A new attack campaign abused Obsidian’s community plugin ecosystem, turning a trusted note-taking app into a cross-platform malware-delivery platform. The operation used social engineering, synced vaults, and a weaponized Shell Commands plugin to trigger separate malware chains on Windows and macOS. Security researchers say the campaign began with a fake venture capital persona that contacted […] The post Obsidian’s Shell Commands Plugin Turned Into Universal Malware Launcher appeared first on Cyber Security News.