Deno

A vulnerability in Deno's Node.js tls compatibility layer (versions 2.0.0 to 2.7.7) allows a network attacker to intercept and tamper with plaintext application data transmitted over a supposedly TLS-protected connection when `autoSelectFamily` is enabled and the initial connection attempt fails, leading to potential information disclosure and data manipulation.

This rule detects GenAI tools on macOS connecting to unusual domains, potentially indicating command and control activity, data exfiltration, or malicious payload retrieval following compromise via prompt injection, malicious MCP servers, or poisoned plugins.