Daily News
Gaslight: North Korea’s macOS Malware That Deceives AI Security Tools
North Korea has built macOS malware that attacks your AI security tools — not by evading them technically, but by lying to them. SentinelOne disclosed a Rust-based macOS implant on June 25, 2026, codenamed Gaslight, attributed with high confidence to North Korea-aligned threat actors. It is the first documented malware to embed fabricated system-failure messages…
Read MoreGreatXML — No Patch: BitLocker Bypass via WinRE Survives Incident Response
Your BitLocker-encrypted Windows devices may not be as protected as your NIS2 compliance report says. This week a researcher published GreatXML — a technique that achieves a SYSTEM-level shell with full access to a BitLocker-encrypted volume using nothing more than two XML files placed on the recovery partition. No patch exists. Microsoft is still assessing…
Read MoreThree CVSS 10.0 Vulnerabilities in Ubiquiti UniFi OS — Zero Auth, Full Network Control
Three CVSS 10.0 vulnerabilities in Ubiquiti UniFi OS. One exploit chain. Full network control. Zero authentication required. If you use UniFi in your office — and most DACH SMBs do — this is your highest-priority patch this week. CISA added three Ubiquiti vulnerabilities to its Known Exploited Vulnerabilities catalog on June 23, confirming active exploitation…
Read MoreAI Agent Finds 21 FFmpeg Zero-Days for $1,000 — Chrome 149 Patches Record 429 Bugs
An AI agent just did what would take a skilled security researcher months — and it cost $1,000. Security startup depthfirst ran an autonomous AI agent against FFmpeg, the media processing library embedded in virtually every video call platform, streaming service, and recording tool. The agent scanned 1.5 million lines of C code and found…
Read MoreKlue OAuth Breach — One Legacy Credential, Nine Security Vendors Compromised
The security vendor you trust just got hacked — and took nine of its customers with it. The Icarus extortion group compromised Klue, a competitive intelligence platform. They didn’t need a zero-day. They found a single legacy credential, got into Klue’s backend, and pushed a code update that silently harvested OAuth tokens for every active…
Read More
