Malwarebytes Labs researchers uncovered a malicious campaign going after Mac users looking for support or extended warranty from Apple via the AppleCare+ support plans.
The perpetrators are buying Google ads to lure in their victims and redirect them to bogus pages hosted on GitHub, the developer and code repository platform owned by Microsoft. The goal of this scam is to get unsuspecting people on the phone with someone pretending to be working for Apple. From there, fraudulent call center agents will social engineer their victims in order to extract money from them. In this blog post, Malwarebytes Labs expose the techniques behind this scam and provide mitigation steps to stay away from them.
Read more…
Source: Malwarebytes Labs
Related:
- Industrial robots targeted by malware, which could open them up to hacking
May 25, 2026
A critical command injection vulnerability has been discovered in Universal Robots PolyScope 5, the operating system whucg powers the company’s collaborative robots. The flaw, tracked as CVE-2026-8153, carries a CVSS score of 9.8 and affects all software versions prior to PolyScope 5.25.1. This vulnerability could lead to complete compromise of the robot controller, affecting the confidentiality, integrity, and availability ...
- Another major Linux security flaw revealed — nine-year old issue could spell disaster for users
May 23, 2026
Security researchers Qualys discovered a major flaw in the Linux operating system (OS) that could let any ordinary user, or malicious actor, gain full admin access on vulnerable endpoints. This bug lingered in Linux systems since 2016, and affects the default installations of several major distributions, including Red Hat, SUSE, Debian, Fedora, AlmaLinux, CloudLinux, and others. Read more… Source: TechRadar News Sign up ...
- Cloud Atlas activity in the second half of 2025 and early 2026: new tools and a new payload
May 22, 2026
In 2025, Kaspersky observed pervasive SSH tunnel activity, which has remained active into 2026, affecting many government organizations and commercial companies in Russia and Belarus. Behind some of this activity is Cloud Atlas, a group which was known to Kaspersky researchers since 2014. During the investigation, the researches identified new tools used by this group, as ...
- ROADtools and Nation-State Tactics in the Cloud
May 22, 2026
ROADtools is a publicly available toolkit for offensive and defensive security purposes that attackers have integrated into cloud attacks. The tool is designed to: Enumerate Entra ID Register devices in Entra ID Acquire, exchange and manipulate Microsoft Entra ID tokens ROADtools is an open-source framework written in Python and built for red-teaming and research. It primarily targets the identity and ...
- Tracking Iranian APT Screening Serpens’ 2026 Espionage Campaigns
May 22, 2026
Unit 42 researchers have observed evidence of cyberattacks by the Iran-nexus advanced persistent threat (APT) group Screening Serpens (aka UNC1549, Smoke Sandstorm and Iranian Dream Job). Based on Unite 42 visibility, researchers believe that the group targeted entities in the U.S., Israel and the United Arab Emirates, and likely two additional Middle Eastern entities. This research follows ...
- Kali365 Phishing-as-a-Service Kit Hijacks Microsoft 365 Access Tokens
May 21, 2026
The Federal Bureau of Investigation (FBI) is issuing this Public Service Announcement (PSA) to warn the public about an emerging Phishing1-as-a-Service2 (PhaaS) platform called Kali365, first seen in April 2026. Kali365 has primarily been distributed via Telegram, enabling cyber threat actors to obtain Microsoft 365 access tokens and bypass multi-factor authentication3 (MFA) protocols without intercepting the user’s ...