You're welcome

MacAdmins 2026 registration is live 🎉 Email from MacAdmins Conference Come be part of it Registration; workshops; grants and more! View this Newsletter as Webpage Registration for the 2026 MacAdmins Conference is now open! Join us July 7

🎉 Registration for MacAdmins 2026 is now open!

Workshops, sessions, and community, July 7–10 in State College, PA.

Get the details and register 👇
conta.cc/4tLwJu6

#psumac #macadmins

Screenshot of the Settings window for the Passwords app. An arrow points to the “Show Passwords in Menu Bar” setting.

Screenshots of the Passwords menu extra with a search.

New to macOS 26.4, the menu extra for the Passwords app shares its unlock state with the full app. So if you use Touch ID or your Mac password to unlock the menu extra and then go to add a new password or open an item in the full app, you won't have to authenticate again to unlock the app.

Rockies then White Sox

Photograph of a car with a squirrel inside of it, perched on the steering wheel. The car is the color of champaign at a beige convention, and the squirrel is the color of squirrels. The squirrel is holding a package of crackers in it's mouth. They are the kind like you get at a restaurant, where you get two crackers wrapped in plastic. The driver's side window is slightly cracked. This is how the squirrel got in, and how it got out. It threw the crackers out first, and then climbed out after them. Everything in this operation suggested that this was not the squirrel's first rodeo.

A closeup of the squirrel sitting on the steering wheel. The squirrel deserves a name, so we'll call her Anjeloma, and she's what you might call a winner. She is still squirrel colored. The crackers are white, and labeled "Zest." As if Anjeloma needed more zest. Squirrel, please. You can't see much of the car, but you can see smudges of grunge at the edges of the windshield, where the wipers have cast aside the debris of previous rains and pollen-falls.

The world is stupid, but I just watched a squirrel break into a car in the parking lot below me, steal a package of crackers, and escape to a nearby tree. So at least somebody is winning.

Jamf Threat Labs details GhostClaw, a macOS credential-stealing campaign using malicious GitHub repositories and AI-assisted workflows. The analysis notes GhostClaw evolving from npm-style delivery into a GitHub distribution model. www.jamf.com/blog/ghostcl...

Building an Adversarial Consensus Engine | Multi-Agent LLMs for Automated Malware Analysis Single-tool LLM analysis produces reports that look authoritative but aren't. A serial consensus pipeline catches artifacts and hallucinations at source.

If you’ve been disappointed with the results of using #LLMs for #malware analysis, you might like this. 👇
The answer we found to getting reliable LLM output grounded in verifiable facts: a serial adversarial pipeline.
#AI #security #macOS
s1.ai/advers-llm

Victor just released v1.14.0 - improvements in macho module, tighter code generation in the compiler and the new “deps” command.

Congratulations to everyone involved!

github.com/VirusTotal/y...

Especially when they reference the Jamf and OpenSource Malware blogs that attribute it properly.

Browser based ES/Mac Monitor log analyzer

- Story timelines
- Sigma rule matching
- In-depth process tree analyzer
- Much much more!

Amazing work by my coworker @txhaflaire.bsky.social

Check it out! es.decompiler.dev

#macos #malware #reverseengineering #threathunting #dfir

Ah man this got a tear out of me

GitLab Threat Intelligence Team reveals North Korean tradecraft Gain threat intelligence about North Korea’s Contagious Interview and fake IT worker campaigns and learn how GitLab disrupted their operations.

Without exaggeration, one of the most epic DPRK reports ever about.gitlab.com/blog/gitlab-...

Hello world!

#MacAdmins #MacAdmin

Some of the most popular packages on the OpenClaw official registry ClawHub are malicious
@openclaw-x.bsky.social

Welcome to my winter.

Come visit.

Apple @ Work: M.A.C.E. app is a prime example of the Mac admins community at work - 9to5Mac M.A.C.E. simplifies macOS compliance with a free GUI for the mSCP. It’s a prime example of the Mac admin community solving real IT problems.

Okay, this is friggin awesome! M.A.C.E is a great tool and I’m so proud of the work we’ve done on the #MSCP.

I’ll be honest, my compatriots do way more work than me, I’m just a tiny bit in this project. Still super cool to see here.

9to5mac.com/2026/01/24/m...

Hide your couches, Twin Cities

@craigcalcaterra.bsky.social my wife finally found them at Meijer in Toledo on her way to Michigan. They're kind of rad. Do recommend.

National Averages After First Year of Trump's Second Term

Updated the tracking sheet I made last year now that it's been a year — National Averages After First Year of Trump's Second Term docs.google.com/spreadsheets...

My daughter is a huge fan. Def worth a try.

Have you tried goodles?

#100DaysofYARA - Day 11
In looking at automatic YARA generation, yarGen-Go is a must. Just released by @cyb3rops, it is a rewrite and advancement from the original yarGen.

We'll look at the same malware from day 10; a targeted HavocC2 loader with decoy.

rule at bottom
1/5

#100DaysofYARA - Day 9
YARA looks for the header used in a .SCPT file used by BlueNoroff (DPRK) to target MacOS systems.

Script is delivered to victims disguised as a Zoom meeting launcher.
e.g. a7c7d75c33aa809c231f1b22521ae680248986c980b45aa0881e19c19b7b1892

Rule at end
1/3

I check daily....

TIL, I didn't know yr dump [macho] produced that data. Amazing!

#100DaysofYARA - day 5
The Cert Graveyard project reports and documents abuse code-signing including Apple issued certificates.

When reporting a certificate, we want to ensure Apple has all the identifiers they need to investigate and act.

Rule at end
1/7

Jamf Threat Labs observed a revamped MacSync Stealer variant delivered as a code-signed and notarized app. Unlike earlier drag-to-Terminal/ClickFix chains, it uses a more deceptive, hands-off approach. www.jamf.com/blog/macsync...

I have created a website, where you can share your sample analysis (via links or posts) and search samples for training based on tags and difficulty.

If you write analysis blogs, you can share them there.
samplepedia.cc

#100DaysofYARA - Day 3
This relates to obfusheader discussed by @RussianPanda95 and @c0ner0ne.

If the dev is going to use hard-coded strings, lets use them to our advantage.

This thread will demo Malcat's YARA features.
Rule at end of thread
1/5