Attackers are abusing Google Ads and legitimate Claude.ai shared chats in an active malvertising campaign.
Users searching for “Claude mac download” may come across sponsored search results that list claude.ai as the target website, but lead to instructions that install malware on their Mac.
The campaign was spotted by Berk Albayrak, a security engineer at Trendyol Group, who shared his findings on LinkedIn.
Albayrak identified a Claude.ai shared chat that presents itself as an official “Claude Code on Mac” installation guide, attributed to “Apple Support.”
The chat walks users through opening Terminal and pasting a command, which silently downloads and runs malware on their Mac.
While attempting to verify Albayrak’s findings, BleepingComputer landed on a second shared Claude chat carrying out the same attack through entirely separate infrastructure.
The two chats follow an identical structure and social engineering approach but use different domains and payloads. Both chats were publicly accessible at the time of writing:
The base64 instructions shown in the shared Claude chat download an encoded shell script from domains such as:
The ‘loader.sh’ (served by the second link above) is another set of Gunzip-compressed shell instructions:
This compressed shell script runs entirely in memory, leaving little obvious trace on disk.
BleepingComputer observed the server serving a uniquely obfuscated version of the payload on each request (a technique known as polymorphic delivery), making it harder for security tools to flag the download based on a known hash or signature.
The variant BleepingComputer identified starts by checking whether the machine has Russian or CIS-region keyboard input sources configured. If it does, the script exits without doing anything, sending a quiet cis_blocked status ping to the attacker’s server on its way out. Only machines that pass this check get the next stage:
Before proceeding further, the script also collects the victim’s external IP address, hostname, OS version, and keyboard locale, sending all of it back to the attacker. This kind of victim profiling before payload delivery suggests the operators are being selective about who they target.
The script then pulls down a second-stage payload and runs it through osascript, macOS’s built-in scripting engine. This gives the attacker remote code execution without ever dropping a traditional application or binary.
The variant identified by Albayrak, however, appears to skip the profiling steps. It goes straight to execution.
It harvests browser credentials, cookies, and macOS Keychain contents, packages them up, and exfiltrates them to the attacker’s server. Albayrak identified this as a variant of the MacSync macOS infostealer:
The briskinternet[.]com domain shown above in the variant identified by Albayrak appeared to be down at the time of writing.
Malvertising has become a recurring delivery mechanism for malware.
BleepingComputer has previously reported on similar campaigns targeting users searching for software like GIMP, where a convincing Google ad would list a legitimate-looking domain but take visitors to a lookalike phishing site instead.
This campaign flips that, as there is no fake domain to spot.
Both Google ads seen here point to Anthropic’s real domain, claude.ai, since the attackers are hosting their malicious instructions inside Claude’s own shared chat feature. The destination URL in the ad is genuine.
It is not, however, the first time that attackers have abused AI platform shared chats this way. In December, BleepingComputer reported a similar campaign targeting ChatGPT and Grok users.
Users should navigate directly to claude.ai for downloading the native Claude app, rather than clicking sponsored search results. The legitimate Claude Code CLI is available through Anthropic’s official documentation and does not require pasting commands from a chat interface.
It is good practice to generally treat any instructions asking you to paste terminal commands with caution, regardless of where those instructions appear to come from.
BleepingComputer reached out to Anthropic and Google for comment prior to publishing.
AI chained four zero-days into one exploit that bypassed both renderer and OS sandboxes. A wave of new exploits is coming.
At the Autonomous Validation Summit (May 12 & 14), see how autonomous, context-rich validation finds what’s exploitable, proves controls hold, and closes the remediation loop.
There’s another type of digital scam to be aware of, as per the BBC. It’s called “reservation hijacking.”
The name gives you a clue as to how it works. Essentially, scammers use details about a booking you’ve placed (perhaps with a hotel or airline) to trick you into sending money somewhere you shouldn’t.
