diff --git a/detection/credentials/macos_keyboard_sniffer.sql b/detection/credentials/macos_keyboard_sniffer.sql
index e784bd9..a5238ab 100644
--- a/detection/credentials/macos_keyboard_sniffer.sql
+++ b/detection/credentials/macos_keyboard_sniffer.sql
@@ -79,7 +79,8 @@ WHERE
     'polyrecorder,polyrecorder,Developer ID Application: Adam Pietrasiak (SXF593CX2N)',
     'skhd,skhd,',
     'LinearMouse,com.lujjjh.LinearMouse,Developer ID Application: Jiahao Lu (C5686NKYJ7)',
-    'synergy-core,synergy-core,Developer ID Application: Symless Ltd (4HX897Y6GJ)'
+    'synergy-core,synergy-core,Developer ID Application: Symless Ltd (4HX897Y6GJ)',
+    'deskflow-server,deskflow-server,'
   )
 GROUP BY
   p0.path
diff --git a/detection/execution/unexpected-execdir-macos.sql b/detection/execution/unexpected-execdir-macos.sql
index 9964959..c91bbcf 100644
--- a/detection/execution/unexpected-execdir-macos.sql
+++ b/detection/execution/unexpected-execdir-macos.sql
@@ -111,6 +111,7 @@ WHERE
     '~/Applications (Parallels)/',
     '~/bin/',
     '~/.cargo/',
+    '~/chainguard_repos/',
     '~/code/',
     '~/Code/',
     '~/.config/',