Endpoint Security

Cybersecurity
ClickLock macOS Stealer Uses App-Kill Loop to Coerce Passwords
Group-IB documented ClickLock, a macOS stealer using a 210ms app-kill loop to coerce macOS passwords, hitting more than 100 victims across 33 countries.
Cybersecurity
Elastic Exposes TELEPUZ: C Malware Sold as MaaS via ClickFix Chain
Elastic Security Labs disclosed TELEPUZ, a C-based malware distributed through a ClickFix-to-Vidar chain with VirusTotal volumes indicating a MaaS operation.
Cybersecurity
Russian Threat Actor Uses Gemini CLI to Run Dental Clinic Botnet
Trend Micro documented Russian actor 'bandcampro' using Gemini CLI as a hacking assistant in a dental clinic botnet attack on an OpenDental patient database.
Cybersecurity
Nightmare Eclipse Drops LegacyHive PoC on Fully Patched Windows
Security group Nightmare Eclipse released LegacyHive, a PoC targeting an unpatched Windows privilege escalation flaw that survived July Patch Tuesday.
Cybersecurity
Bitdefender Exposes Windows Bind Link Attacks That Bypass EDR Tools
Bitdefender documented three Windows bind link techniques — file-binding, process-binding, and silo-binding — that redirect OS path resolution to hide malware from EDR tools.
Cybersecurity
300 Fake GitHub Repos Deliver BoryptGrab Chrome Bypass Infostealer
ArcticWolf exposed a campaign using 300 fake GitHub repos to deliver BoryptGrab, an infostealer that bypasses Chrome App-Bound Encryption via code injection.
Application Security
AsyncAPI npm Packages Backdoored to Deploy Miasma Botnet Loader
Four official AsyncAPI npm packages were compromised to deliver Miasma, a botnet loader using six C2 channels including Ethereum smart contracts and IPFS.
Cybersecurity
RedHook Android RAT Gains Shell Access via Wireless ADB Loopback
Group-IB analyzed a new RedHook Android RAT variant that gains shell-level access by turning the device into its own ADB client via loopback, without rooting.
Application Security
Compromised jscrambler npm Package Drops Rust Infostealer on Devs
An attacker compromised jscrambler's npm credentials and published five malicious versions dropping a Rust infostealer targeting cloud and AI credentials.
CVE Vulnerability Alerts
Binarly Finds Six U-Boot CVEs That Break Secure Boot on 50+ Firmware
Binarly disclosed six flaws in U-Boot's FIT signature verification subsystem, including two RCEs that bypass Secure Boot across more than 50 firmware releases.