While this type of scam isn’t brand new, a recent data breach at Booking.com has raised the risk of people being caught out. With data about you and your reservation, a far more convincing setup can be put in place—why wouldn’t you believe that someone purporting to be an employee from a spa you’ve got a reservation with is telling the truth about who they are, especially if they know the dates of your trip, your phone number, and your email address?
According to Booking.com, no financial information was exposed in the April 2026 hack. However, names, email addresses, phone numbers, and booking details have been leaked. The travel portal says affected customers have been emailed about the heightened risk of scams, so that’s the first thing to check for when it comes to staying safe.
Minimizing the risk of getting scammed by a reservation hijack involves many of the same security precautions you may already be following, and just being aware that this is a way you might be targeted will make a difference.
We’ve already outlined the basics of a reservation hijack, but it can take several forms. As with other types of scams, it tends to evolve over time. The basic premise is that someone will get in touch with you claiming to be from a place you have a reservation with, whether it’s a car rental company or a hotel.
The scammers will try to pull together as much information as they can on you and your booking. Sometimes they’ll target employees of the place you’ve got the reservation with in order to get access to their systems, and other times they may take advantage of a wider data breach (as with the recent Booking.com hack).
They might also get information through other means. Maybe they’ve somehow got access to your email, or to some of your social media posts (where you’ve shared your next vacation destination and a countdown of how many days are left to go). Don’t be caught out if you find yourself speaking to someone who knows a lot about your travel plans.
An anonymous reader shared this report from Electrek:
A newly revealed Honda patent shows the company developing a simulated electronic clutch system for electric motorcycles, complete with torque-boost launches and even haptic feedback designed to mimic the feel of a combustion engine…. Instead of using a traditional mechanical clutch, the system uses electronics to alter how the motor responds based on clutch lever position. Pull the clutch halfway in, and the system proportionally reduces motor output. Pull it fully, and power is cut entirely, regardless of throttle position.
But the more interesting part is how Honda intends to recreate the behavior riders actually use clutches for. According to the patent as reported by AMCN, riders could preload the throttle while holding in the clutch lever, then rapidly release the lever to trigger a burst of torque — essentially simulating the hard launches motocross riders rely on with gas bikes. Honda believes that could be useful in competitive riding situations where precise power modulation matters, especially on loose terrain or during aggressive starts.
Honda also appears to be working on recreating the feel of a gas bike, not just the control inputs. The patent describes multiple vibration motors placed in the handlebars and near the clutch lever to provide haptic feedback that simulates engine vibration and even the “bite point” sensation of a clutch engaging. In other words, Honda may be trying to make an electric dirt bike feel mechanically alive, or at least the old-school idea of what a breathing dirt bike used to feel like.
When photography enthusiasts begin shopping for action cameras, the latest models with all of their bells and whistles typically receive all of the attention. These newer models have fancy resolutions and tons of sensors, but after months of putting the DJI Osmo Action 4 Essential Combo, priced at $198.99 (was $299), through its paces, hiking, bicycling, and even taking it underwater, users have surprisingly come to dub it the most undervalued action cam around.
It handles difficult terrain and quick moves with ease, keeping the film as steady as a rock thanks to its internal stabilizer. Getting pro-quality footage without having to deal with extra equipment and software is a huge plus, and 4K at 120 frames per second in slow-motion is just the icing on the cake. You also get a larger 1.3 inch sensor, which lets in more light and allows you to take stunning images in low light or dense forest.
Sale
The battery lasts longer than expected, making it ideal for all-day shots, especially on frigid days when other cameras start to droop. The Essential Combo pack includes the main body, a replacement battery, and a quick-release frame that fits into any standard mount, which is really good value for the price.
The D-Log mode provides 10-bit color depth and allows editors to experiment with tones while maintaining quality. The 4:3 aspect ratio allows you to easily upload some amazing tall vertical movies from social media, and the bitrate is sufficient to maintain those fine textures looking great in grass, water, or cloth, often exceeding newer models in real-world use. It also effortlessly pairs with DJI mics, allowing you to capture high-quality audio without much fuss.
