Today's security landscape is dominated by critical hardware vulnerabilities, active exploitation campaigns, and supply chain compromises. A permanent bootrom flaw in Apple's A12/A13 chips, widespread FortiGate credential theft, and actively exploited Splunk vulnerabilities demand immediate attention from security teams.

Unpatchable 'usbliter8' Exploit Breaks Apple A12 and A13 SecureROM Boot Chain — Researchers have published a working exploit achieving arbitrary code execution in the SecureROM of Apple's A12 and A13 chips, which is burned into silicon and cannot be patched via software updates. Read more →
CISA: Splunk Enterprise Flaw Actively Exploited, Patch by Sunday — CVE-2026-20253, a critical Splunk Enterprise vulnerability enabling unauthenticated remote code execution, is being actively exploited in the wild; CISA has given federal agencies only three days to patch. Read more →
CISA Warns Fortinet Customers as FortiBleed Hits 86,644 FortiGate Devices — The FortiBleed campaign has compromised credentials for approximately 74,000–86,000 Fortinet firewalls and VPN gateways globally; Russian-speaking threat actors are actively exploiting the leaked credentials across government and private sectors. Read more →
AutoJack Attack Lets One Web Page Hijack AI Agent for Host Code Execution — Microsoft researchers have detailed an exploit chain that turns an AI browsing agent into a remote code execution vector; a malicious webpage's JavaScript can reach a privileged local service and spawn processes without user interaction. Read more →
The Gentlemen RaaS Uses GentleKiller EDR Framework Targeting 400 Security Processes — The Gentlemen ransomware-as-a-service operation is actively distributing a mature suite of EDR-killing tools called GentleKiller to affiliates, enabling them to disable endpoint defenses before deploying ransomware. Read more →
Salesforce Disables Klue App Integration After OAuth Token Abuse Exposes Customer Data — Salesforce has disabled the Klue Battlecards app following a security incident where threat actors abused OAuth tokens to exfiltrate data from customer Salesforce instances, affecting security firms including Huntress and Recorded Future. Read more →
Texas Govt Data Breach Exposes Over 3 Million Driver's Licenses — The Texas Parks and Wildlife Department disclosed a breach at its license system vendor exposing personal information for more than three million individuals. Read more →
F5 Patches Two Critical NGINX Open Source Flaws Enabling Remote Code Execution — F5 has released updates for two critical vulnerabilities in NGINX Open Source: CVE-2026-42530 (use-after-free, CVSS 9.2) and CVE-2026-42531, both enabling remote code execution. Read more →