Click any tag below to further narrow down your results
Links
A new malware called GlassWorm has been discovered targeting macOS systems through compromised OpenVSX extensions. The attack, which involved pushing malicious updates to four extensions, aims to steal passwords, crypto-wallet data, and developer credentials. Users who downloaded the affected extensions should clean their systems and change their passwords.
The new icons introduced in Apple Creator Studio have drawn criticism for being overly simplistic and difficult to interpret. While some argue they lack clear representation of their respective apps, others appreciate their distinctiveness and aesthetic appeal. The debate centers on the shift from detailed to minimalistic designs in Apple's iconography.
The new Edge Light feature in macOS Tahoe 26.2 enhances video calls by adding a virtual ring light around the display to brighten your face in low light. It uses advanced face detection and adjusts brightness based on your environment. Edge Light is compatible with all video conferencing apps and supported on Apple Silicon Macs.
A security researcher has criticized Apple's macOS bug bounty program for significantly lowering payouts for certain vulnerabilities. Despite increasing rewards for high-profile exploits, many macOS categories now offer much smaller financial incentives, which could discourage researchers from reporting flaws.
The Guardian's engineering team switched from GitHub-hosted runners to self-hosted ones to improve build speed and reduce costs. They detail the challenges faced during the transition and the benefits gained, such as greater control over build environments and a significant drop in monthly expenses.
ZMX is a tool designed for persisting terminal sessions, allowing users to attach and detach from shell sessions without terminating them. It focuses on session management without the additional complexity of window management features found in tools like tmux. It supports multiple clients connecting to the same session and maintains the terminal state and output when re-attaching.
Datadog reports an ongoing campaign using fake GitHub repositories to trick users into installing infostealers via the ClickFix technique. The threat actor targets established software brands and has introduced a new variant called SHub Stealer v2.0, which includes advanced features like persistence and remote access.
Bonsplit is a library designed for macOS apps that allows developers to create customizable tab bars and split layouts. It supports features like smooth animations, drag-and-drop functionality, and keyboard navigation. Developers can manage tabs and panes programmatically, making it easy to integrate into their applications.
A malware campaign is using fake guides for OpenAI's Atlas browser to lure macOS users into downloading an infostealer named AMOS. Victims are tricked into executing a malicious command that harvests sensitive data and installs a backdoor for remote access. Basic cybersecurity practices can help prevent these attacks.
MacPersistenceChecker is a macOS app that identifies all items set to run automatically on your system. It helps detect malware and unwanted software by scoring each persistence mechanism based on risk factors. Users can analyze and decide what to keep or remove.
This article breaks down the security architecture of macOS on Apple Silicon, focusing on the immutable Boot ROM and its role in establishing a Chain of Trust. It details how the Boot ROM initializes the system, loads the Low-Level Bootloader, and enforces code integrity through hardware mechanisms like the Public Key Accelerator.
The article discusses growing problems with macOS that undermine user confidence, such as silent errors and unresponsive features. It highlights frustrations over poor error reporting and the challenges of getting effective support from Apple. The author draws parallels with confidence issues in AI technologies.
This article reviews new macOS malware discovered in 2025, detailing infection methods, persistence techniques, and the functionality of each specimen. The focus is primarily on information stealers, highlighting their rise in prevalence and the tactics used to distribute them. It also provides links to malware samples for analysis.
A new campaign exploits Google search ads to direct macOS users to malicious ChatGPT and Grok conversations. These chats contain instructions that, when executed, install the AMOS infostealer malware, compromising sensitive information. Users are advised to be cautious and avoid running unknown commands.
This article explains how macOS applications are organized within a bundle structure, detailing the various directories and files that make up an app. It highlights the evolution from Classic Mac OS to macOS, including the introduction of code signatures and notarization for security. The piece also outlines the benefits of this centralized approach for installation and maintenance.
Santamon is a detection sidecar for the Santa application that evaluates macOS Endpoint Security telemetry using CEL rules. It processes detection signals locally and sends only relevant alerts to a backend server, keeping raw telemetry on the endpoint. Ideal for home labs and small fleets, it's still in an experimental stage.
