Topic
vulnerability
Technology Oracle Warns of Critical PeopleSoft Vulnerability Exploited by ShinyHunters, Affecting Hundreds of Organizations
Oracle has issued a security advisory for a critical remote code execution vulnerability (CVE-2026-35273, CVSS 9.8) in PeopleSoft versions 8.61 and 8.62. The extortion group ShinyHunters is exploiting it, claiming to have breached over 100 organizations and exfiltrated data from ~300 instances. Google's Mandiant reported zero-day exploitation between May 27 and June 9, 2026, and alerted over 100 potentially vulnerable entities.
Technology Why Your Help Desk Remains the Biggest Security Risk in Your Organization
TechRadar reports that help desk social engineering attacks, like those that hit MGM Resorts, Marks & Spencer, and Harrods, bypass most security controls. AI has amplified the threat, with phishing scams up 85% and average losses doubling to $2,060. Best practices include hardening identity operations and tying device enrollment to identity.
Technology Check Point Patches Critical VPN Flaw Exploited by Qilin Ransomware Group
Check Point addressed a critical VPN authentication bypass vulnerability (CVE-2026-50751, CVSS 9.3) that has been exploited by the Qilin ransomware group since early May 2026. The attacks affected dozens of organizations globally, with at least one case leading to Qilin ransomware deployment. Customers are urged to apply fixes and mitigations immediately.
Technology Microsoft Defender Zero-Day Exploit Threatens System Security
A newly disclosed zero-day vulnerability in Microsoft Defender, named 'RoguePlanet', allows attackers to gain SYSTEM privileges on Windows 10 and 11. Security researcher Chaotic Eclipse revealed this exploit, highlighting ongoing tensions with Microsoft over vulnerability disclosures.
Technology AI's Role in Accelerating Cyber Vulnerabilities
AI is significantly reducing the time it takes for adversaries to exploit vulnerabilities, challenging traditional cybersecurity defenses. Organizations must shift focus from prevention to resilience to maintain operations.
Technology Linux Kernel Vulnerability: A Single Character Threat
A logic inversion bug in the Linux kernel, identified as CVE-2026-23111, allows privilege escalation, affecting major distributions like Debian, Ubuntu, and RHEL. The vulnerability highlights challenges in managing AI-driven bug reports.
Technology Google Urges Immediate Chrome Update to Fix Zero-Day Flaw
Google has released a patch for a high-severity zero-day vulnerability in Chrome, identified as CVE-2026-11645. The flaw allows remote code execution and is actively exploited. Users should update Chrome immediately to version 149.0.7827.103 or later.