Skip to content
Building a Smarter OS Update Strategy with Declarative Device Management
Weldon Dodd

5 min read

Building a Smarter OS Update Strategy with Declarative Device Management

Managing operating system updates across an Apple device fleet has always been a balancing act. Push updates too aggressively, and you risk disrupting critical workflows. Move too cautiously, and you expose your organization to security vulnerabilities. The solution? A well-designed N-1 OS update strategy powered by declarative device management (DDM).

Thought Leadership
The New Face of IT: More Ops, Less Headcount
Weldon Dodd

6 min read

The New Face of IT: More Ops, Less Headcount

The IT department of 2025 looks nothing like the help desk of 2015.

Thought Leadership
Unlocking Apple’s New Device Management API
Arek Dreyer

4 min read

Unlocking Apple’s New Device Management API

Apple Business Manager (ABM) and Apple School Manager (ASM) have evolved significantly in recent years, but one critical piece has been missing: programmatic access. That changed with the introduction of the ABM/ASM API, opening new possibilities for automation, integration, and workflow enhancement.

Thought Leadership
Brewing Trouble: Homebrew Spoofed Sites on the Rise
Adam Kohler & Christopher Lopez

5 min read

Brewing Trouble: Homebrew Spoofed Sites on the Rise

In September 2025, Iru's security researchers identified multiple spoofed Homebrew installer sites designed to mimic the official brew.sh page. These replicas injected malicious payloads under the guise of a standard install. In this post, we examine the tactics, infrastructure, and impact of the campaign.

Threat Intelligence
Ransomware Readiness: Tips from Beyond the Playbook
Arek Dreyer

4 min read

Ransomware Readiness: Tips from Beyond the Playbook

The call came at 2 AM. A major U.S. telecom provider, critical infrastructure supporting millions of cell phone users, was under active ransomware attack. Systems were encrypting rapidly across their network. Within hours, the FBI was coordinating response efforts, executives were in crisis mode, and a specialized team was rebuilding Active Directory from scratch while the clock ticked. For Eric Pittman, VP of Cybersecurity at Teradata, this wasn't a tabletop exercise or theoretical scenario. It was a real-world crisis that revealed critical gaps in how organizations prepare for and respond to ransomware attacks.

Thought Leadership
Apple’s Recent Updates to Platform SSO: What Problems Will It Solve?
Arek Dreyer

6 min read

Apple’s Recent Updates to Platform SSO: What Problems Will It Solve?

A frank look at where Platform SSO stands today, what's coming with macOS Tahoe 26, and the hard choices Mac administrators need to make

Thought Leadership
5 Lessons from One Company’s ISO 42001 Certification Journey
Satyam Patel

4 min read

5 Lessons from One Company’s ISO 42001 Certification Journey

The rapid development and adoption of AI is creating new opportunities for businesses across industries. From predictive analytics and natural language processing to automated decision-making, AI is transforming business operations and the customer experience. However, with this vast potential comes significant risk – especially for compliance leaders who must navigate an everchanging and complex landscape of emerging regulations, ethical considerations, and governance challenges.

Thought Leadership
The Vulnerability Data Crisis: Why You Can't Trust Your Security Tools
Shwena Kak

5 min read

The Vulnerability Data Crisis: Why You Can't Trust Your Security Tools

How data processing delays, inaccuracies, and systemic challenges in the National Vulnerability Database are impacting security teams and what you can do about it.

Threat Intelligence
Survey of 1,000+ IT & Security Teams Shows More Tools = More Burnout & Higher Risk
Weldon Dodd

9 min read

Survey of 1,000+ IT & Security Teams Shows More Tools = More Burnout & Higher Risk

Analysis of 1,011 IT and security professionals reveals the true price of fragmented tech stacks

Reports
The Apple OS 26 Era Begins. Iru Has You Covered.
Iru Team

4 min read

The Apple OS 26 Era Begins. Iru Has You Covered.

Deploy, manage, and secure Apple’s latest operating systems as soon as they’re released Apple has officially released its latest operating systems iOS 26, iPadOS 26, macOS 26, tvOS 26, watchOS 26, and visionOS 26. For the first time, Apple has standardized version numbers across every OS, creating a unified baseline for developers, IT teams, and end users alike. This alignment not only simplifies communication and compatibility but also underscores Apple’s commitment to delivering a consistent experience across the entire ecosystem.

Product News
Arek Dreyer

7 min read

"Keep Learning, Keep Leading": Advice for Apple Admins

Your iPhone has more computing power than entire university systems had 50 years ago. In another 50 years, the information processing capabilities available to us will be exponentially greater still. Yet our brains remain fundamentally unchanged, evolved to track seasonal patterns and remember a few dozen faces, not to process the constant stream of security bulletins, product announcements, API changes, and community discussions that define modern Apple administration.

Thought Leadership
Finding Vulnerabilities in Apple Packages at Scale
Csaba Fitzl

15 min read

Finding Vulnerabilities in Apple Packages at Scale

This article summarizes work we performed in 2024, which we shared in our “Finding Vulnerabilities in Apple Packages at Scale” talk at MacDevOpsYVR and SecurityFest conferences earlier this year. You can watch the full presentation below:

Threat Intelligence
How to Fix The Patching Problem Every IT Team Knows Too Well
Weldon Dodd

7 min read

How to Fix The Patching Problem Every IT Team Knows Too Well

Let's be honest: patch management in 2025 feels like trying to drink from a fire hose while juggling flaming torches. You're managing thousands of devices, dealing with constant vulnerability announcements, and somehow expected to keep everything secure without driving your users (or yourself) completely insane.

Thought Leadership
User-Based vs. Device-Based Security Exclusions: Finding the Right Balance
Iru Team

7 min read

User-Based vs. Device-Based Security Exclusions: Finding the Right Balance

Security exclusions represent one of the most nuanced decisions admins face when designing effective security policies. These exceptions to your standard security rules require careful consideration - apply them too liberally, and you risk creating security gaps; too restrictively, and you might impede legitimate work. But before you can determine how many exclusions to implement, you need to decide what type of exclusions make the most sense for your environment.

Thought Leadership
Threat Detected: RustyPages Malware - Part I
Adam Kohler & Christopher Lopez

6 min read

Threat Detected: RustyPages Malware - Part I

On August 13 2025, Iru's security researchers discovered a potentially interesting Rust-compiled file on VirusTotal. Our investigation resulted in the analysis of 6 related Mach-O files. With this initial blog post, we're focusing on the first file of this analysis, the dropper. The dropper file is designed to quietly download and run another malicious file, stay on the system by setting up persistence, and avoid being detected by commonly used macOS security tools. We have included the hashes of the relevant Mach-O files currently on VirusTotal in the IOC section below in an effort to shed light on these samples quickly while we continue our analysis of the loader samples. At the time of writing, the specific Mach-O we cover below has zero detections on VirusTotal and most of the loader Mach-O files are also undetected.

Threat Intelligence

Stay up to date

Iru's bi-weekly collection of articles, videos, and research to keep IT & Security teams ahead of the curve.