The Berlin Bassline Brief logo

The Berlin Bassline Brief

Archives
Log in
Subscribe
Berlin Bassline Brief #10: Grok Build CLI repo uploading, an infostealer pretending to be a crash reporter, a paper claims LLMs aren't chaotic neutral, NIST helps with macOS, PCC
Berlin Bassline Brief #10: Grok Build CLI repo uploading, an infostealer pretending to be a crash reporter, a paper claims LLMs aren't chaotic neutral, NIST helps with macOS, PCC
July 16, 2026
“The wealth required by nature is limited and is easy to procure; but the wealth required by vain ideals extends to infinity.” Security, General: Developers...

Berlin Bassline Brief #9: gemini-cli CI injection compromise, Hide My Email (Just Kidding), Repo crawling vuln scanner, new OWASP framework
Berlin Bassline Brief #9: gemini-cli CI injection compromise, Hide My Email (Just Kidding), Repo crawling vuln scanner, new OWASP framework
July 8, 2026
Berlin Bassline Brief #9: gemini-cli hijacked via GitHub issue, Apple's Hide My Email unmasking, SCOUT vuln-detection paper, brand-new OWASP AI Maturity tool, macOS malware defenses

Berlin Bassline Brief #8: Fable-ulous, GLM 5.2, macOS infostealer sneakiness, papers mild and spicy, MASTG 2.0, mic control
Berlin Bassline Brief #8: Fable-ulous, GLM 5.2, macOS infostealer sneakiness, papers mild and spicy, MASTG 2.0, mic control
July 2, 2026
Berlin Bassline Brief #8: OWASP Global AppSec EU, Fable's return, GLM 5.2 vs Opus 4.8 benchmarks, a prompt-injecting macOS infostealer, papers mild and spicy, MASTG 2.0, and Apple's mic disconnect.

Berlin Bassline Brief #7: libssh2, Fixing those Clicks, how agent skills will leak your credentials, the AISVS 1.0 attempts to make that "will" a "won't", App Attest
Berlin Bassline Brief #7: libssh2, Fixing those Clicks, how agent skills will leak your credentials, the AISVS 1.0 attempts to make that "will" a "won't", App Attest
June 24, 2026
libssh2, a new macOS ClickFix infostealer campaign, a large-scale study on LLM skill credential leakage, the OWASP AISVS 1.0 launch, and Apple's App Attest at WWDC26

Berlin Bassline Brief #6: No more Fables, JetBrains plugin badness, macOS stealers, macOS malware detection
Berlin Bassline Brief #6: No more Fables, JetBrains plugin badness, macOS stealers, macOS malware detection
June 17, 2026
JetBrains 3rd-party plugins stealing keys, macOS infostealers in deceptive installers, domain-specific macOS malware detection research, iOSWorld benchmark, and agentic app security at WWDC 2026

Berlin Bassline Brief #5: Fables, Creepy Glasses, Apple Intelligence on Google Cloud, OWASP GenAI Security Project, Inspect Petri, TrustInsights
Berlin Bassline Brief #5: Fables, Creepy Glasses, Apple Intelligence on Google Cloud, OWASP GenAI Security Project, Inspect Petri, TrustInsights
June 10, 2026
Fable 5 arrives, Meta quietly adds and removes facial recognition, Apple expands PCC to Google Cloud, plus OWASP on agentic AI security, Inspect Petri, and Apple's new TrustInsights Framework.

Berlin Bassline Brief #4: Yes, Mythos for all, disclosure dysfunction, Apple Differential Privacy, Context & Cringe
Berlin Bassline Brief #4: Yes, Mythos for all, disclosure dysfunction, Apple Differential Privacy, Context & Cringe
June 3, 2026
Mythos general release incoming, where is the Mythos of defense, auditing Apple's differential privacy, a card game to settle the "can this data actually harm users?" argument.

Berlin Bassline Brief #3: Mythos for the many? corecrypto, deceptive LLMs, Poutine, Mach-O
Berlin Bassline Brief #3: Mythos for the many? corecrypto, deceptive LLMs, Poutine, Mach-O
May 27, 2026
Mythos coming to Claude Code? Formal verification of Apple corecrypto, LLM deception and betrayal, Poutine for CI/CD SAST, and the Mach-O file format explained.

Berlin Bassline Brief #2: Apple MIE, VMWare, NPM & Github, MTP, Alignment gap, Honeytokens
Berlin Bassline Brief #2: Apple MIE, VMWare, NPM & Github, MTP, Alignment gap, Honeytokens
May 20, 2026
"Exploring an Apple Memory Integrity Enforcement vulnerability claim, NPM and Github exploitation, language model reasoning gaps, and MTP-related updates"

Berlin Bassline Brief #1: Fragnesia, ChatGPT to the bin, RLMs, enclaves
May 14, 2026
Linux root escalation, XProtect flagging ChatGPT, Recursive Language Models, SSH key protection via Secure Enclave, Mythos finds a curl CVE, and the Secure Enclave explained.

Halle Winkler on LinkedIn
Powered by Buttondown, the easiest way to start and grow your newsletter.