#macOS

Fake Homebrew Google ad: MacSync Stealer's 3-stage zsh to Keychain via osascript

SANS ISC (2026-04-30): a fake Homebrew Google sponsored ad drops MacSync Stealer through a 225-byte zsh that fans out into 1,448- and 2,647-byte stages, fakes a 'System Preferences' osascript dialog, and ships Keychain, browser data, crypto wallets, and `.ssh` to glowmedaesthetics[.]com over plain HTTP. IoCs, detection points, and MITRE ATT&CK mapping included.

Why I Looked into Replacing lsof with a Rust-Powered 'Sniper' Button

A look at Recoil, a Tauri-based tray app that wraps lsof into a GUI for killing port-hogging processes during local development.

iTerm2 CVE-2026-41253: SSH Conductor Protocol Confusion Lets `cat readme.txt` Run Arbitrary Code

A vulnerability in iTerm2 3.6.9 and earlier where simply displaying a malicious file with cat triggers local code execution. Caused by conductor impersonation in SSH Integration, fixed in 3.7.0.

The 49.7-Day macOS Bug That Silently Kills All New TCP Connections

A 32-bit integer overflow in macOS's XNU kernel renders all new TCP connections impossible after 49.7 days of continuous uptime. Apple has not implemented the workaround defined in RFC 7323 over two decades ago.

Local isolation execution of AI agent, what is the difference between macOS sandbox-exec and Windows sandbox

Two approaches to achieve local isolated execution of AI coding agents. On macOS, Agent Safehouse uses OS-native sandbox-exec for kernel-level restrictions, and on Windows, Codex uses the VM-based Windows sandbox.

Claude Code's Cowork silently creates a 10GB VM on macOS — and 55% CPU even after deletion

Claude Code's Cowork creates a 10GB+ claudevm.bundle on macOS without warning, regenerates after deletion, pushes idle CPU to 55%, and on macOS 26.x adds vsock startup failures. Status of GitHub issue #22543 (81 thumbs up) and what users actually do to clear it.

Claude CLI Auth Breaking Silently in cron After a macOS Update

After a macOS update, tmux sessions started by cron lost access to the Keychain, causing Claude CLI batch jobs to silently fail. Diagnosing the issue, the fix, and why this is a structural macOS Keychain problem rather than a Claude CLI bug.

AMOS turns AI agents into a delivery vehicle via malicious OpenClaw SKILL.md on macOS

Trend Micro analyzed a new AMOS distribution method that targets AI agent workflows. A malicious SKILL.md on OpenClaw plants fake CLI install instructions and uses AI as the intermediary to manipulate people.

Google engineers indicted, and MuMu Player's reconnaissance commands

A week that shook trust in both people and software: three former Google engineers were indicted over alleged transfers of sensitive information to Iran, while NetEase's MuMu Player was found running 17 reconnaissance commands on macOS every 30 minutes.

Can Tauri build a multi-pane SFTP client?

I looked into whether I could build my own macOS SFTP client with Tauri. Conclusion: yes, absolutely.

Logitech Mouse Not Working on macOS? The Expired Certificate Issue with Options+/G HUB

In January 2026, Logi Options+ and G HUB stopped working on macOS due to an expired certificate. Here's how to fix it and why this happened in the first place.

Flutter Android Log Monitoring Setup on macOS

A guide to setting up a Flutter + Android emulator log monitoring environment on macOS.