• ChatGPT can be manipulated into creating viruses and malicious code
• A report shows that some hackers are using it in the wild for Macs
• But ChatGPT might not be the devastating weapon that some fear

The subject of whether Macs can get viruses – and if they do, whether you should install antivirus software – is a contentious one among Apple fans.

A new report from Mac security firm Moonlock suggests the threat is now on the rise from AI-powered malware. Yet on one side are those who believe antivirus apps are more hassle than they’re worth, slowing down your computer in the face of a minimal threat level. On the other, there are people who urge caution against a changing world of hackers and virus creators.

It's all a bit of a mess, and it can often be hard to know which side to believe. But with this new report shedding light on some of the tactics hackers are using to victimize Mac users, could it be that that’s all about to change? Here's our verdict.

The myth: Macs don’t get viruses

There’s a long-held belief that Macs don’t get viruses, with adherents claiming that a mixture of common sense (don’t download torrents and pirated software, for instance) and built-in macOS tools like Gatekeeper are sufficient to keep you protected from anything that’s thrown your way.

There’s some weight to those claims – Macs certainly get far less malware than Windows PCs thanks to a combination of macOS’s sturdy antivirus tools and Apple’s much lower market share being less attractive to would-be attackers. But the idea that Macs are totally invulnerable to spyware, trojans, and other digital nasties is wide of the mark.

In fact, we’ve seen reports of Mac virus threats increasing at a rapid rate over the last few years, with malware writers honing their skills in order to target Apple fans. Even North Korean hackers are getting in on the act, such is the growing importance of macOS to threat actors.

The reality: They can – but the threat of AI tools may be overblown

With the simultaneous rise of artificial intelligence (AI) chatbots, there’s been notable concern among some that tools like ChatGPT will empower even novice hackers to create devastating malware strains that can get around the most robust of Mac defenses.

Now, a new report from Mac security firm Moonlock seems to confirm some of those fears. It cites cases of hackers creating working malware just by prompting an AI chatbot to start coding.

For instance, Moonlock’s report includes messages posted by hacker known as 'barboris', who listed code produced by ChatGPT on a malware forum. There, barboris explained that they had little coding experience, but were still able to get ChatGPT to do their bidding with a little creative prompting.

However, before we get too panicked, ChatGPT is not quite the all-powerful malware-creation tool that it seems. As with any other experience of using an AI chatbot, it can be prone to mistakes and garbled nonsense, which has the potential to ruin any would-be hacker’s day. If someone with no malware experience were to use ChatGPT to create a virus, they might struggle to troubleshoot it and forge something workable.

I previously spoke to a range of security experts on this very subject, and they were skeptical about ChatGPT’s ability to create effective malware. Chatbots have built-in guardrails to prevent people from crafting malware code, and for Martin Zugec, the Technical Solutions Director at Bitdefender, if a person is relying on ChatGPT to create code for them, they probably don’t possess the skills to bypass these guardrails.

Due to that, Zugec says, “the risk posed by chatbot-generated malware remains relatively low at this time.” What’s more, Zugec adds that “the quality of malware code produced by chatbots tends to be low, making it a less attractive option for experienced malware writers who can find better examples in public code repositories.”

In other words, while barboris may have been able to put together a virus using ChatGPT despite their limited hacking knowledge, a more experienced coder would likely get better results and more effective malware from public repositories and their own honed skills.

Still, clearly it is possible for inexperienced hackers to code up working viruses with little more than ChatGPT, a handful of effective prompts, and plenty of patience. This is something we’ll have to keep a close eye on over the coming years.

You might also like

• Mac security threats on the rise like never before — these are the risks you need to watch out for
• Apple’s tweaked a security feature in macOS Sequoia - and not everyone’s going to be happy about this
• This dangerous new Mac malware is being spread by Google Ads

• Some Windows 11 testers found Recall didn’t work at all
• Microsoft has explained this is due to a bug caused by an optional update
• That optional update causes issues with the Dev build Recall is in, but there’s no fix for those affected

Some of the Windows 11 testers trying out the Recall feature (which recently went live for Windows Insiders) ran into a baffling issue where it didn’t work at all, and Microsoft has just explained the problem – but failed to provide a fix for those affected.

As we saw last week, after Recall was finally deployed in the Dev channel for Windows 11, it was immediately hit by some bugs. Indeed, some testers complained that it refused to save any snapshots at all (those being the regular screenshots Recall takes to facilitate its AI-supercharged search functionality).

