"We do not lack for knowledge of what to do for our future security. The lessons of history provide plain guidance."

Since the npm project is taking actual steps on the path to not being the most tedious story in security anymore (https://github.blog/changelog/2026-06-09-upcoming-breaking-changes-for-npm-v12/) the US government has stepped up to the plate, meaning that I'm already tired of discussing the Fable withdrawal and it just happened five days ago. It feels silly giving a serious analysis of an unserious pretext; what else is there to say?

Security, General:

Aikido detects several malicious JetBrains IDE plugins which steal API keys: https://www.aikido.dev/blog/multiple-jetbrains-ide-plugins-caught-stealing-ai-keys

Security, Apple Platforms:

The idea that macOS isn't an attack target has been outdated for a while, but there has definitely been an uptick in the last couple of years. Infostealers in deceptive macOS installers from Huntress: https://www.huntress.com/blog/deceptive-installers-macos-infostealers

Interesting Paper:

The Role of Domain-Specific Features in Malware Detection: A macOS Case Study, by Biagio Montaruli, Andrea Oliveri, Savino Dambra, Davide Balzarotti, presented at the ACM Asia Conference on Computer and Communications Security: https://arxiv.org/abs/2606.03218

Interesting Tool:

iOSWorld: A Benchmark for Personally Intelligent Phone Agents from CMU: https://iosworld.io

Apple Platforms Security Concept of the Week:

Mitigate risks to agentic features (WWDC 2026): https://developer.apple.com/videos/play/wwdc2026/347/