XCSSET mac malware targets Xcode projects to deliver malicious payloads

Security researchers have discovered a new mac malware dubbed XCSSET. The malware not only inserts malicious code into XCode projects, but also leverages two zero-days to exploit a flaw in Data Vaults and plant a JavaScript backdoor in Safari.

Continue Reading XCSSET mac malware targets Xcode projects to deliver malicious payloads

Git tool patches serious vulnerabilities

repository hosting services GitHub, GitLab and Microsoft VSTS were all impacted by a serious vulnerability that could lead to arbitrary code execution when a developer uses a malicious repository, Threatpost reports. Each of the hosting services patched the bug on Tuesday.

Continue Reading Git tool patches serious vulnerabilities