According to an update on Microsoft’s blog post for the preview build in question, the glitch happens to Windows 11 users who first install patch KB5046740 – which is the preview update for November – and then go on to install build 26120.2415.

Essentially, something in the KB5046740 optional update for Windows 11 clashes with the Dev channel build, and throws a serious spanner in the works for Recall.

Microsoft’s advice is: “We recommend you not install this preview update before joining the Dev channel until we fix the issue in a future update.”

Analysis: Already in this pickle? You’re out of luck, it seems

Of course, Microsoft doesn’t tell us what to do if you’re already in this pickle, and you’ve installed the preview update before deciding to join the Dev channel in order to test Recall. So, we can only presume that you’re going to need to reinstall Windows 11 to fix this (or just put up with Recall not working – and maybe never working, going forward with Dev test builds).

Recall is, of course, a feature for Copilot+ PCs only – and just Arm-based Snapdragon devices to begin with, too – so there will be a limited pool of testers anyway. And an even smaller subset who went this route before installing the Dev build.

Even so, that’s still a bunch of users who are left in the lurch, but such are the perils of being a Windows 11 tester. Especially in the earlier testing channels, Canary and Dev, where the changes brought in are fresher and more likely to suffer from bugs.

Via The Register

You might also like...

• Can’t upgrade your PC to Windows 11? Buy a new one, is Microsoft’s laughable solution
• I've been using Google Search for 25 years and AI overview is the one thing that could ruin it for me
• Don’t make these 5 big mistakes when using Windows 11

• Mac users need to stop believing that macOS is safer than Windows
• Generative AI has helped non-coders to create their own malware
• Social engineering continues to be the most common attack method

Cybersecurity experts from Moonlock are warning of the increasing prevalence of sophisticated macOS malware created with the help of generative AI.

In its 2024 Threat Report, Moonlock explored how publicly available tools like ChatGPT have enabled hackers to work around the technical barriers they were previously subject to in order to create malicious software more quickly.

The research found screenshots posted to darknet forums showing hackers using artificial intelligence to guide them through the development of Mac-bound malware step by step.

AI is helping to build macOS malware

Among the examples given was a case involving Russian-speaking threat actor ‘barboris,’ who admitted to building macOS malware without any prior coding experience thanks to generative AI. With natural language prompts, barboris was able to create an infostealer capable of targeting Keychain credentials and cryptocurrency wallet information.

The reported summarizes: “The barrier to entry is lower than ever, and AI has become a new ally for cybercriminals seeking to launch macOS-focused campaigns.”

Moonlock explains that the rise of malware-as-a-service (MaaS) has also made macOS malware more accessible than ever. Cheapening MaaS options are lowering the barriers for attackers and making macOS malware more common that it used to be.

The researchers claim that the rise of MaaS has made cybercrime into a collaborative effort, creating new roles for creators and distributors.

Previously, Apple’s desktop operating system was favored over its Windows counterpart for being less susceptible to cyberattacks, however the researchers explained that the notion that macOS is still as safe is now a dated one.

Users are being advised to treat macOS as they would any other operating system or internet-connected device, by keeping software updated with security patches, only downloading apps from trusted sources such as the Mac App Store, and installing renowned third-party security tools.

However, while the threat environment may be shifting, social engineering remains the most common way of forcing entry, and all users should be wear of handing out sensitive information unless it is absolutely necessary.

"We expect a surge in the variety of stealers targeting macOS in 2025," noted Mykhailo Pazyniuk, Malware Research Engineer at Moonlock. "During 2024 we've observed different threat actors trying to bypass Apple’s protection mechanisms, emphasizing on users as the weakest link in this attack chain. Therefore, threat actors haven’t bothered much with finding exploits in macOS itself just yet."

"One thing is certain – since many stealers eventually did their job and managed to exfiltrate sensitive user data and their crypto assets, the market of MaaS and macOS exploits will continue to grow in 2025, possibly offering more ways to stay undetected for antivirus software," Pazyniuk said.

You might also like

• We’ve listed the best antivirus software for Mac and for PC
• Downloaded something dodgy? Consider the best malware removal
• Apple says Mac users are being targeted by dangerous zero-day attacks, so update now

• A cross-scripting bug plaguing Cisco's Adaptive Security Appliance is being actively exploited, the company warns
• The flaw was first discovered a decade ago
• CISA added it to KEV, and warned federal agencies to patch

Cisco has updated a decade-old advisory to warn users that the ancient vulnerability is now being actively exploited in the wild to spread malware.

