Tag: endpoint detection

Computer screen displaying lines of code
Security

Hijacked Google Ads and Claude.ai posts delivered MacSync—why macOS users and admins must stop pasting ad-sourced commands

The recent MacSync campaign used hijacked Google Ads and user-generated pages on Claude.ai to trick people into pasting obfuscated shell commands into Terminal, delivering a polymorphic infostealer that harvests Keychain items, browser cookies, and crypto keys. Below are the attack’s mechanics, quick checks you can run now, and concrete operational steps for teams and users. […]

admin 
a desk with several computers
Security

May 6–7, 2026: CMS link-swap on JDownloader delivered a PyInstaller Python RAT and SUID-root Linux backdoor

Between May 6 and May 7, 2026, attackers exploited an unpatched CMS vulnerability on the JDownloader website to swap two download links—Windows “Alternative Installer” and the Linux shell installer—with malicious files. The installers distributed during that window contained a PyInstaller-wrapped Python RAT for Windows and a shell-driven installer on Linux that installed SUID-root ELF binaries […]

admin 
a room with computers and chairs
Security

Timeline: After the March 12 patch, Weaver E‑cology CVE‑2026‑22679 was exploited via an unauthenticated debug API — endpoint defenses stopped persistence

A critical unauthenticated RCE in Weaver E‑cology 10.0 (CVE‑2026‑22679) was actively exploited in mid‑ to late‑March 2026 after the vendor released a patch on March 12; endpoint defenses intervened and prevented persistent compromise, leaving timely patching as the primary remediation. How the March exploitation sequence unfolded The vendor released a patch on March 12, 2026; […]

admin 
a man sitting in front of two computer monitors
Security

CVE-2025-60710: CISA’s active‑exploit designation turns a TaskHost privilege bug into a two‑week patch emergency

CISA’s addition of CVE-2025-60710 to the Known Exploited Vulnerabilities list makes a previously theoretical Windows Task Host privilege escalation a present operational threat: federal agencies have two weeks under BOD 22‑01 to patch, and all organizations should treat this as a priority where detection will not substitute for patching. CISA’s designation versus the bug’s mechanics […]

admin