Today's security brief highlights critical vulnerabilities and active exploitation across various platforms, including an unpatchable Apple boot defense bypass and ongoing attacks on WordPress plugins. Supply chain attacks, data breaches, and the evolving threat landscape for AI agents also feature prominently, underscoring the need for robust security measures.

Unpatchable Exploit Bypasses Apple's Boot Defenses — A new exploit, "Usbliter8," bypasses Apple's SecureROM boot defenses on A12 and A13 chips, affecting millions of iPhones with no software patch possible. Read more →
Attackers Exploit Gravity SMTP WordPress Plugin Flaw — Threat actors are actively exploiting a vulnerability in the Gravity SMTP WordPress plugin (CVE-2026-4020) to steal API keys, secrets, and other sensitive data from approximately 100,000 affected sites. Read more →
CISA Adds Splunk Enterprise Flaw to KEV Catalog — CISA has added CVE-2026-20253, a Splunk Enterprise missing authentication vulnerability, to its Known Exploited Vulnerabilities Catalog, urging federal agencies to patch by Sunday due to active exploitation. Read more →
North Korean Hackers Blamed for Mastra NPM Supply Chain Attack — Microsoft has attributed a supply chain attack on over 140 Mastra NPM packages, which delivered cryptocurrency-targeting payloads, to the North Korean hacking group Sapphire Sleet (BlueNoroff). Read more →
More Cybersecurity Firms Impacted by Klue Hack — Cybersecurity companies including HackerOne, Huntress, and Snyk have disclosed impacts from the Klue hack, where threat actors stole OAuth tokens to access customers' Salesforce environments. Read more →
AutoJack Attack Hijacks AI Agents for Code Execution — Microsoft researchers detailed "AutoJack," an exploit chain that allows a malicious webpage to hijack an AI browsing agent, leading to remote code execution on the host machine without further user interaction. Read more →
Texas Parks & Wildlife Data Breach Affects 3 Million — A data breach at a third-party license vendor for the Texas Parks & Wildlife Department (TPWD) exposed personal information, including driver's licenses, for over 3 million individuals. Read more →
Fortinet Responds to FortiBleed Credential Harvesting Campaign — Fortinet is addressing the "FortiBleed" campaign, which has created a database of over 86,000 confirmed working credentials by targeting internet-accessible Fortinet devices. Read more →