CISA Warns of Mass Fortinet Credential Leak; Splunk RCE and Microsoft Defender Zero-Day Under Active Exploit

New 'Gentlemen' Ransomware Uses EDR Killer Framework to Blindside Security Tools

A new Ransomware-as-a-Service (RaaS) operation known as 'The Gentlemen' is targeting organizations with a novel and aggressive approach to defense evasion. The malware deploys a framework of multiple Endpoint Detection and Response (EDR) killer tools concurren...

Operation Endgame: Global Law Enforcement Disrupts SocGholish, Cleans 15,000 Infected Websites

In a major blow to cybercrime, an international law enforcement coalition under 'Operation Endgame' has disrupted the notorious SocGholish malware delivery network. The operation took down 106 command-and-control servers and cleaned nearly 15,000 malware-infec...

WordPress Supply Chain Hit Again: ShapedPlugin Update Mechanism Compromised

The WordPress ecosystem is reeling from another supply-chain attack after threat actors compromised the update mechanism for ShapedPlugin products. The breach allowed attackers to push malicious code directly to customer websites that had automatic updates ena...

Unpatchable 'usbliter8' BootROM Exploit Released for Apple A12/A13 Chips

Researchers have publicly disclosed 'usbliter8,' a new and unpatchable BootROM exploit affecting Apple's A12 and A13 System-on-Chips (SoCs). The vulnerability, which resides in the physical silicon of the chips, cannot be fixed with a software or firmware upda...

New 'Agentjacking' Attack Turns AI Coding Assistants into Malicious Insiders

Researchers have detailed a novel attack vector called 'Agentjacking,' which allows threat actors to hijack AI coding assistants and execute arbitrary code on a developer's machine. The attack exploits the trust AI agents place in diagnostic platforms like Sen...

New 'Icarus' Extortion Group Hits Klue, Steals Customer Salesforce Data via OAuth Attack

The competitive intelligence platform Klue has confirmed a security breach where attackers gained unauthorized access to its customers' connected Salesforce environments. A new extortion group named 'Icarus' has claimed responsibility. The attack vector involv...

Hackers Actively Exploit Gravity SMTP Flaw (CVE-2026-4020) to Steal API Keys from 100K WordPress Sites

A medium-severity information disclosure vulnerability in the Gravity SMTP WordPress plugin, CVE-2026-4020, is being actively and widely exploited by threat actors. The flaw affects up to 100,000 websites and allows an unauthenticated attacker to access a comp...

ShinyHunters Leaks Data of 368,000 JCPenney Employees in Extortion Attack

The notorious hacking group ShinyHunters has leaked the personal data of approximately 368,000 current and former employees of retail giant JCPenney. The data was published online as part of a 'pay or leak' extortion campaign after the company reportedly refus...

Microsoft Scrambles to Patch 'RoguePlanet' Zero-Day in Defender Granting Full System Control

Update:The 'RoguePlanet' zero-day (CVE-2026-50656) in Microsoft Defender remains unpatched, leaving systems vulnerable. New technical details clarify the exploitation mechanism as a TOCTOU race condition, utilizing symlinks or hard links to target critical system fil...

‘FortiBleed’ Campaign: Over 70,000 Fortinet Firewalls Compromised in Global Credential Heist

Update:The 'FortiBleed' campaign has now impacted over 86,000 Fortinet devices, an increase from previous reports. The U.S. CISA has issued an urgent advisory, emphasizing the severity and directing organizations to immediately rotate credentials and enable MFA. New...

CISA Warns of Active Exploitation of Critical Splunk Flaw (CVE-2026-20253)

Update:Further analysis of the actively exploited Splunk RCE (CVE-2026-20253) reveals over 1,400 internet-exposed instances, according to Shadowserver Foundation scans, significantly expanding the known attack surface. The RCE chain is clarified to involve abusing Po...