Tag: exploit
-
Critical Wazuh Flaw Enables Threat Actors to Alter Alerts and Remove Logs
A critical security flaw in Wazuh Manager could allow unauthenticated threat actors to tamper with alerts, delete forensic evidence, and execute arbitrary OpenSearch operations by exploiting an input validation weakness in the platform’s new inventory synchronization pipeline. Tracked under GitHub advisory GHSA-ff9g-85jq-r3g3, the vulnerability affects Wazuh Manager version 5.0.0-beta1 and carries a maximum CVSS score…
-
Manipulierte Red-Hat-npm-Pakete verbreiten neue Malware
Das JFrog-Security-Research-Team hat eine neue Welle der Supply-Chain-Schadsoftware Shai-Hulud analysiert. Betroffen sind 96 manipulierte Paketversionen aus dem npm-Namensraum @redhat-cloud-services, einem von Red Hat selbst genutzten und damit vertrauenswürdigen Bereich. Die Angreifer haben dabei nicht etwa Typosquatting-Pakete platziert, sondern legitime, weit verbreitete Komponenten als Träger missbraucht. Im Schadcode selbst wird die Kampagne als ‘Miasma: The Spreading…
-
Streit mit Microsoft: Anonymer Sicherheitsforscher veröffentlicht nächsten Windows-Exploit
First seen on t3n.de Jump to article: t3n.de/news/streit-mit-microsoft-anonymer-sicherheitsforscher-veroeffentlicht-naechsten-windows-exploit-1747312/
-
Week in review: Exploited Check Point VPN zero-day, Oracle PeopleSoft servers under attack
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: DockSec: Open-source AI-powered Docker security scanner DockSec is an OWASP … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/14/week-in-review-exploited-check-point-vpn-zero-day-oracle-peoplesoft-servers-under-attack/
-
Critical Splunk Enterprise Flaw Lets Attackers Run Code Without Authentication
Splunk has released security updates to address a critical security flaw in Splunk Enterprise that could be exploited to conduct unauthenticated file operations and even remote code execution.The vulnerability, tracked as CVE-2026-20253, is rated 9.8 on the CVSS scoring system.”In Splunk Enterprise versions below 10.2.4 and 10.0.7, an unauthenticated user could create or truncate arbitrary…
-
The FCC Wants to Kill Burner Phones
Plus: AI bug hunting fuels Microsoft’s biggest-ever Patch Tuesday, ShinyHunters ransomware gang exploits an Oracle zero-day, and more. First seen on wired.com Jump to article: www.wired.com/story/security-news-this-week-the-fcc-wants-to-kill-burner-phones/
-
U.S. CISA adds Oracle PeopleSoft Enterprise PeopleTools flaw to its Known Exploited Vulnerabilities catalog
Tags: cisa, cve, cybersecurity, exploit, flaw, infrastructure, kev, oracle, technology, vulnerabilityU.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Oracle PeopleSoft Enterprise PeopleTools flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Oracle PeopleSoft Enterprise PeopleTools flaw, tracked as CVE-2026-35273 (CVSS score of 9.8), to its Known Exploited Vulnerabilities (KEV) catalog. Oracle PeopleSoft Enterprise PeopleTools is the underlying technology platform…
-
New Windows Zero-Day Claims BitLocker Bypass Amid Microsoft Disclosure Fight
A new Windows zero-day reportedly bypasses BitLocker, adding pressure on Microsoft as researchers debate the exploit’s real-world impact. The post New Windows Zero-Day Claims BitLocker Bypass Amid Microsoft Disclosure Fight appeared first on TechRepublic. First seen on techrepublic.com Jump to article: www.techrepublic.com/article/news-windows-bitlocker-zero-day-june-2026/
-
U.S. CISA adds Ivanti Sentry flaw to its Known Exploited Vulnerabilities catalog and urges patching by June 14
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Ivanti Sentry flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Ivanti Sentry flaw, tracked as CVE-2026-10520 (CVSS score of 10.0), to its Known Exploited Vulnerabilities (KEV) catalog. Ivanti Sentry is a secure gateway appliance that sits between an organization’s internal…
-
Oracle fixes PeopleSoft flaw exploited by ShinyHunters
A zero-day vulnerability affecting Oracle’s PeopleSoft products is being exploited by a ShinyHunters campaign targeting schools and universities. First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366644375/Oracle-fixes-PeopleSoft-flaw-exploited-by-ShinyHunters
