Shamos macOS Infostealer: Malvertising Lures, BYOD Gaps, and Sector Expansion
Shamos, a new Atomic macOS Stealer (AMOS) variant attributed to COOKIE SPIDER, is targeting U.S. tech and education sectors via malvertising and fake support sites.
Read more
![[FORECAST] Will Akira trigger a week-long hospital disruption by end of 2026? (Updated 2026-05-11)](https://storage.ghost.io/c/06/e5/06e5730b-7d78-4713-9cec-6cba31d297f5/content/images/size/w600/2026/05/z-3.png)
[FORECAST] Will Akira trigger a week-long hospital disruption by end of 2026? (Updated 2026-05-11)
We’re revising the Akira hospital disruption forecast down to 2%. The risk is real, but the question is narrower than it looks.
![[FORECAST] Device-Bound Sessions Are Coming. Defaults Are the Hard Part.](https://storage.ghost.io/c/06/e5/06e5730b-7d78-4713-9cec-6cba31d297f5/content/images/size/w600/2026/05/z-2.png)
[FORECAST] Device-Bound Sessions Are Coming. Defaults Are the Hard Part.
“Secure by default” sounds great until it meets BYOD, VDI, federated SSO, and the help desk exception list from hell. Device-bound sessions help. Waiting for every SaaS vendor to flip the default is not a strategy.
![[SIGNALS WEEKLY] Patch Cliffs, Supply Chain Drift, and Soft DevOps Underbellies](https://storage.ghost.io/c/06/e5/06e5730b-7d78-4713-9cec-6cba31d297f5/content/images/size/w600/2026/05/z-1.png)
[SIGNALS WEEKLY] Patch Cliffs, Supply Chain Drift, and Soft DevOps Underbellies
The industry keeps treating emergency patches like a finish line. Meanwhile, exposed control panels, self-managed DevOps boxes, and forgotten appliances are still out there collecting bad decisions like loyalty points.
![[FORECAST ] Iran’s Cyber Window Is Still Open—But the Qualification Clock Is Now the Hardest Adversary (Updated 2026-05-05!)](https://storage.ghost.io/c/06/e5/06e5730b-7d78-4713-9cec-6cba31d297f5/content/images/size/w600/2026/05/z.png)
[FORECAST ] Iran’s Cyber Window Is Still Open—But the Qualification Clock Is Now the Hardest Adversary (Updated 2026-05-05!)
Iran cyber isn’t quiet. The problem is the scoreboard. Every recycled leak and nuisance outage wants to become “critical infrastructure impact” before the evidence has its pants on.