Cybersecurity Brief: Fake AI Tools, Ericsson Breach, and Rising Supply Chain Attacks

In this episode, the latest cybersecurity developments highlight how threat actors continue to exploit trust in popular software and online platforms. Researchers warn about a fake CleanMyMac website distributing SHub Stealer malware to Mac users, while a malicious npm package disguised as a legitimate developer tool raises new concerns about software supply chain security. Meanwhile, Ericsson’s U.S. operations report a data breach linked to a compromised service provider, and the cybercrime group ShinyHunters claims responsibility for additional high-profile breaches. Investigators have also uncovered a scam impersonating the Claude Code website to spread malware, as Microsoft introduces a new feature to label third-party bots in Microsoft Teams meetings. Signal has confirmed targeted phishing attacks against some users, underscoring the continued importance of vigilance and strong security practices.