The author shares their experience transitioning from Arch Linux to macOS and the challenges they faced with navigation and window management. They detail their solutions, including using a tiling window manager, custom tools, and modal editing to streamline their workflow and minimize friction.
Motionik is a tool for creating screen recordings, ideal for product demos and tutorials. It combines recording, auto-zoom, and editing features, allowing users to produce polished videos quickly without juggling multiple apps. The software supports both Mac and Windows users.
The article discusses the evolving concepts of information security, emphasizing the need for depth rather than a simple perimeter defense. It outlines practical threat modeling, the myth of perfect security, and the importance of layered defenses to protect assets like intellectual property and personal data.
This article highlights lesser-known icons in macOS Tahoe, comparing pre-Tahoe designs to the updated versions. The author reminisces about the beauty of older icons found in system applications, emphasizing their aesthetic value. A collection of these pre-Tahoe icons is showcased for appreciation.
This article explores the multitude of processes running on macOS, particularly those related to Time Machine backups. It discusses the challenges of identifying and removing unnecessary processes due to system architecture constraints, particularly the Signed System Volume and the Duet Activity Scheduler.
OpenAI has released a macOS app for Codex, its coding agent, enhancing the user interface and adding features like Skills and Automations. While current Automations can only run on a powered laptop, cloud support is on the way. The app aims to expand Codex's capabilities beyond coding to broader knowledge work tasks.
This article explains how Apple's Efficiency cores (E cores) enhance performance on Apple silicon Macs by managing background tasks without impacting user applications. It contrasts the behavior of E cores with Performance cores (P cores) and highlights the importance of Quality of Service in thread allocation.
Homebrew 5.0.0 introduces default download concurrency, promotes Linux ARM64/AArch64 to Tier 1 support, and outlines future deprecations for macOS versions. Key features include improved cask handling and updates to various commands. Users should be aware of upcoming changes affecting compatibility and support.
The article critiques the icon design in macOS Tahoe, highlighting issues such as clutter, inconsistency, and poor usability. It argues that the proliferation of icons dilutes their effectiveness, making it harder for users to navigate and understand the interface. Additionally, the piece discusses how the small size and detail of icons contribute to confusion and frustration.
Santa is a macOS binary and file access authorization system designed to monitor execution and file access, allowing users to manage binary permissions through a local database and various configuration options. It operates in MONITOR or LOCKDOWN modes, supports code signing and path-based rules, and can synchronize settings with remote servers. Santa aims to enhance security by preventing malware execution while integrating into existing defense strategies.
The article discusses the vulnerabilities associated with TCC (Transparency, Consent, and Control) on macOS, which regulates app access to sensitive user data. It highlights the misconceptions among developers regarding TCC's importance in protecting user privacy and outlines various scenarios where malware could exploit TCC bypasses.
Dayflow is a macOS app that records screen activity at 1 FPS, analyzes it every 15 minutes using AI, and generates a concise timeline of the user's activities with summaries and distraction highlights. Designed with privacy in mind, users can choose their AI provider and manage their data locally or in the cloud. The app is lightweight, open source, and aims to provide a calm and trustworthy overview of daily productivity.
North Korean hackers have been identified as the creators of NimDoor, a new malware targeting macOS users through fake Zoom updates. This malware exploits vulnerabilities to gain unauthorized access to systems, highlighting ongoing cybersecurity threats from state-sponsored hacking groups.
macOS, while generally secure due to built-in protections like Keychain, SIP, TCC, and Gatekeeper, remains a target for cybercriminals who exploit vulnerabilities. The article details these security mechanisms, common attack methods, and emphasizes the importance of monitoring and managing access to sensitive data to thwart potential threats.
macOS Tahoe introduces a new disk image format designed to enhance storage efficiency and compatibility across devices. This new format promises to simplify the management of disk images while improving performance and security features for macOS users.
The article discusses the emergence of a new macOS malware known as "AppleProcessHub," which is designed to steal user credentials and sensitive data. It highlights the tactics used by the malware, including its ability to bypass security measures and target specific applications. The piece also emphasizes the importance of user awareness and security practices to mitigate risks associated with such threats.
