Tag: MACOS

LightSpy Expands to 100+ Commands, Increasing Control Over Windows, macOS, Linux, and Mobile
Summary: Cybersecurity researchers have identified updates to the LightSpy implant, a modular spyware with expanded capabilities for data extraction from social media platforms like Facebook and Instagram. This updated version supports an extensive range of commands across multiple operating systems and has introduced new Windows-specific plugins for data collection and surveillance.…
Read More
CVE-2025-27364 in MITRE Caldera: Exploitation of a New Max-Severity RCE Vulnerability via Linker Flag Manipulation Can Lead to Full System Compromise – SOC Prime
A critical remote code execution (RCE) vulnerability (CVE-2025-27364) in MITRE Caldera poses significant risks of system compromise, potentially allowing unauthenticated attackers full control over affected systems. This vulnerability can be combined with another flaw in Parallels Desktop (CVE-2024-34331) to elevate the risks further. Security teams are urged to prioritize immediate threat detection and mitigation strategies in light of the increased prevalence of weaponized vulnerabilities.…
Read More
Understanding ATT&CK Coverage, Looking Beyond MITRE ATT&CK Evaluations
The recent analysis by Forrester on the MITRE ATT&CK Evaluations highlights the advancements made in product performance evaluation against real adversary behavior and notes challenges like high alert volumes and lack of alert correlation. The Need for customized evaluation approaches emphasizes the importance of understanding specific user environments to make informed security decisions.…
Read More
OpenAI bans ChatGPT accounts used by North Korean hackers
Summary: OpenAI has blocked several North Korean hacking groups from utilizing its ChatGPT platform for cyber espionage and attacks. The banned activities included researching vulnerabilities, coding assistance for cyber tools, and developing phishing strategies to target cryptocurrency investors. Additional efforts were identified, including a scheme to employ North Korean workers to exploit ChatGPT for corporate tasks under false pretenses.…
Read More
Exploits for unpatched Parallels Desktop flaw give root on Macs
Summary: A security vulnerability in Parallels Desktop allows attackers to gain root access on Mac devices due to a failure in code signature verification. Security researcher Mickey Jin publicly disclosed two exploits following the vendor’s inability to address the flaw for over seven months. Users are urged to take proactive measures as the vulnerability remains unpatched across all known versions of the software.…
Read More
Summary: Libxml2, a widely used XML parsing library, has multiple vulnerabilities (CVE-2024-56171, CVE-2025-24928, CVE-2025-27113) that could lead to denial of service and arbitrary code execution. These vulnerabilities have been addressed in recent releases (2.12.10 and 2.13.6), and users are advised to update immediately. Failure to update may leave systems exposed to significant security risks.…
Read More
0-Day in Parallels Desktop Allows Root Privilege Escalation, PoC Released
Summary: A newly disclosed 0-day vulnerability in Parallels Desktop allows for root privilege escalation, bypassing a previous patch. The flaw emanates from the repack_osx_install_app.sh script and has been unaddressed by Parallels for over seven months despite multiple responsible disclosure attempts. Independent researcher Mickey Jin has shared proof-of-concept exploits demonstrating how attackers could gain root access.…
Read More
⚡ THN Weekly Recap: From .5B Crypto Heist to AI Misuse & Apple’s Data Dilemma
Summary: This week’s cyber news highlights a record-breaking .5 billion crypto theft linked to the Lazarus Group, the banning of ChatGPT accounts for malicious activities by OpenAI, and Apple’s withdrawal of its Advanced Data Protection feature in the UK. These incidents underscore the evolving landscape of cyber threats and their impact on organizations and users alike.…
Read More
Summary: A recent investigation has uncovered a cyber-espionage campaign linked to North Korean actors, utilizing malware disguised as job interview applications to harvest sensitive data from macOS users. The malware, identified as ‘DriverEasy’ and ‘ChromeUpdate’, employs social engineering tactics to deceive victims into providing their credentials.…
Read More
Uncovering Apple Vulnerabilities: diskarbitrationd and storagekitd Audit Part 3
This article discusses vulnerabilities in macOS’s storagekitd daemon that allowed privilege escalation to root and bypassing of Transparency, Consent, and Control (TCC) protections. Despite Apple’s attempts to patch these vulnerabilities with CVE-2024-27848 and CVE-2024-44210, the issues showcased the complexity and risks associated with system daemons in macOS.…
Read More
Cybersecurity News Review, — Week 8 (2025)
This week’s cybersecurity updates reveal critical vulnerabilities in several platforms like OpenSSH, Atlassian products, and Palo Alto Networks firewalls. There are also reports of new phishing techniques, malware campaigns targeting sensitive data, and alarming data breaches affecting healthcare organizations. Affected: OpenSSH, Atlassian (Confluence, Bamboo, Bitbucket, Jira, Crowd), Palo Alto Networks, Signal Messenger, Australian Infrastructure, HCRG Care Group, DM Clinical Research

Keypoints :

Two critical vulnerabilities in OpenSSH could lead to man-in-the-middle and denial-of-service attacks.…
Read More
Cyber threats impacting the financial sector in 2024 – focus on the main actors
This report discusses the evolving landscape of cybercrime and state-sponsored threats targeting the financial sector, focusing on Initial Access Brokers (IABs), ransomware groups, and Trojan operators. It highlights the roles of various actors and techniques, showcasing the persistent threat posed by these entities through sophisticated malware, exploitation of vulnerabilities, and collaborative tactics.…
Read More
DeceptiveDevelopment targets freelance developers
Cybercriminals, under the guise of recruiters, have targeted freelance software developers in a deceptive malware campaign named DeceptiveDevelopment. This campaign, linked to North Korea, has been promoting fake job offers that lead to the installation of malware during the application process. The operators primarily utilize two malware families — BeaverTail and InvisibleFerret — to steal sensitive information and cryptocurrency.…
Read More
DPRK DriverEasy & ChromeUpdate Deep Dive
The article discusses the malicious DriverEasy application attributed to North Korea’s “Contagious Interview” effort, which aims to capture user passwords through fake prompts. It highlights the application’s mechanisms, including its uploading of captured credentials to Dropbox. The article compares DriverEasy with related applications ChromeUpdate and CameraAccess, indicating commonalities in their functionality and attack strategies.…
Read More
Two New OpenSSH Bugs Threaten Enterprise Security, Uptime
Summary: Two newly discovered vulnerabilities in OpenSSH, including a potential machine-in-the-middle (MitM) attack and a pre-authentication denial-of-service (DoS) attack, have been addressed with patches. Although their severity scores are moderate, the widespread use of OpenSSH among high-profile organizations raises concerns. Researchers emphasize the importance of updating to the latest version due to the risks associated with these vulnerabilities.…
Read More
New FrigidStealer infostealer infects Macs via fake browser updates
Summary: New FakeUpdate malware campaigns are being run by cybercrime groups TA2726 and TA2727, which primarily target macOS users with a new infostealer called FrigidStealer. The malware also encompasses Windows and Android payloads, making its reach extensive. Threat actors utilize malicious JavaScript displaying fake browser update messages to deceive users into executing harmful downloads.…
Read More