Spotted by The Hacker News, the advisory is for a cross-site scripting (XSS) vulnerability affecting the WebVPN login page for the Cisco Adaptive Security Appliance (ASA) Software.

The vulnerability was spotted in 2014, and has since been tracked as CVE-2014-2120. It has a severity score of 6.1 (medium), and allows threat actors to remotely inject arbitrary web script or HTML via an unspecified parameter.

A surge in abuse

"An attacker could exploit this vulnerability by convincing a user to access a malicious link," Cisco said at the time.

Earlier this week, however, the company updated the advisory, saying it observed “additional attempted exploitation" of the bug in the wild.

The discovery has also prompted the US Cybersecurity and Infrastructure Agency (CISA) to add the bug to its Known Exploited Vulnerabilities (KEV) catalog. Federal agencies and adjacent organizations have a three-week deadline to patch the software, or stop using it altogether. CISA added the bug on November 12, meaning that the deadline for patching was December 3.

If you are using Cisco’s ASA, it would be wise to patch the software up without hesitation. Cybercriminals are known to take advantage of age-old vulnerabilities, since they already have working exploits and can easily be abused.

For example, late in 2023, news broke of threat actors abusing a six-year-old flaw in Microsoft’s Excel to deliver an information-stealing piece of malware called Agent Tesla. Also, in 2020, it was found that crooks were using a three-year-old Office bug to target businesses in the real estate, entertainment and banking industries in both Hong Kong and North America.

Some researchers would argue that old vulnerabilities are more dangerous than zero-day ones, since the practice is already established. However, these vulnerabilities are also easiest to address, by simply keeping the software up to date.

Via The Hacker News

You might also like

• Microsoft takes down hundreds of malicious websites used in phishing scams
• Here's a list of the best firewalls today
• These are the best endpoint protection tools right now

The Samsung Galaxy S25 Ultra will probably be sold in seven different shades, as not only is that the number of colors that the Samsung Galaxy S24 Ultra is available in, but that many colors have also already leaked.

As such, we have a good idea of what colors you’ll be able to get the Samsung Galaxy S25 Ultra in, and we’ve even seen apparently leaked images of many of the possible shades.

You’ll find full details of these colors below, along with accompanying imagery where available, and we’ll be updating this article whenever we hear more.

Titanium Blue

Let’s start with one of the most interesting rumored Samsung Galaxy S25 Ultra colors, namely Titanium Blue.

This has been mentioned by name in a leak from Ross Young, who has a strong track record for smartphone leaks.

But that’s not all, as leaker @UniverseIce has also mentioned a blue shade, and leaked images of Samsung Galaxy S25 Ultra SIM card trays also include a blue one, which you can see above.

So between all that it’s looking very likely that a blue or Titanium Blue model will be offered, and we’d be happy to see it, as blue is a bit less common than some of the colors we’ve heard about – though it is a shade you can get the Samsung Galaxy S24 Ultra in, as also pictured above.

Titanium Silver

Now we come to one of the less interesting shades, in the form of Titanium Silver, which has also been mentioned by Ross Young, and appeared in a leaked SIM card tray image, pictured above.

Since this hasn’t been mentioned by quite as many sources as some other colors we’re less sure of this one. But with two sources having seemingly leaked it there’s still a good chance it will happen.

And while we’ve said it’s less interesting – simply because silver is such a common smartphone color – it’s undeniably a color that can look good. It’s also not a color you can get the Samsung Galaxy S24 Ultra in, so it’s a bit different from last year’s options at least.

Samsung has sold silver phones before though, such as the Samsung Galaxy S21 Ultra in Phantom Silver, pictured above.

Titanium Gray / Titanium Gold

Next up there’s Titanium Gray, or perhaps Titanium Gold. We’re not certain what this will be called as while Ross Young has mentioned a Titanium Gray option, a leaked SIM card tray image (shown above) looks more gold, and leaker @UniverseIce has referred to one of the colors simply as ‘Titanium.’

But we suspect all three of these are one and the same, since the Samsung Galaxy S24 Ultra in Titanium Gray (pictured above) also has a hint of gold in it, and since titanium itself is a silvery-gray metal. Of the three, our best guess is that it will be called Titanium Gray.

