iPhone BootROM Exploit, Log Discards and Crypto Malware Mark a Week of Escalating Threats

Security researchers at Paradigm Shift have published the first iPhone bootROM exploit in six years, a hardware-level flaw named usbliter8 that targets chips still running Apple's latest iOS. The exploit requires no software patch, leaving users with no recourse except upgrading to newer hardware. The disclosure came the same week Microsoft reported a new self-propagating malware that steals cryptocurrency, and a survey found that half of large enterprises discard 86 percent of their logs, undermining breach detection efforts.

The usbliter8 exploit, detailed by Paradigm Shift on June 19, 2026, targets a bootROM vulnerability in Apple's most recent chip line, meaning every iPhone running the latest iOS is affected at the hardware level. Because the flaw resides in read-only memory, Apple cannot issue a firmware update to fix it; the only mitigation is replacing the device.

Log retention crisis frustrates incident response

A Dynatrace survey of 450 senior IT leaders at large enterprises published June 19 found that half of organizations drop or never collect an average of 86 percent of their logs, even after filtering and aggregation. Many limit retention periods, a practice that carries a direct security cost: without historical log data, forensic investigators cannot reconstruct attack timelines or identify the initial point of compromise. The survey coincided with a CISA emergency directive giving federal agencies only three days to patch CVE-2026-20253, a Splunk Enterprise vulnerability exploited in attacks for unauthenticated remote code execution.

• 86 percent of logs are discarded on average among organizations that drop or never collect log data.
• 450 senior IT leaders were surveyed for the Dynatrace report.
• CVE-2026-20253 affects Splunk Enterprise and is already exploited in the wild.
• 3 day deadline given to U.S. federal agencies by CISA to patch CVE-2026-20253.

New crypto clipper malware spreads via USB

Microsoft's security team identified a lightweight backdoor called Crypto Clipper that spreads over USB drives and communicates over the Tor network. The malware intercepts cryptocurrency transactions by replacing wallet addresses copied to the clipboard, redirecting funds to attacker-controlled addresses. Its self-propagating nature means it can move across air-gapped systems via USB, a technique that raises concerns for organizations that rely on physical isolation for critical financial systems.

The cluster of events this week underscores three distinct vectors: hardware that cannot be patched, operational practices that blind defenders, and new malware that targets cryptocurrency volumes. The iPhone exploit will drive users to hardware upgrades, the log retention crisis demands policy changes, and the Crypto Clipper requires tightened USB device controls. In each case, the window between disclosure and exploitation shrank. Federal agencies now have three days to act on Splunk, and for iPhone users, the clock may have already run out.