Daily Cyber News

ClickFix Campaigns Distribute MacSync macOS Infostealer Through Fake AI Tool Installers

Cybersecurity researchers have identified multiple ClickFix malware campaigns distributing a macOS information stealing malware known as MacSync. The campaigns rely heavily on social engineering techniques that trick users into manually executing malicious commands in the macOS Terminal. Security experts from Sophos explained that the attacks differ from traditional exploit driven campaigns. Instead of exploiting software […]

ClickFix Campaigns Distribute MacSync macOS Infostealer Through Fake AI Tool Installers Read More »

DRILLAPP Backdoor Targets Ukraine Using Microsoft Edge Debugging for Stealth Espionage

Cybersecurity researchers have uncovered a new cyber espionage campaign targeting organizations in Ukraine. The activity is believed to be linked to threat actors associated with Russia, according to a report from the LAB52 threat intelligence team at the Spanish security firm S2 Grupo. The operation was detected in February 2026 and appears to share similarities

DRILLAPP Backdoor Targets Ukraine Using Microsoft Edge Debugging for Stealth Espionage Read More »

Android 17 Restricts Accessibility API Access to Stop Malware Abuse

Google is currently testing a new security control in Android 17 that prevents certain applications from accessing the system’s Accessibility Services API. The feature is being introduced as part of Android Advanced Protection Mode (AAPM), a security setting designed to protect users from advanced cyber threats. The change appeared in Android 17 Beta 2, according

Android 17 Restricts Accessibility API Access to Stop Malware Abuse Read More »

OpenClaw AI Agent Vulnerabilities May Allow Prompt Injection and Data Exfiltration

China’s National Computer Network Emergency Response Technical Team (CNCERT) has issued a warning regarding security weaknesses in OpenClaw (previously known as Clawdbot and Moltbot), an open-source, self-hosted autonomous AI agent. In a WeChat post, CNCERT highlighted that OpenClaw’s “weak default security settings,” combined with its privileged system access for autonomous task execution, could be exploited

OpenClaw AI Agent Vulnerabilities May Allow Prompt Injection and Data Exfiltration Read More »

GlassWorm Supply Chain Attack Exploits 72 Open VSX Extensions to Target Developers

Cybersecurity researchers have uncovered a significant escalation in the GlassWorm malware campaign, which now leverages Open VSX extensions to compromise developer environments. The campaign abuses extension relationships to turn initially benign-looking packages into malicious delivery vehicles, targeting developers across multiple platforms. How GlassWorm Works Instead of embedding malicious code directly in every extension, the threat actor now uses extensionPack and extensionDependencies to trigger

GlassWorm Supply Chain Attack Exploits 72 Open VSX Extensions to Target Developers Read More »

Chinese Hackers Attack Southeast Asian Militaries Using AppleChris and MemFun Malware

A suspected China-based cyber espionage campaign has been targeting Southeast Asian military organizations since at least 2020, according to Palo Alto Networks Unit 42. The operation, tracked under the codename CL-STA-1087, appears to be state-backed and highly strategic. Targeted Intelligence Gathering Security researchers Lior Rochberger and Yoav Zemah report that the threat actors focused on highly specific military files rather than bulk data theft.

Chinese Hackers Attack Southeast Asian Militaries Using AppleChris and MemFun Malware Read More »

instagram logo

Meta to End Instagram End-to-End Encrypted Chat Support Starting May 2026

Meta has announced it will discontinue support for end-to-end encryption (E2EE) for Instagram direct messages after May 8, 2026. Users affected by this change will be guided on how to download media and messages they wish to keep. Updating to the latest Instagram version may be required for this process. Reason Behind the Decision Meta explained that few users opted into

Meta to End Instagram End-to-End Encrypted Chat Support Starting May 2026 Read More »

Interpol in cyber criminal

INTERPOL Dismantles 45,000 Malicious IPs and Arrests 94 Suspects in Global Cybercrime Operation

INTERPOL has announced the dismantling of 45,000 malicious IP addresses and servers used in phishing, malware, and ransomware operations. The international law enforcement effort aimed to disrupt criminal networks, neutralize emerging threats, and protect victims from online scams. The operation involved 72 countries and territories, resulting in the arrest of 94 individuals, with another 110 under investigation. Authorities seized 212

INTERPOL Dismantles 45,000 Malicious IPs and Arrests 94 Suspects in Global Cybercrime Operation Read More »

Storm-2561 Distributes Trojanized VPN Clients Through SEO Poisoning to Steal Credentials

Security researchers have uncovered a new cyber campaign in which threat actors distribute trojanized VPN clients using search engine manipulation techniques to steal login credentials from unsuspecting users. According to findings published by Microsoft, the operation uses search engine optimization (SEO) poisoning to redirect users searching for legitimate enterprise software to malicious websites that deliver

Storm-2561 Distributes Trojanized VPN Clients Through SEO Poisoning to Steal Credentials Read More »

Linux-AppArmor

Nine CrackArmor Vulnerabilities in Linux AppArmor Allow Root Privilege Escalation and Container Isolation Bypass

Cybersecurity researchers have uncovered a group of critical security weaknesses in the Linux kernel’s AppArmor Linux security module that could allow attackers with limited privileges to bypass system protections, gain root access, and weaken container isolation mechanisms. The collection of nine vulnerabilities has been collectively named CrackArmor vulnerabilities by the Qualys Threat Research Unit (TRU).

Nine CrackArmor Vulnerabilities in Linux AppArmor Allow Root Privilege Escalation and Container Isolation Bypass Read More »