Oracle PeopleSoft RCE Flaw Used as Zero-Day in Ongoing ShinyHunters Campaign
ShinyHunters exploited a critical Oracle PeopleSoft zero-day to breach over 100 organizations, mostly universities, before a patch was available. Mandiant an...
20 articles
ShinyHunters exploited a critical Oracle PeopleSoft zero-day to breach over 100 organizations, mostly universities, before a patch was available. Mandiant an...
The browser refresh resolved critical and high-severity security defects, including a dozen use-after-free bugs. The post Chrome 149 Update Patches 28 Vulner...
A newly disclosed Oracle PeopleSoft zero-day became the weapon of choice in a recent ShinyHunters extortion campaign that primarily targeted universities and...
An active espionage campaign tracked as SHEETCREEP that leverages a UAE‑India diplomatic-themed ISO lure to deliver a compact C# remote access trojan (RAT) a...
Oracle has mitigated CVE-2026-35273, but it has not publicly confirmed the vulnerability’s in-the-wild exploitation. The post Google Confirms Exploitation of...
Researcher Arvin Shivram has earned $500,000 in bug bounties from Google’s Vulnerability Reward Program (VRP) by deploying an AI-powered fuzzing framework ag...
A newly disclosed zero-day vulnerability in Oracle PeopleSoft is being actively exploited by the ShinyHunters threat group, according to a joint investigatio...
The ShinyHunters extortion crew exploited an unpatched flaw in Oracle PeopleSoft to break into enterprise systems, steal data, and demand payment to keep it ...
Introduction Mandiant and Google Threat Intelligence Group (GTIG) have identified an active compromise and extortion campaign attributed to UNC6240 (ShinyHun...
A zero-day vulnerability (CVE-2026-35273) in Oracle PeopleSoft PeopleTools is being exploited in the wild, Charles Carmakal, CTO at cybersecurity firm Mandia...
View CSAF Summary Successful exploitation of these vulnerabilities could allow an attacker to obtain hard-coded credentials, gain access to telemetry data, a...
Threat actors increasingly abuse Amazon Web Services (AWS) CloudTrail and Google Cloud Logging to evade detection, poison or exfiltrate logs, and in some cas...
The U.S.
U.S.
CISA has issued a new warning about an actively exploited zero-day vulnerability in Google Chromium that could allow attackers to execute arbitrary code thro...
Apple is bringing its Private Cloud Compute (PCC) platform to Google Cloud, expanding the infrastructure behind Apple Intelligence to third-party data center...
Android.MagicAd, a stealthy Android trojan family that circumvents operating-system safeguards to push intrusive ads from the background.
CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation.
Google has released security updates to address 74 vulnerabilities, including one that has come under active exploitation in the wild. The high-severity vuln...