The Iru Blog

Iru Quarterly Threat Report: May 2026

Apple's Managed Migration Assistant: Bring IT control to macOS device refreshes

Understanding ADE: Enrollment, configuration, and where the gap lives

A guide to how Automated Device Enrollment works, where it stops, and how to close the window between enrolled and ready.

Securing Windows: Vulnerability management, auto patching, and OS updates

Unpatched software is behind roughly 60% of breaches. And with AI models getting better at finding exploitable vulnerabilities faster than most teams can remediate them, the window between disclosure and exploitation is shrinking fast.

Local Admin Accounts on Mac: Should IT Teams Create Them?

Updated May 2026. For IT teams deploying Mac computers, the question is: To create local IT admin accounts on those computers or not? What Are Mac Admin and Standard User Accounts? To be clear on what we’re talking about: A local IT admin account is a user account with admin privileges created on a Mac in addition being used as to the primary user account. There are several reasons IT teams might want to distribute such accounts—but there are also good reasons why they might not. There are also several ways to do so, as well as a couple of alternatives that could obviate the need to deploy such accounts altogether. Let’s walk through each of those decisions.

12 IT and security voices shaping the conversation in 2026

Finding good information in IT and security has never been the hard part. Finding the people who are genuinely advancing the conversation — the ones with fresh perspectives who are helping shape where the industry is heading — takes more effort.

MiniRAT: A Go-based macOS RAT delivered via malicious npm package

Summary MiniRAT is a Go-based macOS RAT dropped onto developer machines via a malicious npm package. It evades VMs, persists via a LaunchAgent disguised as an Apple component, and beacons over HTTPS using an AES-encrypted C2 config. Operators can run shell commands, exfiltrate files, and stage secondary payloads. A newly analyzed Go-based macOS remote access trojan (RAT), internally named Minirat, has surfaced in the wild using anti-VM checks, LaunchAgent persistence, and AES-encrypted command and control (C2) configuration to maintain stealthy, long-term access on victim endpoints. According to SafeDep, the initial infection vector was a malicious npm package (velora-dex-sdk) that dropped the Go-based macOS RAT onto developer endpoints.

Apple is about to enforce stricter TLS standards for MDM. Are you ready?

Summary Apple announced that starting as early as iOS 27, iPadOS 27, macOS 27, watchOS 27, tvOS 27, and visionOS 27, its operating systems will enforce stricter TLS requirements for system processes, including MDM, DDM, Automated Device Enrollment, and app distribution. Servers that don't support TLS 1.2 or later (TLS 1.3 recommended), ATS-compliant ciphersuites, and valid certificates may have their connections refused. SCEP servers and content caching servers are currently exempt. IT admins should audit their infrastructure now using Apple's Network Diagnostics Logging Profile to identify non-compliant servers before fall 2026. Starting as early as the next major OS release, Apple devices will refuse to connect to any device management service, Mobile Device Management (MDM) server, enrollment endpoint, or app distribution infrastructure that does not meet tightened TLS standards. Non-compliant servers will simply stop working for enrollment, device management, app delivery, and software updates.

How endpoint security shaped Bindplane's ISO 27001 journey

Getting ISO 27001 certified is one thing. Building a compliance program that actually holds up between audits, without consuming your engineering team, is another problem entirely.

Deploy Any Windows App with Iru Custom Apps

Custom apps for Windows are now available in Iru Endpoint Management, supporting MSI, EXE, and PowerShell-wrapped installs. Upload your files, configure your settings, and let Iru handle deployment.

The Sprawl Report: What Too Many Tools Is Doing to IT and Security Teams

Tool sprawl is breaking IT & security teams. The data from 1,011 IT and security professionals makes the mechanism clear: the more tools a team manages, the worse everything gets. More burnout. More time on maintenance. Less time for the work that actually matters.

What Apple Business Actually Means for Your IT Team (And Whether It Replaces Your MDM)

Apple dropped a significant announcement on March 24, 2026: Apple Business Essentials, Apple Business Manager, and Apple Business Connect are going away. In their place, a unified platform simply called Apple Business launches on April 14. If your IT team is running any Apple devices, or if you've been relying on Apple Business Essentials for lightweight MDM, this affects you. Here's a clear-eyed look at what's actually changing, what Apple Business includes, and what it still doesn't do.

Beyond the Login: What CISA's Latest Recommendations Mean

The Cybersecurity and Infrastructure Security Agency (CISA) recently issued an urgent advisory urging U.S. organizations to harden their endpoint management systems. The guidance came in response to the Stryker attack, claimed by Handala, an Iranian-linked hacktivist group, which wiped thousands of corporate devices without a single piece of malware. The attacker had valid credentials, a live admin session, and access to tools the organization already trusted. That was enough.

Atomic Stealer (AMOS) Returns: ClickFix, Trojanized Crypto Apps, and a New macOS Persistence Mechanism

Atomic Stealer, commonly tracked as AMOS, has earned its place as one of the most persistent threats the macOS threat landscape. Powered by a relentless development cycle and diverse distribution networks, it shows no signs of slowing down. Researchers have extensively documented its signature tactics: "ClickFix" browser social engineering prompts, trojanized application installers, and, most recently, the "malext" variants spread through malvertising campaigns.