"Unlike typical malware that steals certificates, BaoLoader's operators are known to register legitimate businesses in Panama and Malaysia specifically to purchase valid code-signing certificates from major certificate authorities to sign their payloads. "With these certificates, their malware appears trustworthy to both users and security tools, allowing them to operate largely undetected while being dismissed as merely potentially unwanted programs (PUPs)," ReliaQuest said. The malware, once launched, abuses "node.exe" to run malicious JavaScript for reconnaissance, in-memory command execution, and backdoor access."
""Apple and Google have entered into a multi-year collaboration under which the next generation of Apple Foundation Models will be based on Google's Gemini models and cloud technology," Google said. "These models will help power future Apple Intelligence features, including a more personalized Siri coming this year." Google emphasized that Apple Intelligence will continue to run on Apple devices and Private Cloud Compute, while maintaining Apple's industry-leading privacy stand"
The internet continues to see frequent emergence of new hacks, scams, and security problems. ReliaQuest identified BaoLoader, ClickFix campaigns, and Maverick as top threats between September 1 and November 30, 2025. BaoLoader operators register legitimate businesses to obtain valid code-signing certificates from major authorities and sign payloads, making malware appear trustworthy to users and security tools and encouraging dismissals as potentially unwanted programs. The malware abuses "node.exe" to run malicious JavaScript for reconnaissance, in-memory command execution, and backdoor access, and routes command-and-control traffic through legitimate cloud services to conceal outbound activity and evade reputation-based blocking. Apple and Google entered a multi-year collaboration to base Apple Foundation Models on Google's Gemini and cloud technology to power Apple Intelligence features, including a personalized Siri, while keeping core Apple Intelligence processing on devices and Private Cloud Compute to preserve privacy.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]