AppleScript is a tool tracked across 11 threat clusters and 13 intelligence report mentions on ThreatCluster. First observed November 12, 2025; most recent activity July 3, 2026.
AppleScript is a macOS automation scripting language that enables control of scriptable apps and system actions. While legitimate for task automation, it is increasingly misused by attackers to automate malware delivery and to disguise payloads as legitimate software updates, making it a notable macOS attack vector.
A North Korean cybercrime group known as Sapphire Sleet has launched a social engineering campaign targeting macOS users, as reported by Microsoft's Threat Intelligence unit. The campaign involves tricking users into…
A new supply chain attack, dubbed 'Mini Shai-Hulud', has compromised multiple npm packages related to SAP's Cloud Application Programming Model (CAP). This attack involves injecting malicious preinstall scripts into…
A sophisticated social engineering campaign has been uncovered, targeting individuals in the financial and cryptocurrency sectors through the Obsidian note-taking application. The attackers, posing as representatives of…
PamStealer is a newly identified macOS infostealer that masquerades as the legitimate Maccy clipboard manager. The malware employs a two-stage attack method, starting with a malicious AppleScript that downloads a…
Darktrace's Threat Research team identified a pattern of macOS intrusions leveraging ClickFix-style user deception. Attackers initiated the compromise through user-assisted execution of malicious updates, transitioning…
Infostealer threats have shifted from primarily targeting Windows to macOS environments, as reported by the Microsoft Defender Security Research Team. Since late 2025, these campaigns have utilized cross-platform…
Google's Mandiant security team reported that North Korean hackers, identified as UNC1069 or 'CryptoCore', are employing AI-generated deepfakes in fraudulent video meetings to target cryptocurrency companies. The…
Researchers from Darktrace identified a new malware sample named React2Shell, created using AI and large language models (LLMs). This malware exploits a known vulnerability, allowing less skilled hackers to generate…
Hackers are using AppleScript files to deliver malware disguised as legitimate software updates for Zoom, Microsoft Teams, and Chrome on macOS. This method has emerged as a new attack vector following Apple's removal of…
Google has launched Private AI Compute, a technology designed to enhance privacy in cloud AI processing. This solution allows for advanced AI capabilities while ensuring that user data remains secure and private,…