High report

New XCSSET malware adds new obfuscation, persistence techniques to infect Xcode projects

Tracked since May 6, 2026
threat-report

CVSS Breakdown

CVSS Base Score
Attack Vector
N/A
Requires physical access to exploit.
CIA Impact
Confidentiality N/A
Integrity N/A
Availability N/A

Exploit Probability (EPSS)

NaN%
NaN% probability of exploitation in 30 days
This vulnerability has a relatively low exploitation probability, but should still be patched according to your standard timelines.
Low

Insurance Impact Assessment

🛡️
Significant Impact

High-severity vulnerabilities may affect cyber insurance pricing and coverage terms. Demonstrating patch management reduces underwriting friction.

Threat report published 2025-03-11T17:34:54.928Z. Types: threat-report. Microsoft Threat Intelligence has discovered a new variant of XCSSET, a sophisticated macOS malware that infects Xcode projects. This latest version features enhanced obfuscation methods, updated pers

Assess your exposure

Is your organization vulnerable? Run a free domain exposure scan to check.

Scan Your Domain → Broker Scorecard

Related Threats

CVE-2023-4153: The BAN Users plugin for WordPress is vulnerable to privilege escalation in vers
CVSS high
CVE-2023-4213: The Simplr Registration Form Plus+ plugin for WordPress is vulnerable to Insecur
CVSS high
CVE-2023-4916: The Login with phone number plugin for WordPress is vulnerable to Cross-Site Req
CVSS high
CVE-2023-36419: Azure HDInsight Apache Oozie Workflow Scheduler XXE Elevation of Privilege Vulne
CVSS high
CVE-2023-5336: The iPanorama 360 – WordPress Virtual Tour Builder plugin for WordPress is vulne
CVSS high
← Back to Threat Feed