The Berlin Bassline Brief logo

The Berlin Bassline Brief

Archives
Log in
Subscribe
July 8, 2026

Berlin Bassline Brief #9: gemini-cli CI injection compromise, Hide My Email (Just Kidding), Repo crawling vuln scanner, new OWASP framework

Berlin Bassline Brief #9: gemini-cli hijacked via GitHub issue, Apple's Hide My Email unmasking, SCOUT vuln-detection paper, brand-new OWASP AI Maturity tool, macOS malware defenses

Security, General:

Prompt injection compromises gemini-cli starting with only a GitHub issue; a good write-up with a lot of useful information for CI/CD defenders with fewer resources than the Google organization: https://www.pillar.security/blog/my-agentic-trust-issues-from-prompt-injection-to-supply-chain-compromise-on-gemini-cli

Security, Apple Platforms:

Apple’s Hide My Email can apparently expose the underlying hidden email. A researcher discovered a flaw a year ago that allowed the hidden email to be unmasked, but, according to him, Apple didn’t fix after receiving the report. In the meantime, 404 Media claims to have verified, so it is presumably a real issue, although the original discoverer has been generous enough to keep a lid on the method at Apple's request. In my experience, this specific “please don’t discuss this…indefinitely“ do-si-do happens when an issue can only be fixed moving forward, leaving past applications of the technology unaddressable, but it would be great if that weren’t the case. https://www.malwarebytes.com/blog/news/2026/07/apples-hide-my-email-doesnt-hide-it-very-well

Interesting Paper:

SCOUT: LLM-Driven Vulnerability Detection via Interactive Repository Exploration https://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=11551552

Interesting Tool:

The OWASP AI Maturity Assessment project is a new framework for assessing an organization's AI usage (versus that of its products). Early enough to get involved! https://github.com/OWASP/www-project-ai-maturity-assessment

Apple Platforms Security Concept of the Week:

Protecting against malware in macOS: https://support.apple.com/guide/security/protecting-against-malware-sec469d47bd8/1/web/1




The Berlin Bassline Brief is curated and commentated by Halle Winkler, CEH, Berlin – get in touch if you could use security consulting, fractional AppSec leadership, or team training in the area of iOS and macOS secure development.

Don't miss what's next. Subscribe to The Berlin Bassline Brief:
← Newer Berlin Bassline Brief #10: Grok Build CLI repo uploading, an infostealer pretending to be a crash reporter, a paper claims LLMs aren't chaotic neutral, NIST helps with macOS, PCC Older → Berlin Bassline Brief #8: Fable-ulous, GLM 5.2, macOS infostealer sneakiness, papers mild and spicy, MASTG 2.0, mic control
Halle Winkler on LinkedIn
Powered by Buttondown, the easiest way to start and grow your newsletter.