It has a water resistance rating of 18 meters on its own and 60 meters with the extra case, so you can go for a splash or dive with complete confidence. The magnetic clip mechanism allows you to swiftly attach and detach from handlebars, chest straps, and helmets. Yes, there is no built-in storage, but most folks will have an SD card lying around somewhere.
When Apple unveils its next macOS at WWDC 2026, a new report says that it will have a slightly redesigned Liquid Glass interface, though really just the same design iterations the company has always done.
Liquid Glass has had vocal critics, but just as with every version of macOS before, Apple is going to refine and mildly redesign it each year. According to Bloomberg, this year’s revision is chiefly concerned with the appearance of different Mac elements with Liquid Glass.
Specifically, the “slight redesign” is to concentrate on improving various readability issues. Where those have arisen so far, it’s been in Liquid Glass’s transparency and shadow effects, so presumably that is what Apple will work on.
This is the same thing Apple does after every significant redesign, starting with the toning down of the Aqua interface in the first years of Mac OS X. It was perhaps most noticeable with iOS 7 which debuted a very flat design that over the next years was slowly improved and clarified.
Speaking of iOS, though, the report also says that Apple’s work on the next version of this will include a benefit for macOS 27. Apple is said to be working to have tabs in Safari automatically organize themselves, as can already be done in rival browsers.
Tab Groups is definitely an area that needs attention, and not only because elements of it are better on other browsers. Many years ago, Apple added an option to Shortcuts on the Mac that was supposed to let users switch automatically between Tab Groups, but to this day the Shortcut action fails with an “internal error.”
It does work perfectly on iOS and iPadOS, though, so hopes that improvements on those platforms will come to the Mac as well could yet be wishful thinking.
Looking for the most recent Strands answer? Click here for our daily Strands hints, as well as our daily answers and hints for The New York Times Mini Crossword, Wordle, Connections and Connections: Sports Edition puzzles.
Some really old-timey words appear in today’s NYT Strands puzzle. I found a few of the answers difficult to unscramble, so if you need hints and answers, read on.
I go into depth about the rules for Strands in this story.
If you’re looking for today’s Wordle, Connections and Mini Crossword answers, you can visit CNET’s NYT puzzle hints page.
Read more: NYT Connections Turns 1: These Are the 5 Toughest Puzzles So Far
Today’s Strands theme is: A nice medley
If that doesn’t help you, here’s a clue: This and that.
Your goal is to find hidden words that fit the puzzle’s theme. If you’re stuck, find any words you can. Every time you find three words of four letters or more, Strands will reveal one of the theme words. These are the words I used to get those hints, but any words of four or more letters that you find will work:
These are the answers that tie into the theme. The goal of the puzzle is to find them all, including the spangram, a theme word that reaches from one side of the puzzle to the other. When you have all of them (I originally thought there were always eight but learned that the number can vary), every letter on the board will be used. Here are the nonspangram answers:
The completed NYT Strands puzzle for May 11, 2026.
Today’s Strands spangram is ODDSANDENDS. To find it, look for the O that is five letters down on the far-left vertical row, and wind across.
The idea of using cardboard for a sloppy PC case isn’t new; it’s a time-honored tradition dating back to at least the 1990s. That said, with today’s CNC cutters and other advanced tooling available to hobbyists, you might be curious to see how far you can push the concept. As demonstrated in a recent video by [mryeester], the answer appears to be that good planning and a solid understanding of cardboard’s limitations are as essential as ever.
After having the PC case drawn up in CAD and cut on a professional CNC cutter by a buddy who makes commercial cardboard displays, the installation procedure for the PC components showed where a bit of foresight could have saved a lot of time and effort.
The first problem was that the GPU couldn’t be installed due to wrong measurements on where the IO bracket normally is screwed into the case. Some cardboard cutting later, the GPU slid into place, but of course, there’s no way to screw it down, putting the full weight on the PCIe slot of the mainboard. Fortunately, the mainboard was quite literally bolted into place, and the case consists of multiple layers of corrugated cardboard to add some rigidity.
