Unpatchable ‘usbliter8’ Exploit Breaks Apple A12 and A13 SecureROM Boot Chain
Security researchers at Paradigm Shift have published a working exploit, dubbed usbliter8, that achieves arbitrary code execution inside the SecureROM of Apple's A12...
Hacking
Category Added in a WPeMatico Campaign
The Gentlemen RaaS Uses GentleKiller EDR Framework Targeting 400 Security Processes
The Gentlemen ransomware-as-a-service (RaaS) operation is actively developing and maintaining a suite of endpoint detection and response (EDR) killers that...
AutoJack Attack Lets One Web Page Hijack AI Agent for Host Code Execution
Microsoft researchers have detailed an exploit chain, named AutoJack, that turns an AI browsing agent into a delivery vehicle for remote...
Operation Endgame Disrupts SocGholish Servers, Cleans 14,971 WordPress Sites
Dutch law enforcement authorities, along with counterparts from Canada , Germany, and the U.S., have disrupted malicious infrastructure associated with...
CISA Warns Fortinet Customers as FortiBleed Hits 86,644 FortiGate Devices
Ravie LakshmananJun 19, 2026Threat Intelligence / Firewall Security The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday urged Fortinet...
From Assistive to Agentic: The AI Shift That’s Redefining Threat Management
Introduction The average enterprise security team has 40 or more security tools, giving a lot of visibility into internal telemetry...
Forget Data Leakage: Shadow AI’s Real Threat Is Access Control
The first wave of enterprise AI concern was straightforward. It was simply employees pasting sensitive data into public AI tools....
Salesforce Disables Klue App Integration After OAuth Token Abuse Exposes Customer Data
Salesforce has revealed that it disabled the Klue Battlecards app integration within its platform in response to a security incident...
Apple Patches Beats Studio Buds Flaw Letting Nearby Attackers Spy via Microphone
Ravie LakshmananJun 19, 2026Mobile Security / Vulnerability Apple has updated its Beats Studio Buds wireless earbuds to patch a high-severity...
F5 Patches Two Critical NGINX Open Source Flaws Enabling Remote Code Execution
Ravie LakshmananJun 18, 2026Vulnerability / Cloud Security F5 has released security updates to address two critical security flaws in NGINX...
Orphaned AI Agents: How to Find Hidden Access Risks Inside Your Network
The Hacker NewsJun 18, 2026AI Security / Data Security If an autonomous AI agent interacts with your company's core intellectual...
ThreatsDay Bulletin: Claude Chat Abuse, NastyC2 npm Packages, Device-Code Phishing + 25 More Stories
Ravie LakshmananJun 18, 2026Hacking News / Cybersecurity News The internet did not break this week. It got used exactly as...
Microsoft Details Windows Clipper Malware Campaign Using USB LNK Worm and Tor-Based C2
Ravie LakshmananJun 18, 2026Malware / Cryptocurrency Microsoft has disclosed details of a Windows-based cryptocurrency clipper campaign that has targeted users...
INC Ransomware Emerges as Major RaaS Threat in 2026 with 830+ Victims Since 2023
Ravie LakshmananJun 18, 2026Vulnerability / Enterprise Security Cybersecurity researchers have charted the evolution of INC from an nascent ransomware-as-a-service (RaaS)...
The Scripts on Your Checkout Page Are Now a PCI DSS Problem
The Hacker NewsJun 18, 2026Payment Security / Compliance An independent PCI assessor tested Reflectiz against the new PCI DSS rules....