A new update for Sketch introduces liquid glass effects, enhancing design capabilities on macOS and iOS platforms. Additionally, the update includes improved libraries and features aimed at streamlining the design process for users.
Kali Linux can now be run in virtualized containers on macOS Sequoia using Apple's new containerization framework, specifically designed for Apple Silicon hardware. Users can easily install the container CLI and launch Kali Linux, although there are limitations regarding network access and hardware passthrough capabilities.
A workaround has been developed to download full transcripts of Apple Podcast episodes, overcoming the limitation of the macOS app that restricts copying to 200 words at a time. By using debugging tools to analyze network requests, the author explains how to extract necessary headers and tokens to access the full transcripts programmatically.
A vulnerability in macOS, identified as CVE-2025-31250, allows applications to spoof permission prompts, misleading users about which application is requesting consent. Although patched in macOS Sequoia 15.5, earlier versions such as Ventura and Sonoma remain vulnerable. The author details the discovery process and technical aspects of the vulnerability, emphasizing the implications for user security.
A security breach has exposed user data from VirtualMacOSX.com, potentially affecting numerous users who utilized the service. The compromised data includes sensitive information, raising concerns about user privacy and security measures in place. Users are advised to monitor their accounts and take necessary precautions.
LastPass has alerted macOS users about a malicious campaign using fake password managers and other software, which deliver the Atomic info-stealing malware through deceptive GitHub repositories. The campaign employs search engine optimization tactics to promote these fraudulent applications, urging users to execute potentially harmful commands that install malware on their systems. Users are advised to only download software from official sources to avoid such threats.
Somo is a user-friendly alternative to netstat for monitoring sockets and ports on Linux and macOS, offering features like filtering, sorting, and JSON output. It provides interactive capabilities to kill processes and can be installed using various package managers or built from source. The tool supports shell completions and allows customization via config files for repeated commands.
Over 300 entities have been affected by a new variant of the Atomic MacOS Stealer malware in a recent campaign. This malicious software targets MacOS systems to extract sensitive information, raising concerns about the security of Apple devices. Cybersecurity experts are advising users to remain vigilant and implement protective measures.
macOS Tahoe 26 Beta 5 has officially retired the classic Macintosh HD icon, marking a significant design update in Apple's operating system. Users can now experience a refreshed look as the new icons are integrated into the system. This change reflects Apple's continued evolution in user interface design.
The article discusses a vintage UI quirk in the Reminders app on macOS Tahoe, highlighting how certain design elements evoke nostalgia while also impacting usability. Users have noted that despite its charm, the outdated interface can pose challenges in task management. The piece emphasizes the balance between aesthetic appeal and functionality in software design.
Minikube is a tool for running a local Kubernetes cluster on macOS, and this guide demonstrates how to install and use Minikube with the rootless Podman driver on an ARM-based MacBook. It includes step-by-step instructions for installing Podman and Minikube using Homebrew, configuring the Podman machine, and starting the Minikube environment. Additionally, the article provides useful commands for managing Minikube and interacting with Kubernetes applications.
A new version of the Atomic macOS info-stealer malware has been discovered, featuring a persistent backdoor that allows attackers to maintain indefinite access to compromised systems. Analyzed by Moonlock, the malware targets macOS files and user data, exploiting phishing tactics and advanced evasion techniques to execute remote commands and survive system reboots.
The article discusses the latest updates in the macOS Tahoe 26 Beta 2, highlighting changes made to the Finder icon and other features. These modifications aim to enhance user experience and interface aesthetics in the operating system.
Microsoft has discovered a new variant of the XCSSET malware targeting macOS systems, which is being used in targeted attacks against specific individuals. This malware exploits vulnerabilities to gain unauthorized access and control over compromised devices, highlighting ongoing threats to macOS users.
Rift is a window manager for macOS that offers multiple layout styles, including tiling and binary space partitioning, along with features like a menubar icon for workspace navigation, focus follows mouse, and performant animations. It supports seamless integration with third-party applications and allows users to configure settings dynamically without needing to disable SIP, making it a versatile option for macOS users seeking enhanced window management. Currently in active development, Rift is a fork of glide-wm that utilizes private APIs for improved performance and reliability.
