North Korean state-sponsored threat actors are targeting macOS users with new malware, utilizing a strategy that combines two popular approaches – fake job ads, and ClickFix, experts have warned.
Security researchers Jamf confirmed they have spotted attacks in the wild using ClickFix, an attack method in which the victim is presented with a fake problem, and at the same time, presented with a fix. It is an evolution of the old “You have a virus” popup that dominated the internet in the early 2000’s. Jamf says ‘DPRK-aligned operators’ from the FlexibleFerret malware family have been creating fake companies, fake LinkedIn profiles and, most importantly – fake job ads, as part of a wider campaign called Contagious Interview.
Read more…
Source: TechRadar News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- TOTOLINK X6000R: Three New Vulnerabilities Uncovered
October 1, 2025
Palo Alto security researchers have uncovered three vulnerabilities in the firmware of the TOTOLINK X6000R router, version V9.4.0cu.1360_B20241207, released on March 28, 2025: TOTOLINK is a manufacturer of networking products, including routers and other Internet of Things (IoT) devices used by consumers worldwide. The widespread adoption of these products makes their security a critical area of ...
- HSBC warns UK business banking customers of third-party data breach
September 30, 2025
HSBC has warned business banking customers that personal identification documents submitted during account applications may have been compromised following unauthorised access to a third-party platform. In an email sent to customers earlier this month, the bank confirmed that identity documents, images and contact details provided when opening a business account were exposed in the breach. HSBC ...
- Phantom Taurus: A New Chinese Nexus APT and the Discovery of the NET-STAR Malware Suite
September 30, 2025
Phantom Taurus is a previously undocumented nation-state actor whose espionage operations align with People’s Republic of China (PRC) state interests. Over the past two and a half years, Unit 42 researchers have observed Phantom Taurus targeting government and telecommunications organizations across Africa, the Middle East, and Asia. Their observations show that Phantom Taurus’ main focus areas ...
- Microsoft SharePoint Zero-Day Exploitation: What Public Sector Leaders Should Know
September 30, 2025
The Rapid7 September 2025 Threat Report highlights active exploitation of a critical Microsoft SharePoint vulnerability, CVE-2025-53770. This zero-day is being used by threat actors to gain initial access to victim networks, with exploitation observed in government as well as multiple other industries. SharePoint remains a widely deployed collaboration platform in federal, state, and local agencies, resulting ...
- Broadcom Releases Security Updates for VMware Aria Operations, Tools, and Cloud Foundation
September 30, 2025
Broadcom has released security updates to address vulnerabilities in VMware Aria Operations, Tools, and Cloud Foundation components of VMware products. The updates address 2 high severity and 1 medium severity vulnerabilities. CVE-2025-41244 – “Privilege defined with unsafe actions” vulnerability – CVSSv3 score of 7.8 Read more… Source: NHS Digital Sign up for the Cyber Security Review Newsletter The latest cyber ...
- ‘Widespread’ breach let hackers steal employee data from FEMA and CBP
September 29, 2025
A “widespread cybersecurity incident” at the Federal Emergency Management Agency allowed hackers to make off with employee data from both the disaster management office and U.S. Customs and Border Protection, according to a screenshot of an incident overview presentation obtained by Nextgov/FCW. The hack is also suspected to have later triggered the dismissal of two dozen ...