Today's security news highlights active exploitation of vulnerabilities in Splunk Enterprise and a WordPress plugin, alongside a significant supply chain attack attributed to North Korean hackers. Additionally, a new ransomware variant prioritizes recent files for encryption, and a major data breach in Texas exposed millions of driver's licenses.

Microsoft links Mastra AI supply chain attack to North Korean hackers — Microsoft has attributed a supply chain attack compromising over 140 npm packages to the North Korean hacking group Sapphire Sleet (BlueNoroff). Read more →
Hackers Exploit Gravity SMTP WordPress Plugin Bug to Expose API Keys — Threat actors are actively exploiting CVE-2026-4020, a medium-severity information disclosure flaw in the Gravity SMTP WordPress plugin (100,000 installations), to extract sensitive data like API keys. Read more →
New Prinz Eugen ransomware prioritizes recent files for encryption — A new ransomware operation, 'Prinz Eugen,' has emerged, focusing its encryption efforts on recently modified files and notably leaving no ransom note. Read more →
Klue OAuth breach victim list grows as Icarus hackers claim attack — Market intelligence platform Klue confirmed a security incident where threat actors stole OAuth tokens for customer Salesforce environments, with the "Icarus" group claiming responsibility. Read more →
Texas govt data breach exposes over 3 million driver’s licenses — The Texas Parks and Wildlife Department (TPWD) disclosed a data breach at a vendor, exposing personal information for over three million individuals, including driver's licenses. Read more →
Unpatchable 'usbliter8' Exploit Breaks Apple A12 and A13 SecureROM Boot Chain — Researchers have published 'usbliter8,' an unpatchable exploit achieving arbitrary code execution in the SecureROM of Apple A12 and A13 chips, requiring physical access. Read more →
CISA: Splunk Enterprise flaw actively exploited, patch by Sunday — CISA has urged federal agencies to patch a critical Splunk Enterprise vulnerability (CVE-2026-20253) by Sunday, as it is being actively exploited in attacks. Read more →
The Gentlemen RaaS Uses GentleKiller EDR Framework Targeting 400 Security Processes — The Gentlemen ransomware-as-a-service (RaaS) is developing and distributing the "GentleKiller" EDR framework to affiliates, designed to impair system defenses before encryption. Read more →