An ongoing malware campaign is using Apple's Script Editor instead of the Terminal to inject the Atomic Stealer data thief onto Macs.

This unexpected choice revolutionized how I interact with my computer, making the once-intimidating terminal accessible to ...

When a victim clicks an “Execute” button, the site calls the applescript:// URL scheme, prompting the browser to open Script Editor with malicious code already filled in. That removes the need for the ...

ClickFix on Macs is evolving yet again and is no longer abusing Terminal.

Jamf Threat Labs has discovered a ClickFix-style macOS attack that abuses the applescript:// URL scheme to launch Script ...

Jamf finds a ClickFix variant that swaps copy-paste Terminal lures for Script Editor execution, tightening delivery of Atomic ...

A new campaign delivering the Atomic Stealer malware to macOS users abuses the Script Editor in a variation of the ClickFix ...

Jamf Threat Labs, a team of Mac and mobile security experts, have identified a new ClickFix-style attack that ditches the ...

ClickFix attacks targeting Mac users now use Script Editor instead of Terminal, a shift that sidesteps Apple's latest ...

Apple has introduced a security feature in macOS Tahoe 26.4 that blocks pasting and executing potentially harmful commands in Terminal and alerts users to possible risks. The new mechanism appears to ...

In a small but very welcome move, Apple has added a message in Terminal in macOS 26.4 that warns when a user tries to paste an instruction that might be malware. Usually the danger comes from either ...

macOS Tahoe 26.4 introduces a new security feature that warns Mac users if they paste certain commands in the Terminal app that may be harmful. For those unaware, the Terminal app allows you to enter ...