Mac Script Editor becomes new entry point for ClickFix malware

ClickFix attacks targeting Mac users now use Script Editor instead of Terminal, a shift that sidesteps Apple's latest ...
Arabian Post

Script Editor becomes Mac malware gateway

When a victim clicks an “Execute” button, the site calls the applescript:// URL scheme, prompting the browser to open Script Editor with malicious code already filled in. That removes the need for the ...

New macOS stealer campaign uses Script Editor in ClickFix attack

A new campaign delivering the Atomic Stealer malware to macOS users abuses the Script Editor in a variation of the ClickFix ...

Mac users beware — experts say this attack stood out immediately by making a major change

ClickFix on Macs is evolving yet again and is no longer abusing Terminal.
Infosecurity Magazine

Atomic Stealer MacOS ClickFix Attack Bypasses Apple Security Warnings

OS 26.4 update introduced security warnings into Terminal to prevent ClickFix attacks, so attackers have shifted to Script ...
Mactrast

ClickFix-Style macOS Attack Abuses Applescript:// URL Scheme to Deliver Infostealer Payload

Jamf Threat Labs, a team of Mac and mobile security experts, have identified a new ClickFix-style attack that ditches the ...
Tidbits

macOS 26.4’s Script Editor Won’t Open Some Older AppleScripts

Shortly after the release of macOS 26.4 Tahoe (see “ OS 26.4 Adds AI-Generated Playlist Playground, Separates Family Sharing Purchases,” 25 March 2026), several TidBITS Talk users began reporting ...
TidBITS

#1797: OS 26.4 updates, Mac Pro discontinued, Script Editor issues in macOS 26.4, Input ...

Apple has discontinued the Mac Pro with no replacement planned. The move ends a 20-year run for Apple’s most expandable desktop, though the Mac Studio and Thunderbolt 5 have made its PCIe-based ...