Shamos macOS Infostealer: Malvertising Lures, BYOD Gaps, and Sector Expansion
Shamos, a new Atomic macOS Stealer (AMOS) variant attributed to COOKIE SPIDER, is targeting U.S. tech and education sectors via malvertising and fake support sites.
Read more
![[FORECAST] The next secret-stealing campaign may start with a tool you trusted](https://storage.ghost.io/c/06/e5/06e5730b-7d78-4713-9cec-6cba31d297f5/content/images/size/w600/2026/05/z-10.png)
[FORECAST] The next secret-stealing campaign may start with a tool you trusted
AI coding tools are becoming trusted middlemen. That gives defenders a new attack path to understand before it gets ugly.
![[BREACH] The Extension Had the Keys](https://storage.ghost.io/c/06/e5/06e5730b-7d78-4713-9cec-6cba31d297f5/content/images/size/w600/2026/05/zzz.png)
[BREACH] The Extension Had the Keys
The plugin had keys. A VS Code extension sat beside repos, tokens, terminals, and AI configs. That is not just productivity. That is inherited access.
![[SIGNALS WEEKLY] Tokens, Edges, and Exploits: Shifting Paths to Compromise](https://storage.ghost.io/c/06/e5/06e5730b-7d78-4713-9cec-6cba31d297f5/content/images/size/w600/2026/05/z-9.png)
[SIGNALS WEEKLY] Tokens, Edges, and Exploits: Shifting Paths to Compromise
The token survived. npm packages, CI/CD runners, and edge boxes keep turning “contained” into “still owned.” The boring weakness became the breach path.
![[GAME THEORY] AI-agent spoofing is becoming a claim-vs-proof problem](https://storage.ghost.io/c/06/e5/06e5730b-7d78-4713-9cec-6cba31d297f5/content/images/size/w600/2026/05/z-8.png)
[GAME THEORY] AI-agent spoofing is becoming a claim-vs-proof problem
Known AI agents are becoming trusted traffic. The first defender move is finding claims without proof.