Titanium Black

Titanium Black could be a classic shade, with versions of black proving extremely popular smartphone colors. This shade is another that has been mentioned by Ross Young, and a black option has also been mentioned by @UniverseIce.

On top of that, we’ve seen a leaked SIM card tray image for the phone in black, and even a leaked Samsung Galaxy S25 Ultra render in black. So we think it’s extremely likely this will be offered, and if it is, then it might look like the Titanium Black Samsung Galaxy S24 Ultra, which you can also see above.

Titanium Jade Green

The four colors above will reportedly be sold in numerous stores, but Samsung usually makes some shades exclusive to its online store, and Titanium Jade Green could be one of these according to Ross Young, while @UniverseIce has simply mentioned a ‘green’ shade.

This sounds like an unusual color for a phone, but it’s likely to be similar to ones Samsung has offered before. We expect it will be close to the Jade Green Samsung Galaxy S24 and the Titanium Green Samsung Galaxy S24 Ultra, both pictured above. However, we haven’t seen any leaked imagery of this yet, so we can’t be certain.

Titanium Pink Gold

Titanium Pink Gold could be another Samsung store-exclusive according to Ross Young, and while we haven’t seen any pictures of this, it could look like the Pink Gold color scheme on the Samsung Galaxy S22, pictured above.

This sort of shade is a popular choice for phones, so it would make sense for Samsung to offer it. But so far this color has only been mentioned in one leak, so we’d take it with a pinch of salt.

Titanium Blue/Black

Finally there’s Titanium Blue/Black, which was also mentioned by Ross Young and which we take to mean a bluey black of some kind.

This could prove one of the more unusual and interesting options, though with both Titanium Blue and Titanium Black probably also being sold, it might not look drastically different to some other Samsung Galaxy S25 Ultra colors.

In any case, this is another one that we haven’t seen, and that has only been mentioned by one source, so we’d take it with a pinch of salt. And if it is offered, it will probably be exclusive to Samsung’s online store according to Young.

You might also like

• Samsung Galaxy S25 Ultra – 5 of the biggest expected upgrades
• Samsung Galaxy S25 specs: all the key rumored specs for every model
• Samsung Galaxy S25 price rumors: how much is the S25 line likely to cost?

• Security pros from Fortra spot new phishing campaign abusing two Cloudflare domains
• Pages, and Workers, are being used to bypass email protections and redirect people to phishing pages
• The activity has risen significantly this year

Cybercriminals are abusing two Cloudflare domains to facilitate phishing attacks and push malware to their victims, researchers have claimed.

New research from cybersecurity experts Fortra claims the trend is on the rise, especially compared to 2023.

The domains, called ‘pages.dev’ and ‘workers.dev”, are used to deploy web pages and serverless computing, and given Cloudflare’s good standing in the general public’s eye, allow the crooks to bypass different endpoint protection tools and successfully compromise their targets.

A surge in abuse

Pages is a free platform where front-end developers can deploy and host static websites, or JAMstack applications, directly from their Git repository, and into Cloudflare’s Content Delivery Network (CDN).

Workers, on the other hand is a serverless platform for deploying and running JavaScript, TypeScript, or Rust code at the edge to build scalable and performant applications.

Crooks, however, use it to host intermediary phishing pages that redirect victims towards actually malicious sites. The attack starts with the usual phishing email, urging the victim to address a problem immediately. The email either carries a .PDF file, or a link in the body itself. However, since the link is towards Cloudflare’s domains, most email security solutions don’t flag it as suspicious, or malicious.

Victims are also more likely to put their guard down after seeing Cloudflare’s name in the link, or the PDF file.

"Fortra's SEA team has observed a 198% increase in phishing attacks on Cloudflare Pages, rising from 460 incidents in 2023 to 1,370 incidents as of mid-October 2024," the company said in its report. "With an average of approximately 137 incidents per month, the total volume of attacks is expected to surpass 1,600 by year-end, representing a projected year-over-year increase of 257%."

Workers aren’t faring much better, either. “We have witnessed a 104% surge in phishing attacks on this platform, climbing from 2,447 incidents in 2023 to 4,999 incidents year-to-date," the researchers added.

"Currently averaging 499 incidents per month, the total volume is expected to reach almost 6,000 by year-end, reflecting a projected 145% increase compared to the previous year."