-
ShinyHunters linked to exploitation of critical flaw in Oracle PeopleSoft
More than 100 organizations, about two-thirds in higher education, have been notified of potential impact. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/shinyhunters-exploitation-critical-flaw-oracle-peoplesoft/822796/
-
ShinyHunters is actively extorting universities after exploiting an unpatched Oracle flaw
Oracle still hasn’t patched the vulnerability the group has been using in its attacks since late May. First seen on cyberscoop.com Jump to article: cyberscoop.com/oracle-peoplesoft-zero-day-vulnerability-shinyhunters-extortion/
-
ShinyHunters Target Universities in Oracle PeopleSoft Zero-Day Attack
Google says ShinyHunters exploited Oracle PeopleSoft zero-day to steal data from 100+ organisations, with universities making up most victims. First seen on hackread.com Jump to article: hackread.com/shinyhunters-universities-oracle-peoplesoft-zero-day-attack/
-
Zero-Days, AI Exploits, and Supply Chain Risks Define This Week in Cybersecurity in June 2026
Weekly summary of Cybersecurity Insider newsletters First seen on esecurityplanet.com Jump to article: www.esecurityplanet.com/weekly-roundup/zero-days-ai-exploits-and-supply-chain-risks-define-this-week-in-cybersecurity-in-june-2026/
-
Penelope A Modern Alternative to Netcat for Red Teamers
Tags: exploitOverview This article presents an end-to-end engagement built entirely around Penelope, an automated shell handler and post-exploitation framework. We catch an initial reverse shell on First seen on hackingarticles.in Jump to article: www.hackingarticles.in/penelope-a-modern-alternative-to-netcat-for-red-teamers/
-
Researchers release details, PoC for exploited Check Point VPN flaw (CVE-2026-50751)
WatchTowr researchers have disclosed a technical analysis and a >>Detection Artefact Generator<< for CVE-2026-50751, an authentication bypass flaw in Check … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2026/06/12/cve-2026-50751-poc-exploit/
-
Oracle PeopleSoft RCE Flaw Used as Zero-Day in Ongoing ShinyHunters Campaign
Tags: advisory, breach, exploit, flaw, google, group, intelligence, mandiant, oracle, rce, remote-code-execution, threat, update, vulnerability, zero-dayShinyHunters exploited a critical Oracle PeopleSoft zero-day to breach over 100 organizations, mostly universities, before a patch was available. Mandiant and Google’s Threat Intelligence Group published an analysis of an active ShinyHunters campaign on June 11, one day after Oracle finally issued an advisory for the vulnerability being exploited. The gap matters: the activity ran…
-
Oracle PeopleSoft RCE Flaw Used as Zero-Day in Ongoing ShinyHunters Campaign
Tags: advisory, breach, exploit, flaw, google, group, intelligence, mandiant, oracle, rce, remote-code-execution, threat, update, vulnerability, zero-dayShinyHunters exploited a critical Oracle PeopleSoft zero-day to breach over 100 organizations, mostly universities, before a patch was available. Mandiant and Google’s Threat Intelligence Group published an analysis of an active ShinyHunters campaign on June 11, one day after Oracle finally issued an advisory for the vulnerability being exploited. The gap matters: the activity ran…
-
Attackers Can Exploit Microsoft Outlook and Word Flaws to Run Malicious Code
Microsoft has disclosed a set of critical remote code execution (RCE) vulnerabilities affecting Outlook and Word that could allow attackers to execute arbitrary code on targeted systems. The flaws, tracked as CVE-2026-45456, CVE-2026-45458, and CVE-2026-47635, were released on June 9, 2026, and carry high severity ratings with CVSS scores of 8.4. Security researchers warn that…
-
Kernel-Bug: FreeBSD-Exploit Bumsrakete verleiht Root-Zugriff
Ein Exploit namens Bumsrakete gefährdet alle FreeBSD-Versionen der letzten fünf Jahre. Die Entdecker nehmen es mit reichlich Humor. First seen on golem.de Jump to article: www.golem.de/news/kernel-bug-freebsd-exploit-bumsrakete-verleiht-root-zugriff-2606-209694.html
-