TrackWeight is a macOS application that turns a MacBook's Force Touch trackpad into a digital weighing scale by utilizing its pressure sensors. Users can weigh objects by maintaining finger contact on the trackpad, which allows for accurate pressure readings that are calibrated and converted into weight measurements. The application is intended for experimental use and should not replace calibrated scales for critical measurements.
The article discusses the release of macOS Tahoe 26.1 Beta 1, highlighting its integration with the new MCP (Multi-Channel Protocol) feature aimed at enhancing system performance and connectivity. Users can expect improvements in various applications and overall user experience with this beta release.
A malicious campaign is targeting macOS developers through fake Homebrew, LogMeIn, and TradingView platforms that distribute infostealing malware such as AMOS and Odyssey. The campaign uses deceptive tactics to trick users into executing harmful commands in Terminal, leading to the theft of sensitive information from their systems. Researchers identified over 85 domains involved in this scheme, which are promoted via Google Ads to appear in search results.
mac_apt is a versatile DFIR tool designed for processing Mac full disk images and live systems to extract valuable forensic data. It supports a range of image formats and includes numerous plugins for analyzing various artifacts, including web history and system logs, while also offering cross-platform functionality. The tool now features ios_apt for processing iOS images, enhancing its capabilities for digital investigations.
Nick shares his experience with signing and notarizing MacOS agents for OpenVox, detailing the challenges posed by Apple's Gatekeeper and the stringent requirements introduced in MacOS 15 Sonoma. He discusses the signing process, the importance of fully signed and notarized binaries, and the need for collaboration within the community to enhance security practices.
Unified logs provide a comprehensive view of iOS device activity, capturing up to 30 days of granular background tasks that are crucial for mobile forensics. While collecting these logs requires more effort compared to sysdiagnose logs, they can be vital for uncovering key artifacts in forensic investigations. A new open-source Python tool, UFADE, offers a way to collect these logs without a Mac, although manual collection methods are also available via the libimobiledevice toolkit.
Base is a user-friendly SQLite database editor for macOS that simplifies database management with features like a visual table editor, schema inspector, and SQL query tools. It allows users to browse, filter, and edit data effortlessly, while also supporting data import and export in various formats. The free version has limited features, with a one-time purchase required for the full version.
Jamf Threat Labs has identified a new technique where attackers use PyInstaller to bundle Python-based infostealers into Mach-O executables on macOS. This method allows malware to run without requiring a native Python installation, while employing various obfuscation tactics to evade detection. The analysis includes dynamic and static examination of these malicious binaries, revealing behaviors consistent with infostealer activity.
Dillon Franke explores using Mach IPC messages as an attack vector for finding and exploiting sandbox escapes in MacOS system daemons. He details his hybrid approach of knowledge-driven fuzzing, which combines automated fuzzing with manual reverse engineering, and shares insights on identifying vulnerabilities, specifically a type confusion issue in the coreaudiod daemon. The post includes resources for building a custom fuzzing harness and tools used throughout the research.
The article discusses upcoming changes to macOS 26, focusing on the new icon designs that will refresh the user interface. These changes aim to modernize the look and feel of the system while maintaining usability and familiarity for existing users.
MCP Snitch is a macOS application designed for security monitoring and access control of Model Context Protocol (MCP) servers, enabling users to intercept and analyze server communications. It offers features like automatic server discovery, risk assessment, granular control over tool calls, and audit logging, while leveraging AI for threat detection and response monitoring. The application supports secure key storage and compliance through detailed logging of all interactions with MCP tools.
Apple is set to rebrand its device operating systems, including iOS, macOS, and watchOS, aiming for a unified identity across its software platforms. This strategic move reflects the company's ongoing efforts to enhance user experience and strengthen brand recognition.
Container is a Swift-based tool designed for creating and running lightweight Linux containers on Mac with Apple silicon, supporting OCI-compatible images. It requires macOS 26 or later and provides features for building, running, and publishing container images, alongside detailed documentation for users and developers. Contributions to the project are encouraged as it continues to evolve towards a stable release.
