Tag
3 articles covering Infostealers across campaign analysis, detection engineering, and defender tradecraft.
Field Analysis
SentinelOne's writeup of the SHub Reaper macOS stealer shows the ClickFix family adapting to platform hardening. When macOS Tahoe 26.4 closed the Terminal-based path, the operators moved to the applescript:// URL scheme and Script Editor instead.
Read more:SentinelOneBleepingComputer
Field Analysis
Chrome's Device Bound Session Credentials, now generally available and on by default for Workspace, tie session cookies to a device's security chip so a stolen cookie is useless off the machine it came from. Here is what it stops and what it does not.
Read more:Google Security BlogBleepingComputer
Field Analysis
Recent exploitation of CVE-2026-35616 turned FortiClient EMS into a malware delivery channel, pushing an EKZ credential stealer through trusted endpoint management paths.
Read more:Arctic WolfArctic Wolf