New PamStealer Malware Targets macOS Users via Fake Maccy Clipboard App
The newly spotted PamStealer is spreading through a fake Maccy clipboard app and steal Mac passwords, browser data and clipboard content.
The newly spotted PamStealer is spreading through a fake Maccy clipboard app and steal Mac passwords, browser data and clipboard content.
Two new models from Chinese firms compete with top US mainstream and frontier models. Should cyber-defenders be worried?
AdaptHealth, a publicly traded healthcare company that provides home medical equipment, diabetes supplies, and sleep therapy products, has informed the […] The post AdaptHealth Reports Material Cybersecurity Incident and Theft of Patient Data appeared first on The HIPAA Journal.
A new report from the Citizen Lab has revealed that former Member of the European Parliament Stelios Kouloglou had his mobile device repeatedly hacked with the notorious Pegasus spyware while serving on a committee that was tasked with investigating the abuse of such commercial s…
Cybersecurity researchers have flagged a new macOS information stealer called PamStealer that employs a series of clever tricks to infect systems and siphon sensitive data. The stealer, discovered by Jamf Threat Labs, is distributed as a compiled AppleScript (.scpt) file imperso…
The discovery underscores the increased effort being poured into Mac infostealers.
After gaining a foothold in thousands of Fortinet firewalls, the attackers are starting to monetize that access, and are also piling on a Nextcloud zero-day bug.
Google has significantly degraded NetNut, one of the biggest networks that turns home devices into rented relays for other people's traffic. Working with the FBI, Lumen, and others, Google's Threat Intelligence Group (GTIG) said this week it had reduced the network's pool of usa…
Threat actors associated with the Anubis ransomware operation have been observed exploiting the Citrix Bleed 2 (CVE-2025-5777) vulnerability to obtain initial access. "Although tactics differ between affiliates, common patterns emerged in tradecraft through use of legitimate Rem…
The ransomware campaign relies on basic social engineering and stretches across multiple regions, including the US, Europe, Middle East, and elsewhere.
FortiBleed, the Fortinet credential theft campaign, is now connected to INC Ransom and Lynx, with a Nextcloud zero-day vulnerability also under investigation.
This week’s security news is mostly about weak spots. Browsers, bots, sandboxes, AI systems, and email flows all show the same problem in different ways. Everything looks normal until someone tests a small gap and finds a way through. This is not one big break. It is small perm…
ConsentFix and ClickFix attacks steal Microsoft 365 tokens in seconds using fake prompts and OAuth flows. Learn how these MFA bypass tactics work and how to defend against them. [...]
ClickFix Social Engineering Technique is the Leading Method for Malware Delivery The HIPAA Journal
The ClickFix social engineering technique is the leading method of malware delivery, according to an analysis by researchers at ReliaQuest. […] The post ClickFix Social Engineering Technique is the Leading Method for Malware Delivery appeared first on The HIPAA Journal.
The threat actor known as ToddyCat has been attributed to a new malware called Umbrij that's designed to gain surreptitious access to a victim's email correspondence via the Google API. "In this campaign, the attackers focused their attention on corporate email communications ho…
Cisco confirmed that attackers are now exploiting a Unified Communications Manager (Unified CM) vulnerability patched in early June. [...]
CISA warned on Wednesday that attackers have begun exploiting a high-severity Microsoft SharePoint remote code execution vulnerability patched in May. [...]
Opera has introduced Paste Protect, a security feature designed to block ClickFix-style attacks that trick users into executing malicious commands through social engineering. [...]
A new Sysdig report traces how an LLM agent abused a Langflow flaw, stole credentials, reached production MySQL, and destroyed Nacos config data in minutes flat.