The Iru Blog

NVD's shift to risk-based prioritization: how Iru Vulnerability Management stays ahead of the limitations

How to build a tech stack that runs itself

Introducing Iru MCP: IT is moving from operators to builders

Summary Iru MCP lets IT teams query, manage, and automate endpoint workflows from AI tools like Claude Code and Cursor.Iru MCP lets IT teams query, manage, and automate endpoint workflows from AI tools like Claude Code and Cursor. One prompt can replace multi-tool, multi-step processes while keeping humans in control of every irreversible action. Endpoints just joined your IT team's AI build environment.

Iru Quarterly Threat Report: May 2026

Welcome to the Iru Threat Intelligence Report, our quarterly summary of emerging threats in the macOS ecosystem and how Iru is responding in real time. In each edition, we break down key threat discoveries and the protections we've deployed to keep customer devices secure.

Apple's Managed Migration Assistant: Bring IT control to macOS device refreshes

For the first time, IT has declarative MDM control over what transfers when a user migrates from an old Mac to a new one.

Understanding ADE: Enrollment, configuration, and where the gap lives

A guide to how Automated Device Enrollment works, where it stops, and how to close the window between enrolled and ready.

Securing Windows: Vulnerability management, auto patching, and OS updates

Unpatched software is behind roughly 60% of breaches. And with AI models getting better at finding exploitable vulnerabilities faster than most teams can remediate them, the window between disclosure and exploitation is shrinking fast.

Local Admin Accounts on Mac: Should IT Teams Create Them?

Updated May 2026. For IT teams deploying Mac computers, the question is: To create local IT admin accounts on those computers or not? What Are Mac Admin and Standard User Accounts? To be clear on what we’re talking about: A local IT admin account is a user account with admin privileges created on a Mac in addition being used as to the primary user account. There are several reasons IT teams might want to distribute such accounts—but there are also good reasons why they might not. There are also several ways to do so, as well as a couple of alternatives that could obviate the need to deploy such accounts altogether. Let’s walk through each of those decisions.

12 IT and security voices shaping the conversation in 2026

Finding good information in IT and security has never been the hard part. Finding the people who are genuinely advancing the conversation — the ones with fresh perspectives who are helping shape where the industry is heading — takes more effort.

MiniRAT: A Go-based macOS RAT delivered via malicious npm package

Summary MiniRAT is a Go-based macOS RAT dropped onto developer machines via a malicious npm package. It evades VMs, persists via a LaunchAgent disguised as an Apple component, and beacons over HTTPS using an AES-encrypted C2 config. Operators can run shell commands, exfiltrate files, and stage secondary payloads. A newly analyzed Go-based macOS remote access trojan (RAT), internally named Minirat, has surfaced in the wild using anti-VM checks, LaunchAgent persistence, and AES-encrypted command and control (C2) configuration to maintain stealthy, long-term access on victim endpoints. According to SafeDep, the initial infection vector was a malicious npm package (velora-dex-sdk) that dropped the Go-based macOS RAT onto developer endpoints.

Apple is about to enforce stricter TLS standards for MDM. Are you ready?

Summary Apple announced that starting as early as iOS 27, iPadOS 27, macOS 27, watchOS 27, tvOS 27, and visionOS 27, its operating systems will enforce stricter TLS requirements for system processes, including MDM, DDM, Automated Device Enrollment, and app distribution. Servers that don't support TLS 1.2 or later (TLS 1.3 recommended), ATS-compliant ciphersuites, and valid certificates may have their connections refused. SCEP servers and content caching servers are currently exempt. IT admins should audit their infrastructure now using Apple's Network Diagnostics Logging Profile to identify non-compliant servers before fall 2026. Starting as early as the next major OS release, Apple devices will refuse to connect to any device management service, Mobile Device Management (MDM) server, enrollment endpoint, or app distribution infrastructure that does not meet tightened TLS standards. Non-compliant servers will simply stop working for enrollment, device management, app delivery, and software updates.

How endpoint security shaped Bindplane's ISO 27001 journey

Getting ISO 27001 certified is one thing. Building a compliance program that actually holds up between audits, without consuming your engineering team, is another problem entirely.

Deploy Any Windows App with Iru Custom Apps

Custom apps for Windows are now available in Iru Endpoint Management, supporting MSI, EXE, and PowerShell-wrapped installs. Upload your files, configure your settings, and let Iru handle deployment.

The Sprawl Report: What Too Many Tools Is Doing to IT and Security Teams

Tool sprawl is breaking IT & security teams. The data from 1,011 IT and security professionals makes the mechanism clear: the more tools a team manages, the worse everything gets. More burnout. More time on maintenance. Less time for the work that actually matters.