The article discusses a malware issue affecting GitHub users on macOS, highlighting how this malware can compromise systems and steal sensitive information. It emphasizes the importance of maintaining security practices and being aware of potential threats when using software development tools.
Apple is set to unveil significant changes to visual design across its platforms, including iOS and macOS, during the WWDC 2025 event. The upcoming updates aim to enhance user experience and integration among devices, promising a fresh aesthetic and new functionalities. Anticipation is building as developers and users alike look forward to the innovative features that will be introduced.
Apple has launched the first public beta versions of iOS, iPadOS, macOS, and other operating systems, featuring a new Liquid Glass user interface. This update marks a significant shift in Apple's version numbering to a year-based system, although visionOS 26 will only be available through developer betas. Users should be cautious with beta testing due to potential instability and data risks.
Microsoft identified a macOS vulnerability, CVE-2025-31191, allowing attackers to escape the App Sandbox using security-scoped bookmarks without user interaction. The flaw could lead to unrestricted code execution on affected devices, enabling further malicious actions. A fix was provided by Apple in March 2025, and users are advised to apply security updates promptly.
macOS Tahoe introduces 15 stunning new screensavers that enhance the visual experience for users. These screensavers feature a variety of beautiful designs and themes, making it easy for users to customize their desktop backgrounds. Users can access and download the new screensavers through the provided link.
Microsoft has discovered a vulnerability in macOS that allows attackers to bypass TCC protections, potentially exposing sensitive user data. This flaw could enable unauthorized access to applications that are typically restricted by macOS security measures. Users are advised to update their systems to mitigate the risk associated with this vulnerability.
The article discusses a recent issue with Safari's video controls on macOS Tahoe and iOS 18, where videos appear darker when the native controls are displayed. The author, Jeff Johnson, notes that this change indicates a continued merging of iOS and macOS despite Apple's previous denial. He shares his testing experience and highlights that older versions of iOS did not exhibit this darkening effect.
macOS Tahoe introduces a refreshing design with Liquid Glass, enhanced app functionalities, and improved Apple Intelligence features for seamless productivity across devices. New capabilities include the integration of the Phone app, advanced Spotlight actions, and personalized controls, making it easier to manage tasks and communicate. The update also emphasizes user customization and accessibility enhancements, catering to various user needs.
The author shares their experience of developing and releasing a macOS application entirely built using Claude, an AI programming assistant. They discuss the challenges faced during the development process and the unique aspects of using AI for coding. The article highlights the potential of AI in streamlining software development and enhancing productivity.
Apple has replaced the traditional rsync tool in macOS with openrsync due to licensing concerns. While the legacy version of rsync is still included, users can now access openrsync, which offers similar functionality with a focus on efficiency in file transfers. Users needing the latest rsync can install it via Homebrew, though this may disrupt the integration with openrsync.
Dictly is a private, on-device dictation app for macOS, iOS, and iPadOS that processes speech into structured text without relying on the cloud. With features like customizable workflows and per-app profiles, it ensures fast and secure dictation, maintaining user privacy by keeping all data on the device. The app offers a lightweight download with offline functionality and a focus on user control over speech formatting and recognition.
The article introduces ChatGPT Atlas, a macOS application that integrates ChatGPT into web browsing, providing features like content summarization, product comparison, and interactive assistance. Users can control privacy settings, manage browsing memories, and utilize ChatGPT for various tasks seamlessly within their web experience. Currently, it's available in preview for Plus, Pro, and Business accounts.
The article discusses a GitHub project called macos-live-screensaver, which allows users to set live video streams as screensavers or lock screens on macOS. It supports YouTube live streams and direct HLS streams, providing installation instructions and troubleshooting tips for users. The project is open-source and licensed under the MIT license.
The article discusses the recent resurfacing of MacOS ROMs for the Apple Network Server, which was originally designed to run AIX. It highlights the server's complex history, its brief connection to MacOS and Windows NT, and the discovery of development ROMs that allow for running these operating systems on the ANS. The author shares personal experiences and insights from a former Apple employee regarding these rare ROMs.