433 Central Ave., 4th Floor, St. Petersburg, FL 33701 | info@poseidon-us.com | Office: (656) 236-3022

New macOS malware steals passwords by posing as Apple’s crash-reporting tool

Jamf Threat Labs has uncovered a new macOS infostealer named CrashStealer that disguises itself as Apple’s crash-reporting tool to steal passwords, Keychain data, and cryptocurrency wallets. The malware was first spotted in May while it was still under development. By early July, Jamf was seeing in-the-wild detections, indicating it had moved into active use. “Unlike much of the commodity stealer activity on macOS, which is built on AppleScript droppers or thin Objective-C wrappers, CrashStealer is … More → The post New macOS malware steals passwords by posing as Apple’s crash-reporting tool appeared first on Help Net Security.
http://news.poseidon-us.com/TTXCtQ

The FBI Warned About Fake Permit Fees. The Harder Question Is Where the Money Goes. | Recorded Future

A government impersonation scam is targeting property owners with fake planning and zoning permit invoices, and authorized wire transfers are clearing behavioral controls. Here’s how the scheme works and why beneficiary account intelligence is the signal that catches it.
http://news.poseidon-us.com/TTX8Gc

Download: The ultimate guide to network operations management

Modern network operations are too manual. Today’s IT and security teams are managing growing complexity across networks, infrastructure, tools, and workflows. The result? Slower response, duplicated effort, and operational friction. This guide explores how intelligent workflows help teams reduce manual work, improve visibility, and move faster across network operations. What you’ll learn: Why traditional approaches to network operations struggle to scale Where operational bottlenecks create delays, inefficiencies, and risk How intelligent workflows connect teams, systems, … More → The post Download: The ultimate guide to network operations management appeared first on Help Net Security.
http://news.poseidon-us.com/TTX7Fg

“Context bombs” can frustrate AI-driven attacks, researchers found

A new approach tried out by Tracebit researchers has proven very effective at stopping AI agents from fully compromising targeted environments. What makes it notable isn’t the technique – prompt injection is old news – but the direction it’s pointed: not to hijack AI agents, but to defend against them. Canaries with context bombs Tracebit offers customers a range of canaries, i.e., decoy resources and credentials that, when targeted by attackers, provide early warning of … More → The post “Context bombs” can frustrate AI-driven attacks, researchers found appeared first on Help Net Security.
http://news.poseidon-us.com/TTX7Fd

Google adds FIDO2 keys and phone passkeys to Windows login via GCPW

Google has started rolling out FIDO2-compliant physical security key support as a second factor for authentication in Google Credential Provider for Windows (GCPW) to all Google Workspace customers. GCPW is a free tool that lets users sign in to Windows computers with their Google Workspace account instead of, or alongside, a Windows username and password. The update allows organizations to strengthen account security by enabling administrators to enforce 2-step verification (2SV) with hardware security keys … More → The post Google adds FIDO2 keys and phone passkeys to Windows login via GCPW appeared first on Help Net Security.
http://news.poseidon-us.com/TTX7DY

No one knows how many old shims can still bypass UEFI Secure Boot

The vast majority of UEFI computers carry a Microsoft certificate that will trust a small first-stage loader called a shim, a program Microsoft signs so that Linux and assorted boot tools can run with Secure Boot on. Eleven of those signed shims turned out to be old enough to undo the protection they were meant to support. ESET researchers found the vulnerable versions, all at 0.9 or below, and Microsoft revoked them in its June … More → The post No one knows how many old shims can still bypass UEFI Secure Boot appeared first on Help Net Security.
http://news.poseidon-us.com/TTX7DG

UK charges five persons linked to fraud platform behind more than a million scam calls

Five people have been charged in the UK following a National Crime Agency (NCA) investigation into Russian Coms, a caller ID spoofing service used by fraudsters. Ayoub Sehailia, 28, Zakkaria Sehailia, 30, Usman Din, 30, Denis Ozmus, 29, and Fadila Salem, 53, all of London, are charged with offences that include conspiracy to supply articles for use in fraud, transferring and converting criminal property, and, for Zakkaria Sehailia, failing to comply with a notice to … More → The post UK charges five persons linked to fraud platform behind more than a million scam calls appeared first on Help Net Security.
http://news.poseidon-us.com/TTWyWH

Microsoft Entra ID authentication overhaul to start in September 2026

Microsoft will begin rolling out passkeys as the default authentication experience for Microsoft Entra ID in the public cloud on September 1, 2026. Organizations with SMS or voice authentication enabled will automatically be enabled for passkeys. The next time users complete MFA, they will be prompted to register a passkey. Starting February 1, 2027, users who rely on SMS or voice for MFA will be required to register a passkey before they can sign in. … More → The post Microsoft Entra ID authentication overhaul to start in September 2026 appeared first on Help Net Security.
http://news.poseidon-us.com/TTWyVb

New tutorials on underground hacking forums have roughly doubled

Underground hacking forums are producing more original tutorials again, with growing attention on financial fraud, particularly the theft and fraudulent use of payment card data, known as carding, and cash-out techniques. New tutorials per month versus reposts (Source: Radware) Fraud tutorials gain momentum Radware analyzed 8,870 tutorial posts published across 24 deep- and dark-web forums between December 2022 and April 2026. After removing reposts, the dataset contained 3,034 unique hacking and fraud guides. “New tutorial … More → The post New tutorials on underground hacking forums have roughly doubled appeared first on Help Net Security.
http://news.poseidon-us.com/TTWtlX