Security News

Eight vulnerabilities have been uncovered in Microsoft applications for macOS that an adversary could exploit to gain elevated privileges or access sensitive data by circumventing the operating...

Users of Chinese instant messaging apps like DingTalk and WeChat are the target of an Apple macOS version of a backdoor named HZ RAT. The artifacts "almost exactly replicate the functionality of...

Cybersecurity researchers have uncovered a new information stealer that's designed to target Apple macOS hosts and harvest a wide range of information, underscoring how threat actors are...

Cybersecurity researchers have uncovered a new macOS malware strain dubbed TodoSwift that they say exhibits commonalities with known malicious software used by North Korean hacking groups. "This application shares several behaviors with malware we've seen that originated in North Korea - specifically the threat actor known as BlueNoroff - such as KANDYKORN and RustBucket," Kandji security researcher Christopher Lopez said in an analysis.

Vulnerabilities in popular Microsoft apps for macOS can be abused by attackers to record video and audio clips, take pictures, access and exfiltrate data and send emails, Cisco Talos researchers have discovered. Library injection vulnerabilities in Microsoft apps for macOS. The flaws - CVE-2024-41138, CVE-2024-41145, CVE-2024-41159, CVE-2024-42004, CVE-2024-41165, CVE-2024-43106, CVE-2024-39804 and CVE-2024-42220 - have been found in Microsoft Teams, OneNote, Outlook, Word, Excel and Powerpoint for macOS. They allow attackers to inject specially crafted libraries so they can assume the vulnerable apps' entitlements and the permissions they've been granted by users.

Cisco Talos says eight vulnerabilities in Microsoft's macOS apps could be abused by nefarious types to record video and sound from a user's device, access sensitive data, log user input, and escalate privileges. For users familiar with macOS, it's what's responsible for requesting your permission to run new apps, and displays prompts when those apps want to access sensitive stores such as contacts, photos, webcams, etc.

Intel471's new report reveals macOS is increasingly targeted by threat actors, who develop specific malware for the operating system or use cross-platform languages to achieve their goals on macOS computers. More malware than ever on macOS. Between January 2023 and July 2024, the researchers observed more than 40 threat actors targeting macOS systems with different malware types, the most popular being infostealers and trojans.

Cybersecurity researchers have uncovered new stealer malware that's designed to specifically target Apple macOS systems. Dubbed Banshee Stealer, it's offered for sale in the cybercrime underground...

Cybersecurity researchers have discovered a new "0.0.0.0 Day" impacting all major web browsers that malicious websites could take advantage of to breach local networks. The critical vulnerability "Exposes a fundamental flaw in how browsers handle network requests, potentially granting malicious actors access to sensitive services running on local devices," Oligo Security researcher Avi Lumelsky said.

Apple's macOS Sequoia, now in beta testing, will make it harder to bypass Gatekeeper warnings and add system alerts for potential stalkerware threats. [...]