What do we even say at this point?
CVE-2026-8451, a zero-day Memory Overread that watchTowr Labs identified in Citrix NetScaler appliances in March, has just been publicly disclosed with patches.
We're not done yet... speak soon... ;-)
https://t.co/MAzxLkbbsZ
🍎🌁 Big changes to user TCC.db in macOS Golden Gate! It seems that it finally got the protection it deserves.
It was moved to:
/private/var/containers/Data/ProtectedSystem/[UUID]/Data/Library/Application Support/com.apple.TCC/
You can't access it even with FDA, and likely need "com\.apple.private.security.protected-system-container" entitlement to write to it.
Apple open-sourced Darwin's #XZone allocator in libmalloc-792 late last year. #DFF Co-Founder & CTO Jonathan Levin (@Morpheus______) breaks it all down, expanded from his book Disarming Code: type isolation, the xzm_malloc() path, and walking the heap with memento(j).
https://t.co/kbbCpeLaaj
#DFFenders Blog
Been spending a lot of time with Unified Logs and discovered XProtect Behavioral Bastion events being handled by XProtectBridgeService. These all correspond to syspolicyd policy violations. Captures hash and path, very useful! Brief fun summary, more to come on this :)
🧵
New AMOS campaign details.
Attackers are using a phishing page hosted on https://t.co/Q8HpzW5rSk, tricking users into executing a malicious command in Terminal:
hxxps://api-metrics-5453[.]com/curl/3e97b0eddfddb28e10008f9348381b2665e1ad12476315b24a64808696c3347b
The bash script downloads and launches the next-stage stager: “helper”.
“helper” is a heavily obfuscated loader/dropper. It does not steal data directly, but prepares and launches the next stage (AMOS stealer + backdoor).
The rest you already know.
Infrastructure:
api-metrics-5453[.]com — first stage
prismdata48[.]com — Phishing site
solidlattice65[.]com — Phishing site
#AMOS #STEALER #macOS #malware #detection
it’s in gemini, just create it in ai studio. oh, that’s for your personal google one account. for workspace you need gemini business. no, not gemini advanced, that’s ai pro now. unless you need ai ultra. oh agents? you do that in spark actually. no, not gemini api managed agents, that’s different. for coding use jules. unless you mean the agentic ide, that’s antigravity. no, that’s the old antigravity, download the new one. actually gemini cli is being deprecated, use antigravity cli. no the flash model is smarter than the pro model. unless you need pro. if it’s video, use flow. no, flow uses veo. no, nano banana is images. actually that’s in gemini now. unless you’re in search, then it’s ai mode. no, research is notebooklm. anyway it’s all very simple.
Perhaps I'm out of touch. Looking at this issue on the Bun slop rewrite to Rust and its issues almost every branch mentioned is just claude/xyz or whatever tf farm/xyz is meant to be.
Sad to see really
https://t.co/A2G4ZvaQwx
Eurovision is launching a deep research called Eurofan Voice. It asks questions about how transparent the EBU should be, how concerned fans are about the contest and how fair the vote is.
https://t.co/Eyux2Q06jP
I’m at the launch to ask some questions.