​The Gentlemen ransomware-as-a-service (RaaS) operation is actively developing and maintaining a suite of endpoint detection and response (EDR) killers that it hands out to affiliates for impairing system defenses before… Read More »The Gentlemen RaaS Uses GentleKiller EDR Framework Targeting 400 Security Processes

​Security researchers at Paradigm Shift have published a working exploit, dubbed usbliter8, that achieves arbitrary code execution inside the SecureROM of Apple’s A12 and A13 chips. That code is burned into the silicon… Read More »Unpatchable ‘usbliter8’ Exploit Breaks Apple A12 and A13 SecureROM Boot Chain

​Microsoft researchers have detailed an exploit chain, named AutoJack, that turns an AI browsing agent into a delivery vehicle for remote code execution. Steer the agent to load an attacker’s web… Read More »AutoJack Attack Lets One Web Page Hijack AI Agent for Host Code Execution

​Dutch law enforcement authorities, along with counterparts from Canada , Germany, and the U.S., have disrupted malicious infrastructure associated with SocGholish and cleaned up nearly 15,000 infected WordPress websites. “With… Read More »Operation Endgame Disrupts SocGholish Servers, Cleans 14,971 WordPress Sites

​The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday urged Fortinet customers with FortiGate appliances to take steps to secure against ongoing malicious activity aimed at thousands of internet-accessible… Read More »CISA Warns Fortinet Customers as FortiBleed Hits 86,644 FortiGate Devices

​Introduction The average enterprise security team has 40 or more security tools, giving a lot of visibility into internal telemetry and asset data. But often, these tools are working in… Read More »From Assistive to Agentic: The AI Shift That’s Redefining Threat Management

​The first wave of enterprise AI concern was straightforward. It was simply employees pasting sensitive data into public AI tools. Security teams responded with usage policies, domain blocks, and data… Read More »Forget Data Leakage: Shadow AI’s Real Threat Is Access Control

​Salesforce has revealed that it disabled the Klue Battlecards app integration within its platform in response to a security incident impacting the competitive intelligence company on June 11, 2026. To… Read More »Salesforce Disables Klue App Integration After OAuth Token Abuse Exposes Customer Data

​Apple has updated its Beats Studio Buds wireless earbuds to patch a high-severity vulnerability that could be exploited by nearby hackers to eavesdrop on users. The vulnerability, tracked as CVE-2025-20701… Read More »Apple Patches Beats Studio Buds Flaw Letting Nearby Attackers Spy via Microphone