Endpoint Security

Cybersecurity
PamStealer macOS Infostealer Uses PAM API to Verify Stolen Passwords
Jamf Threat Labs disclosed PamStealer, a Rust-based macOS infostealer that uses the PAM API to verify stolen passwords before exfiltrating credentials.
Cybersecurity
90-Domain SEO Campaign Abuses ScreenConnect to Deploy AsyncRAT
Kaspersky exposed a 90-domain SEO poisoning campaign that installs AsyncRAT on Windows via a fake ScreenConnect installer, targeting users across 10 languages.
Cybersecurity
VEIL#DROP Campaign Uses Google Blogger to Deliver PureLogs Stealer
Securonix disclosed VEIL#DROP, an active campaign routing PureLogs Stealer through Google Blogger to bypass reputation-based enterprise security controls.
Cybersecurity
90-Domain SEO Campaign Abuses ScreenConnect to Deploy AsyncRAT
Kaspersky exposed a 90-domain SEO poisoning campaign that installs AsyncRAT on Windows via a fake ScreenConnect installer, targeting users across 10 languages.
Cybersecurity
ChocoPoC RAT Targets Security Researchers via Fake GitHub PoC Repos
ChocoPoC, a new remote access trojan, targets vulnerability researchers through trojanized proof-of-concept exploit repositories on GitHub, stealing credentials and establishing backdoors.
Application Security
Six AirDrop and Quick Share Flaws Put 5B Devices at Risk
CISPA researchers disclosed six vulnerabilities in Apple AirDrop and Android Quick Share exposing more than five billion active devices to proximity attacks.
CVE Vulnerability Alerts
SimpleHelp CVE-2026-48558 Exploited to Deploy Djinn Stealer
Attackers exploited SimpleHelp's OIDC authentication bypass CVE-2026-48558 to deploy Djinn Stealer and TaskWeaver within 13 days of initial disclosure.
CVE Vulnerability Alerts
CISA Confirms BlueHammer CVE-2026-33825 Used in Ransomware
CISA updated its KEV entry for CVE-2026-33825 to flag ransomware group exploitation of the Windows Defender privilege escalation flaw, first patched in April.
Application Security
Microsoft Removes 119 StegoAd Extensions from Edge Add-ons Store
Microsoft removed 119 malicious Edge extensions in the StegoAd takedown, exposing a steganography campaign hiding malware in image and font files since 2021.
Application Security
Hijacked npm and Go Packages Exploit VS Code MCP to Deploy Infostealer
Hijacked npm and Go packages exploit VS Code's MCP tasks to bypass npm lifecycle hook protections and deploy a cross-platform Python infostealer.