New MacSync malware dropper evades macOS Gatekeeper checks

The latest variant of the MacSync information stealer targeting macOS systems is delivered through a digitally signed, notarized Swift application. Security researchers at Apple device management platform Jamf say that the distribution method constitutes a significant evolution from past iterations that used less sophisticated “drag-to-Terminal” or ClickFix tactics. “Delivered as a code-signed and notarized Swift application within […]

Apple fixes two zero-day flaws exploited in ‘sophisticated’ attacks

Apple has released emergency updates to patch two zero-day vulnerabilities that were exploited in an “extremely sophisticated attack” targeting specific individuals. The zero-days are tracked as CVE-2025-43529 and CVE-2025-14174 and were both issued in response to the same reported exploitation. “Apple is aware of a report that this issue may have been exploited in an […]

Google enables Pixel-to-iPhone file sharing via Quick Share, AirDrop

Google has added interoperability support between Android Quick Share and Apple AirDrop, to let users share files between Pixel devices and iPhones. For now, only Pixel 10-series devices support the new data transmission and reception capability, but more Android models will follow. Quick Share (formerly Nearby Share) is Android’s built-in wireless file-sharing system for sending media, […]

Google ads for fake Homebrew, LogMeIn sites push infostealers

A new malicious campaign is targeting macOS developers with fake Homebrew, LogMeIn, and TradingView platforms that deliver infostealing malware like AMOS (Atomic macOS Stealer) and Odyssey. The campaign employs “ClickFix” techniques where targets are tricked into executing commands in Terminal, infecting themselves with malware. Homebrew is a popular open-source package management system that makes it easier to install […]

Microsoft warns of new XCSSET macOS malware variant targeting Xcode devs

Microsoft Threat Intelligence reports that a new variant of the XCSSET macOS malware has been detected in limited attacks, incorporating several new features, including enhanced browser targeting, clipboard hijacking, and improved persistence mechanisms. XCSSET is a modular macOS malware that acts as an infostealer and cryptocurrency stealer, stealing Notes, cryptocurrency wallets, and browser data from […]

Apple fixes new zero-day flaw exploited in targeted attacks

Apple has released emergency updates to patch another zero-day vulnerability that was exploited in an “extremely sophisticated attack.” Tracked as CVE-2025-43300, this security flaw is caused by an out-of-bounds write weakness discovered by Apple security researchers in the Image I/O framework, which enables applications to read and write most image file formats. An out-of-bounds write […]