Shamos macOS Infostealer: Malvertising Lures, BYOD Gaps, and Sector Expansion
Shamos, a new Atomic macOS Stealer (AMOS) variant attributed to COOKIE SPIDER, is targeting U.S. tech and education sectors via malvertising and fake support sites.
Read more
![[FORECASTS] From Password Sprays to Tenant Sabotage: The 8-Week Iran Cyber Risk for U.S. and Israeli Orgs](/content/images/size/w600/2026/03/z-2.png)
[FORECASTS] From Password Sprays to Tenant Sabotage: The 8-Week Iran Cyber Risk for U.S. and Israeli Orgs
Iran cyber risk isn’t just “watch for wipers.” It’s the same ugly identity-first playbook: password sprays, MFA abuse, cloud access… then maybe admin-plane sabotage. Recent reporting says activity is already reaching U.S. targets. Cute.
![[FORECAST UPDATED] After LockBit and BlackCat, Is Cl0p Really Next in Line?](/content/images/size/w600/2026/03/zz-1.png)
[FORECAST UPDATED] After LockBit and BlackCat, Is Cl0p Really Next in Line?
LockBit got Cronos’d. BlackCat caught a DOJ wrench to the teeth. Cl0p is still hanging around the enterprise software aisle like it owns the place. So… is it really next, or are we just recycling takedown fan fiction?
SIGNALS WEEKLY: Seedworm in U.S. Networks, Coruna on iPhones, and a Patch Window Measured in Days
This week’s pattern is ugly and simple: Seedworm is reportedly already sitting inside multiple U.S. organizations, Coruna shows spy-grade iPhone exploitation bleeding into broader use, and KEV + March patch drops are shrinking defender response time from “soon” to “right now.”
![[DEEP RESEARCH] When Gambling Becomes a Money-Transfer Rail](/content/images/size/w600/2026/03/z-1.png)
[DEEP RESEARCH] When Gambling Becomes a Money-Transfer Rail
Casinos and iGaming platforms can quietly act like informal money-transfer channels when intermediaries use gaming flows to move value between third parties. This summary highlights where that happens, what it looks like in logs, and how technical teams can help shut it down.