Apple

In a sophisticated cyber incident, limited attacks involving a new variant of macOS malware, identified as XCSSET, have been reported. Discovered by Microsoft Threat Intelligence, this malware variant has altered Xcode projects and exhibited advanced obfuscation, persistence mechanisms, and infection methods. While initially activated in 2022, the XCSSET threat has continued to evolve, challenging cybersecurity efforts with its enhanced techniques for encoding payloads and making it difficult to trace and understand the intent of obfuscated module names. Persistent attacks have been orchestrated using methods such as 'zshrc' to execute files in new shell sessions and 'dock' to replace legitimate Launchpad apps with malicious ones. The impact of this malware predominantly threatens the security of developers' environments and the integrity of software supply chains, potentially resulting in the compromise of data and the disruption of developer operations.

Source: https://securityaffairs.com/174333/malware/apple-macos-malware-xcsset-limited-attacks.html

"id": "app000022125",
"linkid": "apple",
"type": "Vulnerability",
"date": "2/2025",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization’s existence"