Today's security landscape highlights critical vulnerabilities and active exploitation across various platforms. North Korean hackers are linked to a supply chain attack, while a new ransomware variant prioritizes recent files. Several high-impact incidents involving data breaches and critical infrastructure vulnerabilities also demand immediate attention.

Microsoft Links Mastra AI Supply Chain Attack to North Korean Hackers — Microsoft has attributed a supply chain attack compromising over 140 npm packages to the North Korean hacking group Sapphire Sleet (BlueNoroff). Read more →
Hackers Exploit Gravity SMTP WordPress Plugin Bug to Expose API Keys — Threat actors are actively exploiting CVE-2026-4020, a medium-severity information disclosure flaw in the Gravity SMTP WordPress plugin (100,000 installations), to extract sensitive data like API keys. Read more →
New Prinz Eugen Ransomware Prioritizes Recent Files for Encryption — A new ransomware operation, 'Prinz Eugen,' has emerged, focusing its encryption efforts on recently modified files and notably leaving no ransom note. Read more →
Klue OAuth Breach Victim List Grows as Icarus Hackers Claim Attack — Market intelligence platform Klue confirmed a security incident where OAuth tokens for customer Salesforce environments were stolen, with the new "Icarus" extortion group claiming responsibility. Read more →
Texas Govt Data Breach Exposes Over 3 Million Driver’s Licenses — The Texas Parks and Wildlife Department (TPWD) disclosed a data breach at a vendor, exposing personal information for over three million individuals, including driver's licenses. Read more →
Unpatchable 'usbliter8' Exploit Breaks Apple A12 and A13 SecureROM Boot Chain — Security researchers have published 'usbliter8,' an unpatchable exploit achieving arbitrary code execution in the SecureROM of Apple's A12 and A13 chips, requiring physical access. Read more →
AutoJack Attack Lets One Web Page Hijack AI Agent for Host Code Execution — Microsoft researchers detailed 'AutoJack,' an exploit chain that allows an attacker's webpage to hijack an AI browsing agent, leading to remote code execution on the host machine. Read more →
CISA: Splunk Enterprise Flaw Actively Exploited, Patch by Sunday — CISA has urged federal agencies to patch a critical Splunk Enterprise vulnerability (CVE-2026-20253) by Sunday, as it is being actively exploited for unauthenticated remote code execution. Read more →