Agentic AI is pushing offensive security beyond chatbots into autonomous recon, social engineering, exploit testing, and malware adaptation.
A new macOS ClickFix campaign is using Terminal commands to silently download, mount, and launch info-stealing malware from malicious disk image (DMG) files.
The campaign is infecting Mac devices with the Atomic macOS Stealer (AMOS) infostealer, which steals browser credentials, cryptocurrency wallet data, Keychain data, messaging app information, and user documents.
Researchers at Palo Alto Networks Unit 42 first discovered the campaign and say it begins with a fake CAPTCHA page that tells users to open Terminal and paste a malicious command to verify themselves.
An ongoing malware campaign is targeting WhatsApp users in multiple countries with deceptive messages that push VBScript files, leading to remote system access.
The threat actor is using file names that indicate business and financial documents delivered by the victim’s contacts, whose accounts had been compromised.
By downloading and executing the malicious attachments, the recipient starts an infection chain that leads to installing the legitimate ManageEngine Endpoint Central, which is used by IT administrators to manage systems from a centralized dashboard.
Market intelligence platform Klue has publicly confirmed a recent security incident that allowed threat actors to steal OAuth tokens used to connect to customers’ Salesforce environments, as the new “Icarus” extortion group publicly claims the attack.
The disclosure comes after cybersecurity firms Huntress and ReliaQuest detailed how attackers abused compromised Klue Battlecards integrations to steal Salesforce CRM data from multiple organizations.
In a statement published this week, Klue CEO Jason Smith confirmed that the company discovered unauthorized activity on June 12 affecting part of Klue’s integration infrastructure.
The information exchanged by modern devices is typically protected by cryptographic techniques, approaches that convert readable data into scrambled, unreadable code that can only be deciphered by authorized parties or devices. To descramble encrypted data, devices or accounts need access to randomly generated cryptographic keys, unique, randomly generated sequences of binary code, letters or numbers that are essential for encrypting or decrypting data.
To detect cyberattacks, most traditional hardware security systems monitor the power consumption, electrical signals or other changes in devices. However, cyberattackers have devised effective techniques that sometimes allow them to bypass these systems’ defenses.
Researchers at Huazhong University of Science and Technology and Hubei University recently introduced a new hardware security system based on spin-orbit torque (SOC) devices, technologies that operate by leveraging both electrical charge and a quantum property known as electron spin.