SecurityWeek

North Korean Hackers Use AppleScript, ClickFix in Fresh macOS Attacks

North Korean hackers used AppleScript and ClickFix in recent attacks targeting macOS systems at financial organizations.

macOS ClickFix attacks deliver AppleScript stealers to snarf credentials, wallets

A ClickFix campaign targeting macOS users delivers an AppleScript-based infostealer that collects credentials and live ...
Microsoft

Dissecting Sapphire Sleet’s macOS intrusion from lure to compromise

The Microsoft Defender Security Research Team uncovered a sophisticated macOS intrusion campaign attributed to the North ...
Dark Reading

North Korea Uses ClickFix to Target macOS Users' Data

North Korea's Sapphire Sleet uses fake job offers and phony Zoom updates to deliver ClickFix attacks that steal credentials ...
Infosecurity Magazine

MacOS Native Tools Enable Stealthy Enterprise Attacks

A growing range of native macOS features are being repurposed by attackers to execute code, move laterally and evade ...
The Hacker News

Obsidian Plugin Abuse Delivers PHANTOMPULSE RAT in Targeted Finance, Crypto Attacks

PHANTOMPULSE spreads via Obsidian plugin abuse in REF6598 campaign, targeting finance and crypto users, bypassing AV controls ...

Anthropic’s Claude can now control your Mac, escalating the fight to build AI agents that actually do work

Anthropic has given Claude the ability to control a Mac, marking a major step in the AI agent race and raising new questions about automation, reliability, and security.
Blockonomi

Cybercriminals Weaponize Obsidian Plugins in Sophisticated Crypto Malware Campaign

Cybercriminals exploit Obsidian Plugins to deploy PHANTOMPULSE malware, targeting crypto users via LinkedIn and Telegram in ...
CSO Online

New ClickFix variant bypasses Apple safeguards with one‑click script execution

Jamf finds a ClickFix variant that swaps copy-paste Terminal lures for Script Editor execution, tightening delivery of Atomic ...

Mac Script Editor becomes new entry point for ClickFix malware

ClickFix attacks targeting Mac users now use Script Editor instead of Terminal, a shift that sidesteps Apple's latest protections and streamlines the attack.

Security Bite: ClickFix malware authors already bypassing Apple’s new Terminal paste warning

Mac Security Bite is exclusively brought to you by Mosyle, the only Apple Unified Platform. Making Apple devices work-ready ...

"ClickFix" attacks on macOS now also via Script Editor

An ongoing malware campaign is using Apple's Script Editor instead of the Terminal to inject the Atomic Stealer data thief onto Macs.