Oracle PeopleSoft CVE-2026-35273: ShinyHunters Breaches 100+ Orgs
June 11, 2026
Oracle issued emergency mitigations for CVE-2026-35273, an RCE flaw in PeopleSoft, after ShinyHunters breached 300 instances across more than 100
News
Oracle PeopleSoft CVE-2026-35273: ShinyHunters Breaches 100+ Orgs
Oracle issued emergency mitigations for CVE-2026-35273, an RCE flaw in PeopleSoft, after ShinyHunters breached 300 instances across more than 100 organizations.
Nottingham University Breach Exposes Data on 454,600 Students
ShinyHunters posted 40GB of stolen data on 454,600 University of Nottingham students, exposing passport numbers, disability data, and credit card details.
FBI Seizes 13 Chinese Spy Sites Targeting U.S. Clearance Holders
The FBI and DOJ seized 13 websites used by Chinese intelligence services to recruit current and former U.S. government workers who hold security clearances.
China-Linked JDY Botnet Hits 1,500 Devices Targeting U.S. Military
Black Lotus Labs tracked the JDY botnet's growth to 1,500-plus compromised devices, with U.S. military networks identified as the primary target sector.
CISA BOD 26-04 Mandates 3-Day Patch Window for Federal Agencies
CISA BOD 26-04 requires all federal civilian agencies to patch critical KEV-listed exploited vulnerabilities within three days, cutting the two-week timeline.
RoguePlanet Zero-Day Gives Attackers SYSTEM on Patched Windows
Security researcher Nightmare Eclipse dropped RoguePlanet, an unpatched LPE zero-day in Microsoft Defender that grants SYSTEM on fully patched Windows.
Ivanti Sentry CVE-2026-10520 Actively Exploited, Devices Backdoored
Ivanti Sentry CVE-2026-10520 is a CVSS 10.0 unauthenticated root RCE under active exploitation. Two instances were confirmed backdoored on disclosure day.
Langflow CVE-2026-5027: Path Traversal Becomes Unauthenticated RCE
CVE-2026-5027 in Langflow allows unauthenticated attackers to write arbitrary files via path traversal, achieving RCE on 7,000 publicly exposed AI instances.
WorldLeaks Claims Apple Supplier Tata Electronics and Two More Firms
WorldLeaks, the rebranded Hunters International group, posted three new victims: Tata Electronics, First Federal Savings & Loan, and India's Reliance Group.
Google Patches 5th Chrome Zero-Day; V8 Flaw Chains for OS Access
Google patched CVE-2026-11645, a V8 out-of-bounds flaw being chained with a sandbox escape to achieve OS code execution. The fifth Chrome zero-day of 2026.
Nottingham University Breach Exposes Data on 454,600 Students
June 11, 2026
ShinyHunters posted 40GB of stolen data on 454,600 University of Nottingham students, exposing passport numbers, disability data, and credit card
FBI Seizes 13 Chinese Spy Sites Targeting U.S. Clearance Holders
June 11, 2026
The FBI and DOJ seized 13 websites used by Chinese intelligence services to recruit current and former U.S. government workers
China-Linked JDY Botnet Hits 1,500 Devices Targeting U.S. Military
June 11, 2026
Black Lotus Labs tracked the JDY botnet’s growth to 1,500-plus compromised devices, with U.S. military networks identified as the primary
CISA BOD 26-04 Mandates 3-Day Patch Window for Federal Agencies
June 11, 2026
CISA BOD 26-04 requires all federal civilian agencies to patch critical KEV-listed exploited vulnerabilities within three days, cutting the two-week
RoguePlanet Zero-Day Gives Attackers SYSTEM on Patched Windows
June 11, 2026
Security researcher Nightmare Eclipse dropped RoguePlanet, an unpatched LPE zero-day in Microsoft Defender that grants SYSTEM on fully patched Windows.
Ivanti Sentry CVE-2026-10520 Actively Exploited, Devices Backdoored
June 11, 2026
Ivanti Sentry CVE-2026-10520 is a CVSS 10.0 unauthenticated root RCE under active exploitation. Two instances were confirmed backdoored on disclosure
Langflow CVE-2026-5027: Path Traversal Becomes Unauthenticated RCE
June 11, 2026
CVE-2026-5027 in Langflow allows unauthenticated attackers to write arbitrary files via path traversal, achieving RCE on 7,000 publicly exposed AI
WorldLeaks Claims Apple Supplier Tata Electronics and Two More Firms
June 11, 2026
WorldLeaks, the rebranded Hunters International group, posted three new victims: Tata Electronics, First Federal Savings & Loan, and India’s Reliance
Google Patches 5th Chrome Zero-Day; V8 Flaw Chains for OS Access
June 10, 2026
Google patched CVE-2026-11645, a V8 out-of-bounds flaw being chained with a sandbox escape to achieve OS code execution. The fifth
Trending
Daily Briefing Newsletter
Subscribe to the Daily Security Review Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.