All phishing starts the same way - with an email message demanding urgent attention. It can be a pending invoice, a returning parcel, a security alert, or a time-sensitive giveaway. This fear of missing out, or worsening things, makes victims spring into action without considering what they’re doing. As a result, they often share their login credentials with the attackers, install malware on their computers, or even share banking and other finance data.

The best way to defend against phishing is to use common sense, and be careful when reading emails and opening attachments, even if they’re coming from seemingly reputable sources such as Cloudflare.

Via BleepingComputer

You might also like

• Microsoft takes down hundreds of malicious websites used in phishing scams
• Here's a list of the best firewalls today
• These are the best endpoint protection tools right now

• Intel has revealed XeSS 2 which follows in the footsteps of DLSS
• It’s split into XeSS Frame Generation and XeSS Super Resolution
• There’s also Xe Low Latency to combat input lag, much like Nvidia Reflex

Intel has just unveiled new Battlemage desktop GPUs, and alongside those graphics cards comes a fresh version of XeSS, its upscaling tech to rival Nvidia DLSS and AMD FSR.

Yes, XeSS 2 is here, and Intel is making some big changes with the technology in this sequel. In fact, XeSS 2 is being split into two core components: XeSS Frame Generation and XeSS Super Resolution.

In other words, this is going the same route as Nvidia, when with DLSS 3, Team Green brought in frame generation – which means artificially inserting extra frames into the game, to make it smoother. It’s a separate technology to the actual upscaling component of DLSS 3, and so this is what Intel has done – split XeSS into Super Resolution (upscaling) and Frame Generation (extra frames generated to bolster the frame rate).

On top of that, Intel is introducing Xe Low Latency, which is essentially equivalent to Nvidia Reflex – a complementary tech to reduce input lag which helps to smooth over the lag wrinkles that are a side effect of frame generation.

In terms of support, only Intel’s Alchemist and Battlemage GPUs will get XeSS 2 – not any third-party GPUs – and on the games side, developers will need to code in support for all these new technologies (including frame generation, and low latency). However, we’ve also seen mentions of manually enabling low latency (at the driver level), so we’ll have to see how that shakes out.

On top of this, Intel has deployed a new control panel for its Arc GPUs which will simply be called ‘Intel Graphics Software’ (in much the same vein as Team Green’s new and renamed Nvidia App).

This is billed as an ‘all-in-one hub’ for all your Arc GPU needs, from updating drivers to game optimization, enabling Intel’s tech such as low latency mode, changing display options, monitoring performance (frame rates and GPU status), along with controls for overclocking.

Hat tip to VideoCardz for picking up on both of these developments.

Analysis: Keeping pace with upscaling – the future of gaming

There are some major changes here, as we noted at the outset, and aside from all the new tech – implemented very much along the lines of DLSS – there’s also that switch in support for GPUs. Previously XeSS allowed AMD and Nvidia GPUs (or some of them) to use and benefit from the tech, but that’s no longer the case due to frame generation requiring Intel’s own hardware (XMX AI Engines).

Team Blue might work around that in the future, but for now, XeSS 2 will be for Intel Arc graphics cards only.

It’s not really surprising to see Intel moving in the same direction as Nvidia – after all, DLSS is very much regarded as the killer solution for boosting frame rates. What’s good to see with Team Blue is that XeSS 2 also allows for frame generation with older Alchemist graphics cards, whereas with DLSS 3, only RTX 4000 – the very newest Nvidia GPUs – get the frame generation component. (RTX 3000 graphics cards support everything else in DLSS 3, to be fair, including ray reconstruction – but not frame generation).

If Intel is to stay competitive in the GPU space, it’s certainly important that it keeps XeSS up to speed, as upscaling is regarded as a core piece of the future of gaming. More and more games are relying on such technology to achieve smooth frame rates, particularly at the likes of 4K resolution (or its upscaled equivalent, we should say).

We’re seeing upscaling become a key part of consoles – witness the PlayStation Pro 5 with PSSR – and on PCs, what’ll make it even more prevalent is Microsoft’s move with DirectSR, an effort to make it much easier for game developers to use XeSS, DLSS and FSR in their games.

You might also like

• What is a graphics card? Here's everything you need to know
• Intel Arc GPUs aren't doomed – but can Battlemage really save them?
• Want a great gaming PC? Look no further