Berlin Bassline Brief #7: libssh2, Fixing those Clicks, how agent skills will leak your credentials, the AISVS 1.0 attempts to make that "will" a "won't", App Attest
libssh2, a new macOS ClickFix infostealer campaign, a large-scale study on LLM skill credential leakage, the OWASP AISVS 1.0 launch, and Apple's App Attest at WWDC26
Berlin Bassline Brief #6: No more Fables, JetBrains plugin badness, macOS stealers, macOS malware detection
JetBrains 3rd-party plugins stealing keys, macOS infostealers in deceptive installers, domain-specific macOS malware detection research, iOSWorld benchmark, and agentic app security at WWDC 2026
Berlin Bassline Brief #5: Fables, Creepy Glasses, Apple Intelligence on Google Cloud, OWASP GenAI Security Project, Inspect Petri, TrustInsights
Fable 5 arrives, Meta quietly adds and removes facial recognition, Apple expands PCC to Google Cloud, plus OWASP on agentic AI security, Inspect Petri, and Apple's new TrustInsights Framework.
Berlin Bassline Brief #4: Yes, Mythos for all, disclosure dysfunction, Apple Differential Privacy, Context & Cringe
Mythos general release incoming, where is the Mythos of defense, auditing Apple's differential privacy, a card game to settle the "can this data actually harm users?" argument.
Berlin Bassline Brief #3: Mythos for the many? corecrypto, deceptive LLMs, Poutine, Mach-O
Mythos coming to Claude Code? Formal verification of Apple corecrypto, LLM deception and betrayal, Poutine for CI/CD SAST, and the Mach-O file format explained.
Berlin Bassline Brief #2: Apple MIE, VMWare, NPM & Github, MTP, Alignment gap, Honeytokens
"Exploring an Apple Memory Integrity Enforcement vulnerability claim, NPM and Github exploitation, language model reasoning gaps, and MTP-related updates"
Berlin Bassline Brief #1: Fragnesia, ChatGPT to the bin, RLMs, enclaves
Linux root escalation, XProtect flagging ChatGPT, Recursive Language Models, SSH key protection via Secure Enclave, Mythos finds a curl CVE, and the Secure Enclave explained.