Security
Headlines
HeadlinesLatestCVEs

Tag

#mac

Black Friday scammers offer fake gifts from big-name brands to empty bank accounts

Inside a massive malicious ad campaign that mimics brands like LEGO, Lululemon, and Louis Vuitton to trick shoppers into handing over bank details.

Malwarebytes
Open in Source
#web#ios#android#mac#git#java#auth
Matrix Push C2 abuses browser notifications to deliver phishing and malware

Attackers can send highly realistic push notifications through your browser, including fake alerts that can lead to malware or phishing pages.

Shai Hulud npm Worm Impacts 26,000+ Repos in Supply Chain Attack

The Shai Hulud worm's "Second Coming" has compromised over 26,000 public repositories. We detail the attacker's mistake, the target packages, and mandatory security tips.

Amazon Is Using Specialized AI Agents for Deep Bug Hunting

Born out of an internal hackathon, Amazon’s Autonomous Threat Analysis system uses a variety of specialized AI agents to detect weaknesses and propose fixes to the company’s platforms.

Second Sha1-Hulud Wave Affects 25,000+ Repositories via npm Preinstall Credential Theft

Multiple security vendors are sounding the alarm about a second wave of attacks targeting the npm registry in a manner that's reminiscent of the Shai-Hulud attack. The new supply chain campaign, dubbed Sha1-Hulud, has compromised hundreds of npm packages, according to reports from Aikido, HelixGuard, Koi Security, Socket, Step Security, and Wiz. The trojanized npm packages were uploaded to

Fake Prettier Extension on VSCode Marketplace Dropped Anivia Stealer

Cybersecurity firm Checkmarx Zero, in collaboration with Microsoft, removed a malicious 'prettier-vscode-plus' extension from the VSCode Marketplace. The fake coding tool was a Brandjacking attempt designed to deploy Anivia Stealer malware and steal Windows user credentials and data.

⚡ Weekly Recap: Fortinet Exploit, Chrome 0-Day, BadIIS Malware, Record DDoS, SaaS Breach & More

This week saw a lot of new cyber trouble. Hackers hit Fortinet and Chrome with new 0-day bugs. They also broke into supply chains and SaaS tools. Many hid inside trusted apps, browser alerts, and software updates. Big firms like Microsoft, Salesforce, and Google had to react fast — stopping DDoS attacks, blocking bad links, and fixing live flaws. Reports also showed how fast fake news, AI

Critical 7 Zip Vulnerability With Public Exploit Requires Manual Update

A critical security flaw (CVE-2025-11001) in 7-Zip has a public exploit. Learn why this high-risk vulnerability is dangerous and how to manually update to version 25.01 now.

GHSA-jf9p-2fv9-2jp2: thread-amount Vulnerable to Resource Exhaustion (Memory and Handle Leaks) on Windows and macOS

Affected versions of this crate contain resource leaks when querying thread counts on Windows and Apple platforms. ### Windows The `thread_amount` function calls `CreateToolhelp32Snapshot` but fails to close the returned `HANDLE` using `CloseHandle`. Repeated calls to this function will cause the handle count of the process to grow indefinitely, eventually leading to system instability or process termination when the handle limit is reached. ### macOS / iOS The `thread_amount` function calls `task_threads` (via Mach kernel APIs) which allocates memory for the thread list. The function fails to deallocate this memory using `vm_deallocate`. Repeated calls will result in a steady memory leak, eventually causing the process to be killed by the OOM (Out of Memory) killer. ### Impact Long-running applications (such as servers, daemons, or monitoring tools) that use this crate to periodically check thread counts will eventually crash due to resource exhaustion. ### Resources - https://git...

Fake calendar invites are spreading. Here’s how to remove them and prevent more

Calendar spam is a growing problem, often arriving as email attachments or as download links in messaging apps.