ThreatsDay Bulletin: Claude Chat Abuse, NastyC2 npm Packages, Device-Code Phishing + 25 More Stories
The internet did not break this week. It got used exactly as designed, which is worse
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
The internet did not break this week. It got used exactly as designed, which is worse
Stuff broke again. Not in a movie way. An old tool was left exposed. An abandoned package was abused. A deprecated feature was still running in prod
OpenAI is rotating potentially exposed macOS code-signing certificates after a GitHub Actions workflow executed a malicious Axios package during a recent supply chain attack. [...]
Cisco Talos researchers found a flaw in eight Microsoft apps for macOS that could enable library injection attacks, putting sensitive data at risk
Apple's emergency fixes last week for two actively exploited vulnerabilities neglected previous Big Sur and Catalina versions of macOS, security vendor says.
Researchers have discovered a previously unknown macOS malware variant called GIMMICK, which is believed to be a custom tool used by a Chinese espionage threat actor known as 'Storm Cloud.' [...]