Internet Security

U.S. CISA adds Oracle PeopleSoft Enterprise PeopleTools flaw to its Known Exploited Vulnerabilities catalog

June 13, 2026 add comment
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Oracle PeopleSoft Enterprise PeopleTools flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Oracle PeopleSoft... Read more »

Iran-Linked Handala Breached a California Water Utility. It Could Have Done Worse, and It Knows That.

June 12, 2026 add comment
Pro-Iran group Handala breached Cal Water via an exposed GPS tool, reaching billing data for 2M customers. 5GB leaked. On June 11, 2026, the Iran-linked threat group Handala posted... Read more »

U.S. CISA adds Ivanti Sentry flaw to its Known Exploited Vulnerabilities catalog and urges patching by June 14

June 12, 2026 add comment
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Ivanti Sentry flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Ivanti Sentry flaw, tracked... Read more »

Oracle PeopleSoft RCE Flaw Used as Zero-Day in Ongoing ShinyHunters Campaign

June 12, 2026 add comment
ShinyHunters exploited a critical Oracle PeopleSoft zero-day to breach over 100 organizations, mostly universities, before a patch was available. Mandiant and Google’s Threat Intelligence Group published an analysis of... Read more »

21,786 Home Cameras, No Password, No Warning

June 12, 2026 add comment
21,786 live cameras stream with zero authentication. Cheap gear is the real risk, webcamXP open 46% of the time. Your home router is the broadcast tower. In May 2026,... Read more »

CVE-2026-10520 Exploited: Ivanti Sentry Gateways Compromised Shortly After Patch Release

June 11, 2026 add comment
Attackers are exploiting the critical CVE-2026-10520 flaw in Ivanti Sentry, compromising many internet-exposed gateways shortly after patches were released. Threat actors have started exploiting a maximum-severity OS command injection... Read more »

OnyxC2 Malware-as-a-Service Offers Enterprise-Grade Data Theft

June 11, 2026 add comment
OnyxC2 is a MaaS stealer targeting 210+ apps, using DLL sideloading, encrypted payloads, and remote access features to evade detection. OnyxC2 appeared on a cybercrime forum earlier this year... Read more »

Chaotic Eclipse Strikes Again: New Zero-Day Unlocks BitLocker in Four Hours of Research

June 11, 2026 add comment
GreatXML bypasses BitLocker via Defender offline scan artifacts, giving SYSTEM shell in Recovery Mode. No patch exists. Any machine that ran an offline scan is vulnerable. On June 10,... Read more »

Fortinet patched a new critical FortiSandbox flaw

June 11, 2026 add comment
Fortinet patched a critical FortiSandbox vulnerability that could let unauthenticated attackers remotely execute commands via crafted HTTP requests. Fortinet released security updates to address several vulnerabilities affecting FortiSandbox, FortiOS,... Read more »

JDY Botnet Evolves After KV Takedown, Targets Military Networks

June 11, 2026 add comment
JDY botnet scans SOHO/IoT devices globally to map services and targets, especially US military networks. Lumen’s Black Lotus Labs reported the resurgence of the JDY botnet, a covert reconnaissance... Read more »
Subscribe to our Newsletter