How macOS Native Tools Are Being Repurposed for Stealthy Enterprise Attacks

Attackers are increasingly turning to macOS native tools to infiltrate enterprise environments, according to new research from Cisco Talos. The study, published on April 21, reveals how built-in macOS features—such as Remote Application Scripting (RAS) and Spotlight metadata—are being weaponized for code execution, lateral movement, and evasion. This shift marks a significant evolution in enterprise attacks, as more than 45% of organizations now deploy Macs in their networks.

Macs are particularly popular among developers and DevOps professionals, who often store sensitive credentials, cloud access keys, and source code on their machines. However, macOS-focused attack techniques remain less documented than those targeting Windows, leaving security teams with blind spots. The Cisco Talos research highlights how adversaries exploit legitimate system binaries and protocols—a tactic known as living-off-the-land (LOTL)—to bypass traditional defenses.

How Attackers Abuse macOS Native Tools for Execution

Remote Application Scripting (RAS), a feature designed for administrative automation, is one of the primary tools being exploited. By leveraging Apple’s inter-process communication (IPC) framework, attackers can execute commands on remote systems without triggering shell-based monitoring. This allows them to issue instructions stealthily, avoiding detection by conventional endpoint security tools.

In some cases, adversaries bypass built-in restrictions by using Terminal as a proxy. They encode payloads in Base64 and deploy them in stages, enabling complex scripts to run while evading standard command-line activity alerts. Other techniques include executing AppleScript over SSH to interact with the graphical user interface, or using tools like socat to establish remote shells without relying on SSH logging or authentication trails.

Security teams face additional challenges because actions performed through Apple Events or IPC often fall outside traditional endpoint detection rules. As a result, these LOTL techniques can go unnoticed for extended periods.

Covert Data Movement and Persistence Using Spotlight

Attackers are also using unconventional methods to transfer and store payloads. One notable approach involves embedding malicious code in Finder comments, which are stored as Spotlight metadata rather than in file contents. This technique allows payloads to evade static analysis tools that scan files for malicious code. The data can later be extracted, decoded, and executed with a single command.

Beyond Spotlight, the research highlights multiple native protocols used for lateral movement and file transfer:

• Server Message Block (SMB) for mounting remote shares
• Netcat for direct command execution and file delivery
• Git repositories for pushing payloads to target systems
• Trivial File Transfer Protocol (TFTP) and Simple Network Management Protocol (SNMP) for covert data exchange

Because these methods rely on legitimate services, they often bypass network monitoring focused on SSH or known malicious traffic patterns. This makes them particularly dangerous for enterprise attacks, where stealth is paramount.

Defending Against macOS-Based LOTL Attacks

To counter these threats, Cisco Talos recommends shifting detection strategies toward process lineage analysis. Monitoring unusual metadata activity and restricting administrative services through mobile device management (MDM) policies can also help. Additionally, disabling unnecessary services and enforcing stricter controls over inter-application communication can reduce the attack surface.

Security teams should also consider implementing endpoint detection solutions tailored for macOS to improve visibility into native tool usage. For more insights on protecting your enterprise, check out our guide on macOS security best practices.

As macOS continues to gain traction in enterprise environments, understanding how macOS native tools can be abused is critical. By staying informed and adopting proactive defenses, organizations can mitigate the risks posed by these stealthy LOTL techniques.

AI Agents Spark Cybersecurity Incidents at Two Thirds of Companies, CSA Report Finds

Artificial intelligence agents are rapidly becoming a staple in enterprise networks, but their unchecked deployment is causing serious trouble. According to a new report from the Cloud Security Alliance (CSA), conducted in partnership with Token Security, two thirds of organizations have suffered from AI agents cybersecurity incidents over the past year. These incidents have led to data exposure, operational disruptions, and financial losses, raising urgent questions about governance and oversight.

The report, titled Autonomous but Not Controlled: AI Agent Incidents Now Common in Enterprises, published on April 21, warns that most organizations lack a formal strategy for decommissioning AI agents. This oversight leaves them vulnerable to ongoing risks. As companies race to adopt AI, the gap between deployment and security is widening.

The Visibility Gap: Known vs. Unknown AI Agents

One of the most striking findings is the disconnect between perceived and actual visibility. While 68% of respondents expressed high confidence in their ability to track AI agents on their networks, 82% admitted to discovering previously unknown agents in the past year. This paradox highlights a critical blind spot.

Internal automation environments and large language model (LLM) platforms were the most common hiding spots for these rogue agents. The CSA report notes, “This gap highlights a distinction between operational visibility and complete governance assurance, limiting the effectiveness of control models that depend on known and bounded agents.”

When cybersecurity and infrastructure teams are unaware of AI agents deployed by employees, securing the network becomes nearly impossible. This lack of awareness has directly contributed to the rise in AI agents cybersecurity incidents.

Consequences: Data Exposure, Disruptions, and Financial Hits

The operational fallout from these incidents is significant. Among the 65% of organizations that experienced at least one incident, the most common consequences included data exposure (61%), operational disruption (43%), and unintended actions in business processes (41%).

Financial losses were reported by 35% of affected firms, while 31% faced delays in customer-facing or internal services. The paper warns that AI agent incidents are now hitting core enterprise functions, from data protection to service delivery. As the report states, “For organizations, this shifts AI agent governance from a technical oversight issue to a business risk management concern.”

Why Financial and Operational Risks Are Rising

Building on this, the report emphasizes that AI agent behavior must be integrated into broader security, compliance, and operational resilience strategies. Treating it as an isolated automation challenge is no longer viable. Companies must perform thorough risk assessments to apply appropriate controls.

