ThreatLocker DAC launches Beta macOS configuration scanning
Security Tool/Service
Summary
Hide ▲
Show ▼
ThreatLocker DAC has launched a Beta macOS configuration-scanning feature that surfaces risky or noncompliant settings before they turn into incidents. The update extends DAC beyond Windows and gives defenders a way to spot exposure such as FileVault gaps, disabled firewalls, and permissive sharing settings from the existing ThreatLocker console. It uses the ThreatLocker agent to scan Macs and map findings to remediation guidance, which can shorten the path from discovery to fix. The release matters because it brings configuration visibility to a platform where misconfigurations often go unnoticed until they are abused.
Related Happenings
MacOS LOTL detection and hardening guidance against native-tool abuse
Defensive Guidance
First: 22.04.2026 19:30
Last: 22.04.2026 19:30
Sources 1
About this happening:
Defensive guidance now pushes **macOS** security teams to detect native-tool abuse by shifting toward **process lineage analysis**, because attackers are using built-in features t...
MacOS LOTL detection and hardening guidance against native-tool abuse
Defensive GuidanceAbout this happening: Defensive guidance now pushes **macOS** security teams to detect native-tool abuse by shifting toward **process lineage analysis**, because attackers are using built-in features t...
MacOS living-off-the-land analysis exposing native-feature abuse
Technical Analysis
First: 22.04.2026 19:30
Last: 22.04.2026 19:30
Sources 1
About this happening:
Native macOS features are now being repurposed for **code execution**, **lateral movement**, and **evasion**, widening detection gaps across enterprise Apple fleets. The analysis...
MacOS living-off-the-land analysis exposing native-feature abuse
Technical AnalysisAbout this happening: Native macOS features are now being repurposed for **code execution**, **lateral movement**, and **evasion**, widening detection gaps across enterprise Apple fleets. The analysis...
Apple iOS and iPadOS 26.4 Beta adds RCS end-to-end encryption and new device protections
Security Tool/Service
First: 17.02.2026 08:44
Last: 17.02.2026 08:44
Sources 1
About this happening:
Apple’s **iOS and iPadOS 26.4 Beta** now tests **end-to-end encryption (E2EE)** for **RCS messages**, strengthening message confidentiality for Apple users. The same beta also exp...
Apple iOS and iPadOS 26.4 Beta adds RCS end-to-end encryption and new device protections
Security Tool/ServiceAbout this happening: Apple’s **iOS and iPadOS 26.4 Beta** now tests **end-to-end encryption (E2EE)** for **RCS messages**, strengthening message confidentiality for Apple users. The same beta also exp...
MacSync Mac.C notarized Swift dropper for macOS
Malware Activity
First: 22.12.2025 22:43
Last: 22.12.2025 22:43
Sources 1
About this happening:
The **MacSync** information stealer now arrives on **macOS** as a **code-signed, notarized Swift app**, raising the odds of successful delivery and increasing credential-theft ris...
MacSync Mac.C notarized Swift dropper for macOS
Malware ActivityAbout this happening: The **MacSync** information stealer now arrives on **macOS** as a **code-signed, notarized Swift app**, raising the odds of successful delivery and increasing credential-theft ris...
XCSSET macOS malware new variant with clipboard hijacking and persistence
Malware Activity
First: 26.09.2025 01:49
Last: 26.09.2025 01:49
Sources 1
About this happening:
A new XCSSET macOS malware variant has been observed in limited attacks against Xcode projects used by developers. It expands browser data theft, including Firefox, and uses clipb...
XCSSET macOS malware new variant with clipboard hijacking and persistence
Malware ActivityAbout this happening: A new XCSSET macOS malware variant has been observed in limited attacks against Xcode projects used by developers. It expands browser data theft, including Firefox, and uses clipb...
Latest development: 26.09.2025 12:09
Microsoft Threat Intelligence disclosed an updated XCSSET macOS malware variant that was observed in limited attacks against Xcode projects used by software developers. The variant adds Firefox browser data theft, clipboard hijacking that replaces cryptocurrency wallet addresses, and a new LaunchDaemon persistence mechanism, while also using run-only compiled AppleScripts, encryption, and obfuscation to help stealthy execution.
Timeline
-
31.10.2025 05:37 2 articles · 6mo ago
ThreatLocker launches DAC for macOS Beta
Initial DisclosureThreatLocker launches DAC for macOS Beta, extending Defense Against Configurations to Macs so the existing ThreatLocker agent can scan endpoints up to four times per day for risky or noncompliant settings such as FileVault status, built-in firewall status, sharing and remote access settings, local administrator accounts, automatic update settings, and Gatekeeper and app source controls. The beta also maps findings to remediation guidance and ThreatLocker policies to help administrators close configuration gaps before they are exploited.
Show sources
- A New Security Layer for macOS Takes Aim at Admin Errors Before Hackers Do — thehackernews.com — 31.10.2025 05:37
- A New Security Layer for macOS Takes Aim at Admin Errors Before Hackers Do — thehackernews.com — 31.10.2025 05:37