Vulnerabilities
Researchers Publish "usbliter8" BootROM Exploit Affecting Apple A12 and A13 Chips
Another silicon-level finding lands with lifecycle implications — defenders issuing affected iPhones have device-policy work to plan.
Original vulnerability disclosures and technical security research. Novel attack techniques, exploit chains, bug bounty findings, and defensive discoveries.
Vulnerabilities
Another silicon-level finding lands with lifecycle implications — defenders issuing affected iPhones have device-policy work to plan.
Vulnerabilities
Apple's firmware update for the Beats Studio Buds closes a high-severity Bluetooth flaw that let a nearby attacker listen through the microphone of an unpaired unit — verification work for organizations issuing the device.
Supply Chain Attack
The default flips — npm 12 changes the install-script behavior that has driven years of supply-chain reform debate.
Artificial Intelligence (AI)
Anthropic's Fable 5 launches with “cyber safeguards” baked in — a framing that would, days later, become the center of a precedent-setting US export-control action.
Artificial Intelligence (AI)
Half a century after Brunner imagined it, researchers publish a prototype — and the defender community gets a new detection-research agenda rather than an immediate operational threat.
Vulnerabilities
A use-after-free in the Linux kernel's nf_tables code — patched in February, exploited publicly in June — shows how a single misplaced character in a critical subsystem becomes the keystone of a privilege-escalation chain.
Artificial Intelligence (AI)
Bright Data, formerly Luminati, runs the largest residential proxy network in the world — and a researcher has now mapped how consumer apps and always-on smart TVs become its silent infrastructure.
Artificial Intelligence (AI)
OpenAI's Lockdown Mode is the first big consumer-facing prompt-injection defense from a frontier AI lab — but the company itself concedes the feature reduces, rather than eliminates, the risk.
Nation-State Cyber Threats
ReliaQuest disclosed OP-512, a previously unreported, China-linked espionage cluster that plants a custom three-web-shell framework on Microsoft IIS servers — the fourth such group to target IIS in a year. For anyone running IIS, it is a prompt to go hunting.
Supply Chain Attack
Three disclosures this cycle share one thesis: attackers borrowing the trust of legitimate channels. A Rust-written npm worm (IronWorm), a cryptominer slipped into Hola Browser, and a Magecart skimmer hosted inside Stripe each hide in traffic defenders are inclined to allow.
Artificial Intelligence (AI)
Two Mythos threads landed this cycle: TechCrunch reports the NSA is said to be readying Anthropic's Mythos for cyber operations despite a federal restriction, while Anthropic published an analysis of 832 accounts banned for malicious cyber activity, mapped to MITRE ATT&CK.
Cybersecurity 101
A clear guide to digital forensics — the branches, the investigative process, chain of custody, and how forensics supports incident response and prosecutions.