Next was more carving as the PSU cut-out was designed for an SFX PSU, not an ATX one. After that ordeal, one could say that perhaps a nice thing about a cardboard case is that you get to pick where buttons are located, though this comes with its own logistical issues.
Finally, mounting side panels turned into another chore, with perhaps some engineering possible to make it work better. For example, we recently looked at making cardboard hinges that would look pretty good on a cardboard PC case. You can also waterproof cardboard and make it much stronger, turning a throwaway, temporary cardboard solution into something that will last for years, even with occasional exposure to moisture and a water-cooling leak. (more…)
Starting this summer, Whoop users in the US will have access to on-demand video consultations with licensed clinicians from within the fitness tracker’s app. Along with that, the wearables company also announced on Friday that it is adding support for Electronic Health Record (EHR) syncing, so members and the clinicians they connect with will be able to easily pull up their medical histories.
“Unlike traditional healthcare experiences that rely on brief, episodic snapshots, these consultations begin with a comprehensive understanding of the member’s health, powered by months of continuous data and, when available, bloodwork and medical history,” Whoop said in a press release. It hasn’t yet revealed how much this service will cost.
Whoop also announced new AI features coming to the app: My Memory, where users can customize the “personal context” that goes into their coaching, and Proactive Check-Ins, which will provide users with training and recovery recommendations based on what’s going on in their life. The announcement comes right on the heels of Google unveiling its new Fitbit Air, which, much like Whoop’s device, is a screenless fitness wearable.
On May 9th, workers at Tesla’s Fremont factory in northern California were left staring at a still production line, which is an unusual sight to say the least. Aerial images of the final cars in the outbound lot showed them lined up and ready to be picked up by their new owners, just like they used to be, though these weren’t quite like the typical batch. There were only 250 Model S cars and 100 Model X SUVs produced, all of which included the Plaid powertrain and a number of handcrafted features that set them apart.
The people waiting to take delivery of these cars were handpicked from a small list of devoted Tesla owners who had received invitations just a month before. However, none of these were ever going to be widely distributed. Each one of these vehicles is an eye-catcher, painted in a deep rich red, while the seats are pristine white with gold piping, and they even have one of those gold Tesla logos on the front. On top of that, they each have a small plaque in the dash that tells you where in the production line it came from, e.g. number 47 out of 250. It’s what happens when you open the door that’s truly remarkable, as the Signature Edition lights turn on and are fully loaded with everything included in the Premium trim.
These sold for $159,420, and before they could drive off the lot and take possession, each buyer had to make a clear pledge to hold onto the car for at least a full year. To ensure they kept their promise, Tesla has the option to buy back the car at the conclusion of this period if the owner attempts to sell it. The owners of these very unusual automobiles will then be invited to a special delivery celebration on May 12th to meet and celebrate with the other owners.
The Model S has been a staple of the lineup since its introduction in 2012, and it has remained a prominent participant for the past 14 years. And, of course, the Model X sold eleven. This may not sound like much, but it is a remarkable run for any vehicle. Selling hundreds of thousands over the years, the Model X demonstrated that electric vehicles could be top of the line for speed, range, and comfort while still being the real deal. Meanwhile, the production plant is being fully rebuilt in preparation for mass production of Optimus, Tesla’s latest humanoid robot.
[Source]
Sharp and Roku are expanding their partnership in the UK with the launch of the first Sharp Roku TV QLED. This is a new 50-inch 4K set that combines Sharp’s display tech with Roku’s streaming platform.
Available now through Currys, the new model marks the first QLED TV the two brands have released for the UK market. It looks aimed squarely at buyers wanting a simpler smart TV experience and without stepping into flagship-level pricing.
The TV pairs a 4K UHD panel with QLED (Quantum Dot) colour. This promise a brighter and more vibrant picture quality than standard LED sets. While Sharp hasn’t positioned it as a premium Mini LED competitor, the addition of QLED should give colours more punch for films, sports and streaming content.
More importantly for many users, though, the set runs on the Roku TV OS, which remains one of the cleaner and easier smart TV interfaces around. The software offers access to thousands of free and paid apps.
