10:30 pm – June 12, 2026 The cybercriminal group ShinyHunters has been actively exploiting a critical vulnerability in Oracle PeopleSoft, a widely used enterprise resource planning (ERP) system. This zero-day exploit, identified as CVE-2026-35273, allows attackers to gain unauthorized access, exfiltrate sensitive data, and then demand ransom payments to prevent its public release. The campaign has…
Security researcher Chaotic Eclipse has unveiled a significant new vulnerability, dubbed GreatXML, that bypasses Windows BitLocker encryption. This discovery, detailed just a day after the release of an exploit targeting Microsoft Defender, highlights a critical weakness in Microsoft’s endpoint security posture. The GreatXML exploit allows unauthorized access to encrypted drives,…
Cybersecurity threats reported: Worm code leaked, AI agent compromised, software patch released.
By News RoomCybercrime Ecosystem Evolves: Supply Chain Attacks and Advanced Tools Threaten Security This week has highlighted a significant maturation in the cybercriminal landscape, moving beyond rudimentary attacks to sophisticated operations. A concerning trend involves the emergence of polished, readily available tools for complex attacks, such as supply chain compromise kits found…
Artificial Intelligence Disrupts Vulnerability Management, Prompting CISO Budget Reallocation to Breach and Attack Simulation
By News RoomThe landscape of cybersecurity has been fundamentally altered by the rapid advancements in artificial intelligence, compressing the discovery-to-exploit window for vulnerabilities from months to mere hours. This seismic shift renders traditional vulnerability management strategies, built on ample reaction time, obsolete. Organizations must now adapt to a new paradigm where the…
Cybersecurity researchers have identified a significant resurgence and expansion of JDY, a covert botnet linked to Chinese state-sponsored threat actors. This sophisticated network, primarily composed of compromised small office and home office (SOHO) and Internet of Things (IoT) devices, is actively being utilized for large-scale reconnaissance and targeting operations on…
CISA Adds Cisco, Chrome, and Arista Vulnerabilities to Known Exploited Vulnerabilities Catalog
By News RoomThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added three newly identified vulnerabilities to its catalog of Known Exploited Vulnerabilities (KEV) due to active exploitation in the wild. The inclusion of these flaws, detailed in a recent announcement, signals a fresh wave of cyber threats that organizations must urgently…
Research & Analysis
More Articles
Multiple technology giants, including Fortinet, Ivanti, and SAP, have issued critical security updates to address severe vulnerabilities. These flaws, if exploited, could empower unauthenticated attackers to execute arbitrary code remotely and gain unauthorized access to sensitive information. The swift action by these vendors underscores the ongoing challenges in maintaining robust…
Microsoft Addresses 206 Vulnerabilities, Including Three Zero-Day Exploits and Critical Remote Code Execution Flaws
By News RoomMicrosoft released a record-breaking 206 security patches on Tuesday, addressing a vast number of vulnerabilities across its software portfolio. Among these are three flaws that had already been publicly disclosed at the time of release, increasing the urgency for users to apply these critical updates. This extensive Patch Tuesday underscores…
ServiceNow has issued a critical warning regarding a security incident where unknown threat actors exploited a vulnerability, allowing them to gain unauthorized deeper access to susceptible customer instances. The software-as-a-service provider applied a security update on June 5, 2026, to address the flaw, which could have enabled unauthenticated users to…
Anthropic Unveils Claude Fable 5, Most Advanced AI, Incorporating Cybersecurity Measures
By News RoomOn June 9, artificial intelligence company Anthropic made its most capable model, Claude Fable 5, generally available, simultaneously introducing a dual-product strategy. This innovative approach splits the powerful AI not by its core capabilities, but by layers of safety classifiers, creating a public-facing version and a restricted version for cybersecurity…
Six Proto6 vulnerabilities discovered in protobuf.js pose risks of Remote Code Execution and Denial of Service to Node.js applications.
By News RoomCybersecurity researchers have identified six critical vulnerabilities, collectively named Proto6, within the widely-used JavaScript and TypeScript implementation of Protocol Buffers (Protobuf), known as protobuf.js. The potential for remote code execution (RCE) and denial-of-service (DoS) attacks necessitates immediate attention for developers utilizing this library in their Node.js applications. The security flaws,…
Microsoft Defender Identifies Zero-Day Vulnerability in RoguePlanet, Grants System Access on Updated Windows
By News RoomA security researcher known as Chaotic Eclipse has publicly released a proof-of-concept (PoC) exploit for a new Microsoft Defender zero-day vulnerability dubbed “RoguePlanet.” This exploit grants SYSTEM-level privileges, allowing attackers to execute arbitrary code on affected systems. The researcher claims the exploit has been tested and found to be effective…
Veeam has issued critical security patches for its widely-used Backup & Replication software to address a severe vulnerability, CVE-2026-44963, which could pave the way for remote code execution (RCE). This flaw, carrying a CVSS score of 9.4 out of 10, poses a significant risk to organizations relying on the software…
Google Chrome Addresses Actively Exploited Zero-Day Vulnerability Google has issued a critical security update to patch 74 vulnerabilities affecting its Chrome browser, prominently featuring a high-severity zero-day flaw that has already been exploited by attackers in the wild. The update addresses an out-of-bounds memory access in V8, Chrome’s JavaScript and…
University of Toronto researchers have successfully demonstrated a proof-of-concept AI-driven computer worm. This innovative malware utilizes a locally hosted large language model (LLM) to autonomously navigate networks, devise tailored attack strategies for each target it encounters, and replicate itself, all without human intervention or reliance on commercial AI services. The…
Two Russia-aligned cyber attack campaigns are continuing to exploit a critical WinRAR vulnerability, CVE-2025-8088, to target Ukrainian organizations, even nearly a year after security patches were made available. This ongoing exploitation highlights the persistent threat posed by unmanaged software and the challenges in patching legacy systems, leaving critical infrastructure vulnerable…
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has officially added a critical vulnerability affecting the BerriAI LiteLLM platform to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. This high-severity flaw, identified as CVE-2026-42271, presents a significant risk to organizations utilizing AI models through this popular open-source…
Security researchers have disclosed a critical Linux kernel vulnerability, CVE-2026-23111, which allows unprivileged local users to escalate their privileges to root and escape containerized environments. The flaw, identified in the kernel’s nf_tables packet-filtering code, was patched upstream on February 5, 2026. Exodus Intelligence, a cybersecurity firm, published a detailed technical…