CISA orders feds to patch actively exploited Ivanti flaw by Sunday
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) ordered government agencies to patch an actively exploited Ivanti Sentry flaw within three days, as mandated by the newly issued Binding Operational Directive (BOD) 26-04. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/cisa-gives-feds-3-days-to-patch-ivanti-flaw-exploited-in-attacks/
-
FIFA World Cup 2026 Scams: Fake Websites, Ticket Fraud, and Job Scams Already Active
The FIFA World Cup 2026 may not kick off until June 11, 2026, but cybercriminals have already begun exploiting anticipation surrounding the tournament. Security researchers and law enforcement agencies are warning that FIFA World Cup 2026 scams are actively targeting fans, job seekers, and businesses through fake websites, phishing campaigns, and fraudulent online services. First seen on…
-
163 Organizations Hit by Thai Gambling SEO Poisoning Campaign
A large-scale Thai gambling SEO poisoning operation has compromised 163 organizations across more than 30 countries by exploiting abandoned cloud DNS delegations, according to research from Cyble Research & Intelligence Labs (CRIL). First seen on thecyberexpress.com Jump to article: thecyberexpress.com/thai-gambling-seo-poisoning/
-
CISA Orders Federal Agencies to Patch Critical Vulnerabilities Within 3 Days
The Cybersecurity and Infrastructure Security Agency (CISA) has issued a new Binding Operational Directive, BOD 26-04, mandating that federal civilian agencies remediate critical vulnerabilities within as little as 3 days, significantly tightening patching timelines in response to escalating cyber threats and rapid exploitation cycles. Announced on June 10, 2026, the directive introduces a risk-based vulnerability…
-
Oracle PeopleSoft Zero-Day RCE Vulnerability Exploited by ShinyHunters
Tags: cve, cvss, cyber, exploit, flaw, google, group, intelligence, mandiant, oracle, rce, remote-code-execution, threat, vulnerability, zero-dayA newly disclosed zero-day vulnerability in Oracle PeopleSoft is being actively exploited by the ShinyHunters threat group, according to a joint investigation by Mandiant and Google Threat Intelligence Group (GTIG). Tracked as CVE-2026-35273 with a critical CVSS score of 9.8, the flaw affects the Environment Management component and enables unauthenticated remote code execution. Researchers confirmed…
-
A Security Gets $37M to Thwart Weaponized AI With Automation
Lightspeed Funds Will Support Defenses Against Continuous, Machine-Led Exploitation. A Security, founded by former Sygnia executive Yossi Torati, emerged from stealth with $37 million to build defenses against weaponized AI that can automate discovery, exploit attack paths and manipulate agentic systems faster than human security teams can respond. First seen on govinfosecurity.com Jump to article:…
-
ShinyHunters Exploits Oracle PeopleSoft Zero-Day (CVE-2026-35273) to Breach Universities
The ShinyHunters extortion crew exploited an unpatched flaw in Oracle PeopleSoft to break into enterprise systems, steal data, and demand payment to keep it private. The campaign hit universities hardest.Google’s Mandiant attributes it to the group it tracks as UNC6240, and dates the activity between May 27 and June 9. Oracle did not publish its…
-
Oracle warns of security bug that hackers abused to breach 100+ companies
The tech giant warned of a security flaw that a cybercrime gang said it’s exploiting as part of a mass-hacking campaign. Google said it notified more than 100 organizations that had potentially vulnerable servers. First seen on techcrunch.com Jump to article: techcrunch.com/2026/06/11/oracle-warns-of-security-bug-that-hackers-abused-to-breach-100-companies/
-
Oracle mitigates PeopleSoft zero-day exploited in data theft attacks
Oracle is warning about a critical PeopleSoft Suite zero-day vulnerability tracked as CVE-2026-35273 that allows unauthenticated remote code execution, with the flaw actively exploited in ShinyHunter data theft attacks. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/oracle-mitigates-peoplesoft-zero-day-exploited-in-data-theft-attacks/