SHub macOS infostealer variant spoofs Apple security updates

A new variant of the 'SHub' macOS infostealer uses AppleScript to show a fake security update message and installs a backdoor ...
Microsoft

Mini Shai Hulud: Compromised @antv npm packages enable CI/CD credential theft

Hulud payload to steal CI/CD secrets from Linux-based automation environments. The malware executes during npm install and ...
Decrypt

Shai-Hulud: What to Know About the Malware Spreading Through Software Pipelines

The Shai-Hulud supply-chain malware campaign is exploiting the automated systems developers trust to publish software safely.
WeLiveSecurity

Webworm: New burrowing techniques

EchoCreep, which uses Discord for C&C communication, and GraphWorm, which uses Microsoft Graph API for the same purpose. The ...
Decrypt

What Is AI Jailbreaking? A Beginner's Guide to the Cat-and-Mouse Game Behind Every Chatbot

Jailbreaking went from cracking iPhones to liberating LLMs. Here's how it works, who's doing it, and why every AI lab is ...
SecurityWeek

Legacy Windows Tool MSHTA Fuels Surge in Silent Malware Attacks

Attackers are increasingly abusing Microsoft’s legacy MSHTA utility to silently deliver malware, stealers, and persistent ...
Microsoft

Exposing Fox Tempest: A malware-signing service operation

Fox Tempest is a financially motivated threat actor operating a malware‑signing‑as‑a‑service (MSaaS) used by other ...
CNET

Did Chrome Just Install a Massive AI Model on Your Device Without Telling You? Yes, Probably

A 4GB file called weights.bin may be sitting on your hard drive right now, put there by Chrome without your knowledge. Alex Valdes from Bellevue, Washington has been pumping content into the Internet ...