Big Tech
Big Tech analyzes decisions by major platforms and their impact on security, privacy, infrastructure and the market. The cluster connects product announcements, strategic changes and technical consequences for users and businesses.

OpenAI Shifts the Remediation Paradox: From Finding Bugs to Patching Them
OpenAI releases GPT-5.5-Cyber and the Patch the Planet initiative. AI has solved vulnerability discovery, creating a larger problem: t…

Tata Electronics Breach: 200,000 Files Leaked, Apple and Tesla Secrets Appear on Dark Web
Tata Electronics confirmed a cybersecurity incident on June 22, 2026, stating it occurred "a few weeks ago" with no operational impact…

usbliter8: Unpatchable Exploit Hits Apple A12/A13 SecureROM
Paradigm Shift releases usbliter8, an unpatchable hardware exploit achieving arbitrary EL1 execution in Apple A12/A13 SecureROM via th…

AutoJack: A Single Web Page Hijacks AI Agents to Execute Code on the Host
Microsoft Security has disclosed AutoJack, a three-vulnerability chain in AutoGen Studio that turns browsing-capable AI agents into ve…

Apple Beats: Bluetooth Flaw Turns Headphones Into Spy Microphones
Apple patched CVE-2025-20701 in Beats Studio Buds: attackers within Bluetooth range could eavesdrop on conversations by exploiting a f…

Lorem Ipsum Pivots to ClickFix After Fox Tempest Takedown
BlueVoyant reports the Lorem Ipsum malware abandoned signed Microsoft Teams installers for ClickFix tactics on compromised WordPress s…

GhostTree: The NTFS Attack That Freezes EDR
Varonis Threat Labs disclosed GhostTree, an evasion technique that neutralizes Windows Defender using recursive NTFS junctions — no el…

Vertex AI SDK: Cross-Tenant Bucket Squatting Enabled RCE
Google Cloud Vertex AI SDK versions 1.139.0 through 1.140.0 were vulnerable to cross-tenant bucket squatting leading to remote code ex…

DragonForce Weaponizes Microsoft Teams TURN Relays for Stealth C2
The DragonForce ransomware group deployed Backdoor.Turn, the first documented in-the-wild malware to abuse Microsoft Teams' legitimate…

CVE-2026-11645: Google Patches Fifth Chrome Zero-Day of 2026
Google has released a critical patch for CVE-2026-11645, a zero-day vulnerability in Chrome's V8 engine. With an exploit active in the…

Microsoft Patches Actively Exploited Exchange Zero-Day, Mandates Dual-Layer Defense
Microsoft has released a permanent patch for CVE-2026-42897, an XSS zero-day in Exchange OWA. Despite the update, the EEMS mitigation…

RoguePlanet: Zero-Day Exploit (CVE-2026-42897) Hits Fully Patched Windows 10 and 11 Systems
RoguePlanet (CVE-2026-42897) leverages a race condition in Microsoft Defender to gain SYSTEM privileges on Windows 10 and 11 devices,…