Posts

macOS Malware Installs Fake Google Software to Steal Credentials and Crypto Wallets

Image
A New macOS Malware Campaign Is Pretending To Be Google Software Updates As an independent cybersecurity blogger and part time penetration tester, modern macOS malware campaigns are increasingly abandoning obvious malicious behavior in favor of stealth, branding abuse, and trusted software impersonation. Researchers have now uncovered a sophisticated macOS infostealer campaign that installs: Fake Google software update components Malicious LaunchAgents Persistence backdoors Credential stealers while disguising itself as legitimate macOS security activity. The malware, identified as a new variant of: SHub Stealer Also referred to as “Reaper” in some research targets users attempting to download: Popular productivity software AI tools Collaboration applications macOS utilities. Researchers warn the campaign is especially dangerous because the malware continuously changes its appearance to look legitimate at every stage of the infection chain. What Happ...

Hackers Exploiting Critical NGINX RCE Vulnerability to Crash Servers and Gain Access

Image
An 18 Year Old NGINX Vulnerability Is Now Being Exploited in the Wild As an independent cybersecurity blogger and part time penetration tester, vulnerabilities affecting internet infrastructure software are among the most dangerous security events organizations can face. The latest example involves a newly exploited flaw in: NGINX Open Source NGINX Plus F5 NGINX products tracked as: CVE-2026-42945 Also known as NGINX Rift   Researchers confirmed attackers are already exploiting the vulnerability in the wild only days after public disclosure. The flaw carries a: CVSS score of 9.2 Critical Potential for unauthenticated remote code execution Ability to crash NGINX worker processes remotely What makes this especially alarming is that the vulnerability reportedly existed undetected since: 2008 Across nearly two decades of NGINX deployments worldwide. What Happened: Attackers Began Exploiting CVE-2026-42945 Researchers from depthfirst and F5 discl...

Malicious npm Packages Steal GitHub, AWS, and CI/CD Secrets in Massive Supply Chain

Image
When a Single npm Install Can Compromise an Entire Development Pipeline As an independent cybersecurity blogger and part time penetration tester, software supply chain attacks are rapidly becoming one of the most dangerous threats facing modern development teams. The latest campaign involving malicious npm packages demonstrates exactly why. Researchers uncovered a large scale attack targeting the npm ecosystem where compromised packages were designed to steal: GitHub tokens AWS credentials Kubernetes secrets npm publishing tokens CI/CD credentials Cloud API keys  What makes this campaign especially alarming is its: Worm like propagation behavior Automated package hijacking Trusted publishing abuse Ability to spread between developer accounts automatically Researchers say the malware did not simply steal secrets and stop. Instead, it used stolen credentials to compromise additional packages and continue spreading across the npm ecosystem. What Happe...

JDownloader Website Compromised to Deliver Malware Through Fake Installers

Image
When Trusted Download Platforms Become Malware Distribution Hubs As an independent cybersecurity blogger and part time penetration tester, some of the most dangerous cyberattacks are not the ones that trick users into downloading suspicious files. They are the ones where users download malware directly from the official website they trust. That is exactly what happened in the recent compromise of the popular download management platform JDownloader . Researchers confirmed attackers breached the official JDownloader website and replaced legitimate Windows and Linux installers with trojanized versions carrying a Python based Remote Access Trojan (RAT). The incident is another major example of a modern software supply chain attack where: Trusted websites become malware delivery platforms Legitimate software branding hides malicious payloads Users are compromised without phishing or fake domains Because JDownloader is used by millions worldwide, the potential impact is signi...