Alongside this, there are features like universal search, automatic updates and a customisable home screen. This home screen is refreshingly straightforward compared to some cluttered TV platforms.
Roku says the launch comes as more UK households upgrade to larger TVs and higher-quality streaming setups. “It combines premium picture performance with the award-winning simplicity people expect from Roku TVs,” said Rob Woollard, Director of Retail Partnerships at Roku UK.
The partnership itself isn’t entirely new as Sharp has released Roku-powered TVs before. However, this is the first time the collaboration has moved into QLED territory in the UK. That makes this model feel less like an entry-level streaming TV. Instead, it feels more like a step toward the mid-range market currently dominated by brands like TCL and Hisense.
The new Sharp Roku TV QLED is available now in a 50-inch size through Currys.
This week Amazon opened up its parcel shipping, fulfillment, and distribution “to businesses of all types and sizes.” Any business can now ship, store, and deliver “using the same supply chain that supports Amazon,” according to Monday’s announcement of “Amazon Supply Chain Services.”
The move sent shares of UPS and FedEx “tumbling” Monday writes GeekWire. And though both stocks bounced back as the week went on, GeekWire sees this as the latest example of Amazon “turning its internal capabilities into products and services for sale…”
“Amazon had already surpassed both carriers to become the nation’s largest parcel shipper by volume, according to parcel-analytics firm ShipMatrix.”
Initial customers include Procter & Gamble, which is using Amazon’s freight network to transport raw materials; 3M, which is using it to move products to distribution centers; Lands’ End, which is fulfilling orders across sales channels from Amazon’s warehouses; and American Eagle Outfitters, which is using Amazon’s parcel service for last-mile delivery. The service can fulfill orders placed through platforms that compete with Amazon’s own marketplace, including Walmart, Shopify, TikTok, and others… Peter Larsen, vice president of Amazon Supply Chain Services, compared the launch to the origins of Amazon’s cloud business…
In addition to putting Amazon in competition with existing players in the logistics industry, the move also raises questions about data privacy. Amazon has faced accusations of using nonpublic seller data to compete against merchants on its marketplace, which it has denied. Larsen told the Wall Street Journal that the company prohibits using supply chain customer data for its own marketplace decisions, noting that hundreds of thousands of Amazon sellers already trust the company to fulfill orders placed on rival platforms.
The article notes taht in his annual shareholder letter Amazon’s CEO “said the company is also exploring selling its custom AI chips and robotics to outside customers.”
HarrisX Poll Found 52% of Registered Voters Support the CLARITY Act
Upbit adds B3 Korean won pair as Base token gains Korea access
Weekend Open Thread: Marianne Dress
Image AI models now drive app growth, beating chatbot upgrades
NCP car park operator enters administration putting 340 UK sites at risk of closure
Ignore market noise, India’s long-term story intact, say D-Street bulls Ramesh Damani and Sunil Singhania
Politics Home Article | Starmer Enters The Danger Zone
Olivia Wilde Reacts To Viral ‘Corpse’ Comparison
Inter Milan Win Serie A Title After Victory Over Parma
La Liga: Vinicius Jr scores twice as Real Madrid win to keep Barcelona waiting for title
UAE Free Zone Deploys Blockchain IDs to Verify Registered Firms
Every word of Arne Slot’s heated rant after Manchester United win vs Liverpool
2026 NHL playoff picks: Second-round predictions, series odds, Stanley Cup bracket
Kylie Jenner and Timothee Chalamet Hold Hands in NYC Outing
BlackRock CEO Larry Fink Discusses a New Asset Class
Robinhood says Wall Street is building onchain
Post Malone Delays Tour With Jelly Roll Amid Ongoing Backlash
Serena Williams hits Met Gala in metallic dress after GLP-1 reveal
The Best Work Pants for Women in 2026
Smutty Netflix Movie Has Women Dating Hairy Beasts For Kink And Comedy
You must be logged in to post a comment Login