The Berlin Bassline Brief logo

The Berlin Bassline Brief

Archives
Log in
Subscribe
July 2, 2026

Berlin Bassline Brief #8: Fable-ulous, GLM 5.2, macOS infostealer sneakiness, papers mild and spicy, MASTG 2.0, mic control

Berlin Bassline Brief #8: OWASP Global AppSec EU, Fable's return, GLM 5.2 vs Opus 4.8 benchmarks, a prompt-injecting macOS infostealer, papers mild and spicy, MASTG 2.0, and Apple's mic disconnect.

"Vienna was the city of statues. They were as numerous as the people who walked the streets. They stood on the top of the highest towers, lay down on stone tombs, sat on horseback, kneeled, prayed, fought animals and wars, danced, drank wine and read books made of stone."

Vienna was hot, but OWASP Global AppSec EU 2026 was amazing – so many new or major updates of verification standards. Thanks for meeting the moment!

Mythos drama update:

Fable is back again, and with somewhat less ambiguous behavior when a guardrail is hit. I guess it wasn't a security threat after all? Or it was, but that isn't very important? I'm shocked, shocked to find that incoherence is going on in this export control rationale.

Security, General:

I've heard this from many quarters recently and I look forward to trying it out myself, but here is a link to Semgrep's post and benchmark showing that the published-weights model GLM 5.2 does better than Opus 4.8 at detection of a specific vulnerability class with just a prompt: https://semgrep.dev/blog/2026/we-have-mythos-at-home-glm-52-beats-claude-in-our-cyber-benchmarks/

Security, Apple Platforms:

macOS malware (a Rust infostealer) which spams fake system failure messages in order to confuse LLM-enabled triage tooling:
https://www.sentinelone.com/labs/macos-gaslight-rust-backdoor-turns-prompt-injection-on-the-analyst-not-the-sandbox/

Interesting Papers:

A nice, non-spicy one on a major upcoming topic in the EU (and those who do software business here): "Semantic frameworks to support implementation of the EU AI Act" by Delaram Golpayegani, Harshvardhan J. Pandit, Declan O’Sullivan and Dave Lewis: https://www.sciencedirect.com/science/article/pii/S2212473X26000568?via%3Dihub

and because we also need some spice in our week, a bonus spicy paper, "Tool Use Enables Undetectable Steganography in Multi-Agent LLM Systems" by Jimmy Laurence Rippin, Simon C. Marshall, David Demitri Africa, and Christian Schroeder de Witt, featuring both deception and collusion: https://arxiv.org/html/2606.28425v1

Interesting Tool:

The interesting tool for an Apple Platforms AppSec-er such as myself this week has to be version 2.0 of the OWASP Mobile Application Security Testing Guide (MASTG). I've been cheating for the last 6 months by ingesting these new tests and related docs into my own assessment tooling right out of the repo, and it's great to see it ship!

GitHub - OWASP/mastg: The OWASP Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes technical processes for verifying the OWASP Mobile Security Weakness Enumeration (MASWE) weaknesses, which are in alignment with the OWASP MASVS. · GitHub

The OWASP Mobile Application Security Testing Guide (MASTG) is a comprehensive manual for mobile app security testing and reverse engineering. It describes technical processes for verifying the OWA...

Apple Platforms Security Concept of the Week, cool old features edition:

Hardware microphone disconnect: https://support.apple.com/guide/security/hardware-microphone-disconnect-secbbd20b00b/web




The Berlin Bassline Brief is curated and commentated by Halle Winkler, CEH, Berlin – get in touch if you could use security consulting, fractional AppSec leadership, or team training in the area of iOS and macOS secure development.

Don't miss what's next. Subscribe to The Berlin Bassline Brief:
← Newer Berlin Bassline Brief #9: gemini-cli CI injection compromise, Hide My Email (Just Kidding), Repo crawling vuln scanner, new OWASP framework Older → Berlin Bassline Brief #7: libssh2, Fixing those Clicks, how agent skills will leak your credentials, the AISVS 1.0 attempts to make that "will" a "won't", App Attest
Halle Winkler on LinkedIn
Powered by Buttondown, the easiest way to start and grow your newsletter.