The Decommissioning Problem: Forgotten Agents Pose Persistent Threats

Governance around AI agent decommissioning is particularly weak. Only one in five organizations have formal processes for retiring AI agents. As a result, many agents persist on networks long after their purpose is fulfilled.

These forgotten agents often retain credentials, permissions, or operational hooks. This creates a ticking time bomb for cybersecurity. The CSA warns that as more AI agents become part of enterprise networks, the problem of agent sprawl will only amplify risks. Without proper end-of-life governance, AI agents cybersecurity incidents will likely increase.

How to Strengthen AI Agent Security and Governance

In response to these challenges, the CSA has issued a set of actionable recommendations for organizations. Hillary Baron, assistant vice president of research at the CSA, explains, “AI agent security and governance encompass an interconnected system spanning visibility, lifecycle management, policy, and monitoring. While foundational controls are in place, gaps in consistency and end-of-life management remain.”

To address these gaps, the CSA advises firms to:

• Maintain visibility across AI agents — Ensure agents operating across SaaS platforms, internal systems, and LLM environments are identified and within governance scope.
• Define and document agent purpose — Establish intended functions to set operational boundaries and align access accordingly.
• Apply lifecycle governance consistently — Extend onboarding, ownership, review, and decommissioning processes across the full agent lifecycle.
• Evaluate actions based on risk and authorization — Use contextual signals such as action risk and explicit human approval to guide decision-making.
• Align monitoring with agent activity — Evolve from periodic oversight toward more continuous or event-driven detection models.
• Incorporate agents into enterprise risk models — Treat AI agents as part of broader security, compliance, and operational resilience frameworks.

For more insights on managing AI risks, check out our guide on AI security best practices. Additionally, learn about cloud security strategies to protect your digital assets.

As AI agents gain greater autonomy, governance must evolve into a more unified, operational model. The stakes are high, but with proactive measures, organizations can harness the power of AI without falling victim to its risks.

Poland Says Hackers Breached Water Treatment Plants — and the US Is Facing the Same Threat

In a stark reminder of the vulnerabilities in critical infrastructure, Poland’s intelligence agency has revealed that hackers targeted five water treatment plants across the country. The attackers could have taken control of industrial equipment, raising the alarming possibility of tampering with the water supply itself. These water treatment plant hacks are not an isolated incident — they reflect a global pattern that puts US utilities on high alert.

What Happened in Poland?

Poland’s Internal Security Agency, the nation’s top intelligence body, published a report on Friday detailing two years of security threats. The document confirms that Polish intelligence thwarted multiple sabotage attempts by Russian government spies and hackers. These attacks targeted military facilities, critical infrastructure — including power grids, water supplies, and transportation networks — as well as civilian sites. According to the report, some of these incidents could have resulted in fatalities.

The report did not explicitly name the hackers behind the water treatment plant hacks, but it noted that Russian intelligence services have been behind a string of recent attacks on Polish infrastructure. A previous attempt to bring down Poland’s energy grid was also linked to Russian actors, though that breach was ultimately attributed to poor security controls at the targeted facilities.

Why US Water Utilities Are at Risk

The situation in Poland echoes a troubling reality for the United States. In 2021, a hacker briefly gained access to a water treatment plant in Oldsmar, Florida, and attempted to increase sodium hydroxide levels to dangerous concentrations. Since then, the FBI and the Cybersecurity and Infrastructure Security Agency have warned repeatedly that water utilities remain a soft target for foreign hackers.

As recently as last month, a joint advisory from CISA, the FBI, the NSA, and other federal agencies warned that Iranian-backed hackers are actively targeting programmable logic controllers (PLCs) — the industrial computers that manage water and energy facilities — at US utilities. The same Iranian group, CyberAv3ngers, previously broke into digital control panels at multiple water treatment plants in Pennsylvania in 2023. These attacks were tied to escalating hostilities in the Middle East.

The Bigger Picture: A Coordinated Threat to Critical Infrastructure

The water treatment plant hacks in Poland are part of a broader strategy. According to Polish intelligence, the Russian government is applying a consistent playbook both in war zones like Ukraine and against Western nations it views as adversaries. The goal, the report states, is to destabilize and weaken the West — using cyberattacks and cyberespionage as key tools in a larger toolkit for Putin’s regime.

This means that water utilities, power grids, and other critical infrastructure are not just targets of opportunity; they are deliberate objectives in a campaign of asymmetric warfare. The attacks on Poland are not unique, and they follow a pattern that security experts have tracked for years.

What Can Be Done to Protect Water Systems?

Strengthening cybersecurity at water utilities is no longer optional — it is an urgent necessity. Experts recommend implementing multi-factor authentication, segmenting industrial control networks from office networks, and conducting regular security audits. Federal agencies like CISA offer free assessments for water utilities, but adoption remains low.

Building on this, the US government has introduced new reporting requirements for critical infrastructure operators. However, many small and mid-sized utilities lack the budget and expertise to implement robust defenses. As a result, they remain the weakest link in the chain.

Conclusion: A Wake-Up Call for the West

The water treatment plant hacks in Poland should serve as a wake-up call for every nation with vulnerable infrastructure. The methods used — from phishing emails to direct exploitation of poorly secured PLCs — are well understood. What is missing is the will to act decisively.

For more on how to secure critical infrastructure, read our guide on securing industrial control systems. You can also explore the top cybersecurity threats facing utilities in 2025.