads, targeting sensitive data such as Keychain items, browser passwords, and cryptocurrency wallets. Mac users are advised to treat Script Editor prompts with caution and rely only on official Apple documentation for system guidance.

https://www.bleepingcomputer.com/news/security/new-macos-stealer-campaign-uses-script-editor-in-clickfix-attack/

Apple Pushes First Background Security Improvements Update to Fix WebKit Flaw

Apple has released its first Background Security Improvements update to fix a WebKit vulnerability (CVE-2026-20643) affecting iPhones, iPads, and Macs without requiring a full OS upgrade. This update addresses a cross-origin flaw in the Navigation API through improved input validation and demonstrates Apple’s new ability to deliver small, out-of-band security patches in the background to enhance device security between major software releases.

https://www.bleepingcomputer.com/news/security/apple-pushes-first-background-security-improvements-update-to-fix-webkit-flaw/

Malicious OpenClaw Skills Used to Distribute Atomic macOS Stealer

A new variant of Atomic macOS Stealer (AMOS) is being distributed through malicious OpenClaw skills, exploiting AI agentic workflows to trick users into installing the malware. The malware, disguised as a harmless skill, uses a fake dialogue box to request the user’s password and then exfiltrates sensitive data, including Apple and KeePass keychains, user documents, and system information. TrendAI™ Managed Detection and Response (MDR) customers are protected from this threat.

https://www.trendmicro.com/en_us/research/26/b/openclaw-skills-used-to-distribute-atomic-macos-stealer.html

Apple Pay Phish Uses Fake Support Calls to Steal Payment Details

Apple Pay phishing campaign hijacks user information through fake support calls. Victims receive emails mimicking Apple alerts about unauthorized transactions, prompting them to call provided numbers. Scammers impersonate Apple agents, extracting sensitive data like Apple ID verification codes and payment details under false pretenses. Users are advised to avoid sharing 2FA codes, scrutinize sender addresses, and verify communications independently.

https://www.malwarebytes.com/blog/news/2026/02/apple-pay-phish-uses-fake-support-calls-to-steal-payment-details

A New Apple Pay Scam Is Hitting Millions

A new Apple Pay scam is targeting users by claiming suspicious transactions were blocked and urging them to call a fraudulent number. These messages, which appear official, aim to trick victims into revealing personal information. To stay safe, users should ignore such messages, verify sender details, and contact Apple directly through their website if concerned.

https://www.techradar.com/computing/cyber-security/a-new-apple-pay-scam-is-hitting-millions-heres-how-to-spot-fake-unusual-activity-messages-before-its-too-late

New MacSync Stealer Malware Attacking macOS Users Using Digitally Signed Apps

New MacSync Stealer malware targets macOS users via digitally signed apps, operating silently unlike older versions. Disguised as a legitimate installer, it steals sensitive information after installation. The malware can bypass macOS security due to being signed with Apple’s Developer ID. Researchers noted a shift from requiring user action to automated processes, complicating detection. Following its identification, the malicious ID was reported and revoked by Apple.

https://cybersecuritynews.com/new-macsync-stealer-malware/

Apple Sends New Round of Cyber Threat Notifications to Users in 84 Countries

Apple and Google issued cyber threat notifications to users across 84 countries, warning about potential spyware targeting. Apple noted over 150 countries informed in total, while Google highlighted specific threats from Intellexa spyware affecting hundreds of accounts in nations like Pakistan and Egypt. This move seeks to enhance user protection and may prompt investigations into spyware activities.

https://www.reuters.com/technology/apple-sent-new-round-cyber-threat-notifications-users-84-countries-2025-12-05/

Google’s AI ‘Big Sleep’ Finds 5 New Vulnerabilities in Apple’s Safari WebKit

Google's AI “Big Sleep” found five vulnerabilities in Apple's Safari WebKit, potentially leading to crashes or memory corruption. Apple released patches in iOS 26.1, iPadOS 26.1, and other systems to address these issues. Big Sleep is part of a Google initiative for automated vulnerability discovery, having previously identified risks in other software. Keeping devices updated is recommended for optimal security.

https://thehackernews.com/2025/11/googles-ai-big-sleep-finds-5-new.html

Large-Scale Attack Targeting Macs Via GitHub Pages Impersonating Companies to Attempt to Deliver Stealer Malware

TLDR: A large-scale cyberattack targets Mac users through fake GitHub pages impersonating companies, promoting the installation of an infostealer malware called Atomic. The malicious sites use SEO tactics to appear high in search results, redirecting users to download malware after entering commands. LastPass has taken down some fraudulent sites and continues to monitor the situation.

https://blog.lastpass.com/posts/attack-targeting-macs-via-github-pages

Can You Really Trust That Permission Pop-Up On macOS? (CVE-2025-31250)

macOS vulnerability CVE-2025-31250 allows apps to spoof permission prompts, misleading users into granting access to the wrong application. Correctly patched in macOS Sequoia 15.5, earlier versions like Ventura and Sonoma remain unaddressed. The flaw arises from incorrect handling in the TCC framework's request logic, permitting consent responses for one app while displaying prompts for another. While exploiting this requires user interaction, it poses significant risks, particularly for high-access applications like Microphone and Camera. Apple has responded slowly to the issue, but recent updates appear to address the vulnerability, enhancing overall security.

https://wts.dev/posts/tcc-who/

Apple Fixes Two Zero-days Exploited in Targeted iPhone Attacks

Apple patched two zero-day vulnerabilities in iPhones, affecting several operating systems, after reports of exploitation in targeted attacks. The flaws, found in CoreAudio and RPAC, allow remote code execution and bypass security features. Users are urged to update their devices immediately. This marks the fifth zero-day fix from Apple this year.

https://www.bleepingcomputer.com/news/security/apple-fixes-two-zero-days-exploited-in-targeted-iphone-attacks/

Phishing Platform ‘Lucid’ Behind Wave of iOS, Android SMS Attacks

Phishing platform ‘Lucid,' operated by the XinXin group, targets 169 entities across 88 countries using iMessage and RCS for SMS attacks. Sold on a subscription model, it provides phishing domains and tools to attackers. Lucid sends 100,000 smishing messages daily, bypassing spam filters with encrypted messaging tech. The operation employs device farms and impersonates legitimate services to steal personal data, including financial information, often demonstrating ease of use through public videos.

https://www.bleepingcomputer.com/news/security/phishing-platform-lucid-behind-wave-of-ios-android-sms-attacks/

Scroll to Top