cybersecurity

StopTheMadness Browser Extension

, , , ,

StopTheMadness Pro is a web browser extension developed by Jeff Johnson of Underpass App Company that prevents common website annoyances and privacy violations, such as blocked copy-paste, disabled contextual menus, keyboard shortcuts, autoplaying videos, and URL tracking parameters. Compatible with Safari on iOS, iPadOS, macOS, and other major browsers, it enhances user control over browsing without functioning as an ad blocker or userscript manager. The extension has received praise from various tech reviewers for restoring typical browser functionalities that many websites try to restrict.

https://underpassapp.com/StopTheMadness/

A Blueprint for Formal Verification of Apple Corecrypto

Apple has released new versions of corecrypto featuring quantum-secure ML-KEM and ML-DSA algorithms, accompanied by mathematical proofs ensuring compliance with FIPS 203 and FIPS 204 standards. Additionally, they have published formal verification libraries and tools designed to provide the strongest known correctness assurances for widely-deployed implementations of these algorithms.

https://security.apple.com/blog/formal-verification-corecrypto

New macOS Stealer Campaign Uses Script Editor in ClickFix Attack

, , , ,

A new campaign delivering the Atomic Stealer malware to macOS users exploits the built-in Script Editor app in a variation of the ClickFix social engineering attack, tricking victims into running malicious scripts without manual Terminal interaction. The attack uses fake Apple-themed sites that launch Script Editor with pre-filled code to download and execute a payload that steals sensitive data like passwords, crypto wallets, and system info. Users are advised to treat Script Editor prompts with caution and rely only on official Apple resources for system troubleshooting.

https://www.bleepingcomputer.com/news/security/new-macos-stealer-campaign-uses-script-editor-in-clickfix-attack/

OpenClaw Gives Users yet Another Reason to Be Freaked Out About Security

, ,

Security researchers have warned users of OpenClaw, a viral AI agentic tool that accesses numerous user resources, due to a recently fixed high-severity vulnerability allowing attackers with minimal permissions to escalate to full administrative control without user interaction. This flaw, rated up to 9.8 out of 10 in severity, enabled silent approval of device pairing requests, potentially compromising thousands of instances, many of which lacked authentication, leading experts to advise users to assume compromise and reconsider using the tool.

https://arstechnica.com/security/2026/04/heres-why-its-prudent-for-openclaw-users-to-assume-compromise/

Gone (Almost) Phishin’

, , ,

Phishing Attack Experience: Matt Mullenweg shares insightful experience with a sophisticated phishing attempt. Fake password reset prompts on his Apple devices led to scammers impersonating him to Apple Support. They created a counterfeit support case, generating realistic emails and even a convincing call from a supposed Apple representative. The scam was revealed when Mullenweg noticed the website was a replica without verification. He warns others to never approve unsolicited password resets, recognize that Apple won’t call first, and always verify URLs to avoid scams.

https://ma.tt/2026/03/gone-almost-phishin/

Agent Safehouse

, , ,

Safehouse is a macOS-native sandboxing tool for local agents, ensuring a 0% chance of security breaches by denying access to sensitive files. It introduces a deny-first access model, allowing agents only explicit permissions, preventing database access and other data leaks. Installation requires just a shell script, and it enables seamless operation of various AI agents while protecting user credentials. Users can set up their environment for automatic sandboxing or create custom profiles using LLMs for specific access permissions.

https://agent-safehouse.dev/

Scroll to Top