Yesterday, Ivanti disclosed CVE-2025-22460, a use of default passwords in their Cloud Services Application. The CSA is a pseudo-reverse proxy for Ivanti’s on-premise Endpoint Manager. The fix requires a fresh install of CSA 5.0.5 or running mitigation steps (login required) after upgrading from 5.0.0-5.0.4. This disclosure began for me last month due to a finding…

It’s got to have an Ethernet port, right? Last week, Mark Gurman at Bloomberg reported that the Mac mini is getting its first major redesign in 14 years. This would be only the third Mac mini design. This year, I deployed Mac minis in most of our Zoom Rooms. Changes to the product line are…

In April 2022, Charles Edge didn’t know me but invited me to appear on the Mac Admins Podcast. I wasn’t even a Mac admin at the time, at least officially. I had reported a vulnerability and he wanted me to discuss it. I was reticent, thinking this wasn’t relevant to a Mac admin audience. Today,…