Today's cybersecurity news highlights active exploitation of vulnerabilities in WordPress plugins and Splunk Enterprise, alongside a significant credential compromise affecting Fortinet devices. Supply chain attacks continue to pose a threat, with a breach impacting Klue customers and exposing Salesforce data. The evolving landscape of AI security is also a prominent theme, with discussions around AI agent identity and new attack vectors.

Hackers Exploit Gravity SMTP WordPress Plugin Bug — Threat actors are actively exploiting CVE-2026-4020, a medium-severity information disclosure flaw in the Gravity SMTP WordPress plugin, to extract sensitive data like API keys from approximately 100,000 affected sites. Read more →
Klue OAuth Breach Victims Grow, Icarus Claims Attack — Market intelligence platform Klue confirmed a security incident where threat actors stole OAuth tokens, used to connect to customers' Salesforce environments, with the "Icarus" extortion group claiming responsibility. Read more →
Unpatchable 'usbliter8' Exploit for Apple A12/A13 SecureROM — Security researchers have published 'usbliter8', an exploit achieving arbitrary code execution in the unpatchable SecureROM of Apple's A12 and A13 chips, requiring physical access. Read more →
The Gentlemen RaaS Uses GentleKiller EDR Framework — The Gentlemen ransomware-as-a-service (RaaS) operation is actively developing and distributing a suite of EDR killers, centered around the GentleKiller framework, to affiliates to impair system defenses before deploying ransomware. Read more →
Texas Govt Data Breach Exposes Over 3 Million Driver’s Licenses — The Texas Parks and Wildlife Department (TPWD) disclosed a data breach at a license system vendor, exposing personal information for more than three million individuals. Read more →
AutoJack Attack Hijacks AI Agent for Host Code Execution — Microsoft researchers detailed 'AutoJack', an exploit chain that allows an attacker's web page to leverage an AI browsing agent to achieve remote code execution on the host machine. Read more →
CISA Warns Fortinet Customers as FortiBleed Hits 86,644 Devices — CISA has urged Fortinet customers to secure their FortiGate appliances against the "FortiBleed" campaign, which has compromised credentials for thousands of internet-accessible devices, believed to be linked to Russian-speaking threat actors. Read more →
CISA: Splunk Enterprise Flaw Actively Exploited, Patch by Sunday — CISA has added CVE-2026-20253, a critical Splunk Enterprise vulnerability allowing unauthenticated remote code execution, to its KEV catalog and urged federal agencies to patch by Sunday due to active exploitation. Read more →