Cyber Security News

Hacking Editorial Brief — June 23, 2026

Apple SecureROM Exploit Exposes Unpatchable Vulnerability in Millions of iPhones

Researchers disclosed a new SecureROM exploit affecting millions of Apple iPhones that bypasses boot-level defenses and cannot be remediated through software updates. The vulnerability resides in hardware-level read-only memory that executes during the device boot process, placing it beyond the reach of traditional patching mechanisms. SecureROM exploits are particularly significant because they provide persistent access that survives device resets and OS reinstallations, making them valuable for both legitimate security research and malicious use. The disclosure represents a fundamental compromise of Apple's boot chain security model and will likely require hardware replacement to fully address affected devices.

North Korean Threat Actors Compromise Mastra AI Framework with Supply Chain Attack

North Korean-linked threat actors successfully poisoned the open-source Mastra artificial intelligence framework by planting infostealers in the codebase, marking another expansion of DPRK supply chain operations targeting developer ecosystems. The compromise follows established North Korean patterns of infiltrating software supply chains to distribute malware to downstream users. Separately, security firm Group-IB identified Scattered Spider as the top threat actor shaping cybercrime in 2026, citing the group's advanced social engineering capabilities and operational scale in high-profile attacks. The assessment reflects Scattered Spider's continued evolution from initial telecom-focused operations to broader enterprise targeting with sophisticated pretexting techniques.

Sources: SecurityWeek · GovInfoSecurity · Group-IB