#macos

9 articles

This archive of 12 articles, published between April 10 and May 12, 2026, covers threats to macOS users. The threat actors Lazarus Group, ClickFix, and Sapphire Sleet were observed targeting the technology, cryptocurrency, artificial-intelligence, finance, and individual sectors. Key vulnerabilities include CVE-2024-54529 and CVE-2025-31235. The coverage spans Global, Asia, Europe, and North America, with a severity mix of one critical, eight high, and two medium incidents.

Apple Patches Everything: 0-Days, RCS Encryption Rollout

CRITICAL

Industry NewsMay 12, 2026

Apple Patches Everything: 0-Days, RCS Encryption Rollout

Apple released emergency patches for two zero-days exploited in the wild alongside the beta rollout of end-to-end encrypted RCS messaging for iOS and macOS.

3 min read

Google Ads, Claude Chats Push MacSync Infostealer to macOS Users

HIGH

MalwareMay 10, 2026

Google Ads, Claude Chats Push MacSync Infostealer to macOS Users

Attackers abuse Google Ads linking to real claude.ai and shared Claude chats to deliver MacSync infostealer, harvesting browser credentials and Keychain data.

4 min read

Google Project Zero Details macOS coreaudiod Exploit Chain

HIGH

VulnerabilitiesApr 28, 2026

Google Project Zero Details macOS coreaudiod Exploit Chain

Google Project Zero published exploit details for CVE-2024-54529, a type confusion in macOS coreaudiod allowing sandbox escape via knowledge-driven fuzzing.

CVE-2024-54529CVE-2025-31235

3 min read

Lazarus Hijacks macOS via ClickFix to Target Executives

HIGH

Threat IntelApr 24, 2026

Lazarus Hijacks macOS via ClickFix to Target Executives

Lazarus APT uses ClickFix social engineering to deliver macOS malware — fake browser update prompts trick executives into running AppleScript payloads that steal credentials and…

2 min readLazarus Group

Sapphire Sleet Targets macOS Users with Fake Zoom SDK Update

HIGH

Threat IntelApr 17, 2026

Sapphire Sleet Targets macOS Users with Fake Zoom SDK Update

North Korean threat actor Sapphire Sleet is distributing a new macOS malware via a fake Zoom SDK installer, stealing passwords, crypto wallets, and personal data through a multi-stage social engineering campaign.

4 min readSapphire Sleet

Fake Ledger Live App on Apple App Store Steals $9.5M in Cryptocurrency

HIGH

MalwareApr 14, 2026

Fake Ledger Live App on Apple App Store Steals $9.5M in Cryptocurrency

A malicious Ledger Live app distributed via Apple's official App Store for macOS stole approximately $9.5 million from 50 victims by harvesting recovery phrases.

4 min read

ClickFix Mac Malware Campaign Uses Fake Apple Page to Deliver Payloads

MEDIUM

MalwareApr 13, 2026

ClickFix Mac Malware Campaign Uses Fake Apple Page to Deliver Payloads

A new ClickFix-style campaign targets macOS users with fake Apple instructions to run malicious commands.

3 min read

North Korean Lazarus Group Compromises OpenAI via Axios Supply Chain Attack

HIGH

Threat IntelApr 13, 2026

North Korean Lazarus Group Compromises OpenAI via Axios Supply Chain Attack

North Korea's Lazarus Group compromised OpenAI's internal systems via a supply chain attack on the Axios client library, using a stolen macOS code-signing certificate to sign malware.

3 min readLazarus Group

ClickFix Malware Campaign Evades macOS Defenses via Script Editor

HIGH

MalwareApr 12, 2026

ClickFix Malware Campaign Evades macOS Defenses via Script Editor

A ClickFix social engineering campaign bypasses macOS security warnings by using Script Editor to execute malicious commands, marking a significant evolution in Mac-targeting malware.

4 min readClickFix

Stay Updated

Get the latest cybersecurity news delivered to your inbox.