A new variant of XCSSET, a modular macOS malware, has been reported by Microsoft Threat Intelligence to infect Apple developers’ Xcode projects. This sophisticated attack steals and exfiltrates system and user data, presenting serious supply chain risks. The malware exhibits new infection strategies and obfuscation methods, making it hard to detect. Researchers underscore the need for real-time code scanning, advanced threat detection tools, and multi-layered security approaches to protect against such attacks.

New infosec products of the week: March 14, 2025
SimSpace’s Stack Optimizer assists companies make strategic decisions on their security investments, while Pondurance Platform 2.0 identifies data breach risks and Detectify Alfred collects threat