Skip to content
The Guide to Managing Mac Clusters for AI Workloads
Iru Team

6 min read

The Guide to Managing Mac Clusters for AI Workloads

Mac clusters for AI workloads are real infrastructure now. Here’s how to provision, secure, and manage them from day one.

Educational
The right Blueprint, every time: how Iru's Blueprint Routing automates device deployment at enrollment
Iru Team

6 min read

The right Blueprint, every time: how Iru's Blueprint Routing automates device deployment at enrollment

Enrolling a fleet of devices sounds simple in theory: pick a Blueprint, assign some settings, and you're done. But in practice, most organizations are managing a mix of Mac computers, Windows computers, iPhone devices, iPad devices, kiosk tablets, and meeting room devices, each with their own configurations, user types, and provisioning requirements. Keeping all of that straight at enrollment time, without manual intervention or a tangle of enrollment codes, has historically been one of the more tedious parts of device management.

Educational
Stop Threats Instantly with Device Isolation for Iru EDR
Kunal Prakash

3 min read

Stop Threats Instantly with Device Isolation for Iru EDR

Respond to serious threats by isolating compromised devices from the network. Iru retains a secure, remote connection with the device.

Product News
Mac Logging and the log Command: The 2026 Guide for Apple Admins
Mike Boylan

10 min read

Mac Logging and the log Command: The 2026 Guide for Apple Admins

This post was originally published in April 2022 and has been updated in March 2026 to reflect the latest information. As an IT admin, you’ve almost certainly had to check some form of log when investigating a problem. Logs tell the story of what’s happening on a system, so they can be enormously helpful in both troubleshooting issues and in learning why the system is behaving the way that it is.

Educational
macOS Malware Analysis: Music Plugin DMG Loader
Calvin So

17 min read

macOS Malware Analysis: Music Plugin DMG Loader

On February 4, 2026, security researchers discovered a mass-distributed loader disguised as predominantly cracked music plugin DMGs used to deliver multiple multistage macOS malware, such as Odyssey and MacSyncStealer, in addition to a Mach-O binary containing another loader to an additional payload.

Threat Intelligence
Introducing Blueprint Routing
Mike Boylan

3 min read

Introducing Blueprint Routing

Today, we’re excited to announce the general availability of Blueprint Routing, a new enrollment capability in Iru that dynamically assigns devices to Blueprints during enrollment, based on device and user attributes collected at that moment.

Product News
The Security Implications of OpenClaw and Autonomous AI Agents
Shwena Kak

8 min read

The Security Implications of OpenClaw and Autonomous AI Agents

In recent months, a new class of AI tools has gained momentum, blurring the line between traditional assistants and fully autonomous automation platforms. OpenClaw, previously known as Clawdbot and Moltbot, is designed to execute tasks for users with little ongoing human involvement, including file management, workflow automation, and direct shell command execution. Its rapid viral growth and strong community adoption, with almost 200,000 GitHub stars, have brought attention to a new category of AI tools that operate with deeper system access than most conversational AI platforms.

Threat Intelligence
The hidden risks of the Homebrew Cellar in Vulnerability Management
Candace Jensen

3 min read

The hidden risks of the Homebrew Cellar in Vulnerability Management

In the modern macOS ecosystem, Homebrew is a staple: the engine under the hood in software engineers' day to day development, and a productivity enhancer for macOS power users. However, its convenience and ubiquity may introduce a significant blind spot for security teams if they lack visibility into the "Cellar" - the specific location where Homebrew stores its binaries, known as formulae. Its hidden dependencies, lingering outdated binaries, and relaxed permissions can create serious security gaps. When a workstation may be the gateway to cloud and production systems, those gaps matter.

Threat Intelligence
The Better Way to Migrate iOS and iPadOS Devices
Adam Henry

4 min read

The Better Way to Migrate iOS and iPadOS Devices

Moving to a new device management solution has never been easier. With iOS 26 and iPadOS 26, we're introducing support for a powerful migration feature that transform how organizations transition their iPhone and iPad fleet to Iru.

Educational
The Dangers of Cracking Tools
Csaba Fitzl

7 min read

The Dangers of Cracking Tools

This blog article highlights one particular risk that arises from using various tools to crack software: introducing vulnerabilities to their environment. This article provides a general overview, examines past cases, and dives into an actual local privilege escalation vulnerability we uncovered in a macOS software cracker.

Threat Intelligence
5 Use Cases for Custom PowerShell Scripts in Windows Device Management
Lance Crandall

5 min read

5 Use Cases for Custom PowerShell Scripts in Windows Device Management

Modern Windows device management has come a long way. With UEM-based endpoint management, IT teams can enforce security baselines, configure system settings, deploy applications, and maintain compliance at scale. But even in the most mature Windows management environments, there are always scenarios that require customization. That’s where PowerShell scripting continues to play an important role.

Educational
Analyzing the MonetaStealer macOS Threat
Calvin So

6 min read

Analyzing the MonetaStealer macOS Threat

On January 6, 2026, security researchers at Iru discovered a suspicious Mach-O binary masquerading as a Windows .exe file. Investigation revealed the file is a PyInstaller-compiled binary that executes malware hidden within a .pyc file. Researchers named the malware MonetaStealer. The malware contains limited capabilities and lacks anti-analysis/persistence mechanisms. Researchers believe it is still in its very early development phase and relies heavily on AI code. MonetaStealer maintains a zero-detection rate on VirusTotal as of the time of writing.

Threat Intelligence
Investigating Shai-Hulud: Inside the NPM Supply Chain Worm
Calvin So

9 min read

Investigating Shai-Hulud: Inside the NPM Supply Chain Worm

On August 26, 2025, attackers exploited a GitHub Actions injection vulnerability inside Nx’s workflow, using a manipulated pull request title to run shell commands and extract the company’s NPM publishing token. With that access, they published malicious versions of trusted Nx packages. Once installed, those packages hijacked local AI command line tools to scan victim systems for credentials, SSH keys, and crypto wallets.

Threat Intelligence
CrashOne - A Starbucks Story - CVE-2025-24277
Csaba Fitzl & Gergely Kalman

22 min read

CrashOne - A Starbucks Story - CVE-2025-24277

On a cold autumn day in Budapest in 2024, I met independent security researcher Gergely Kalman at a local Starbucks to swap ideas, dead ends, and updates on our research. Over coffee, we started talking about crash logs, and that’s when we stumbled onto something big.

Threat Intelligence
The Top Cyber Threats Facing SMBs in 2025
Calvin So

3 min read

The Top Cyber Threats Facing SMBs in 2025

Small and midsize businesses (SMBs) are under siege. Attackers know these organizations often run lean IT teams with limited budgets, making them prime “path of least resistance” targets.

Threat Intelligence

Stay up to date

Iru's bi-weekly collection of articles, videos, and research to keep IT & Security teams ahead of the curve.