Oracle PeopleSoft zero‑day fuels ShinyHunters extortion spree

A newly disclosed Oracle PeopleSoft zero-day became the weapon of choice in a recent ShinyHunters extortion campaign that primarily targeted universities and other educational institutes.

Attackers exploited the critical remote code execution (RCE) flaw in PeopleSoft’s Environment Management component that Oracle started warning customers about on June 10, 2026. In an advisory, the company urged…

Read more →
Microsoft feud escalates as researcher drops new Windows zero-day

The long-running feud between Microsoft and security researcher Nightmare Eclipse has entered a new chapter.

Eclipse, who has spent the past several months publicly releasing unpatched Windows vulnerabilities while sparring with Microsoft over vulnerability disclosure practices, has published exploit code for a new zero-day flaw dubbed RoguePlanet.

The researcher said their exploit uses a race…

Read more →
Linux kernel maintainers suggest a ‘kill switch’ to protect systems until a zero-day vulnerability is patched

Linux server admins may get the ability to turn off a vulnerable function in the OS kernel until a patch for a zero-day vulnerability is ready, if a proposal from a kernel developer and maintainer is accepted by the open source community.

The idea of a kill switch for privileged operators has been suggested by Sasha Levin, a distinguished engineer at Nvidia and co-maintainer of the long-term…

Read more →
April Patch Tuesday roundup: Zero day vulnerabilities and critical bugs

A critical hole in Windows Internet Key Exchange for secure communications, an actively exploited zero day in Microsoft SharePoint and a critical SQL injection vulnerability in a SAP product are the focus of the April Patch Tuesday releases requiring immediate attention from IT security teams.

“April’s threat landscape is defined by immediate, real-world exploitation rather than just theoretical…

Read more →
Hackers have been exploiting an unpatched Adobe Reader vulnerability for months

Adobe Reader vulnerabilities have been exploited for decades by threat actors taking advantage of the universal use of the utility to fool employees into downloading infected PDF documents through phishing lures.

Now a security researcher says a Reader hole has been quietly exploited by malware for as long as four months, fingerprinting computers to gather information that will allow attackers…

Read more →
The zero-day timeline just collapsed. Here’s what security leaders do next

A zero-day is not frightening because it is sophisticated. It is frightening because it is unknown. There is no patch in the moment it matters most. That single condition undermines the comfort most security programs rely on: time.

In the past, attackers didn’t need zero-days because they relied on predictable failures in patching and credential hygiene. The sheer labor required to find new…

Read more →
Attackers exploit critical Langflow RCE within hours as CISA sounds alarm

Attackers have exploited a critical Langflow RCE within hours of disclosure, prompting the US Cybersecurity and Infrastructure Security Agency (CISA) to formally flag it for urgent remediation.

The flaw, which allows running arbitrary code on vulnerable Langflow instances without >credentials, was weaponized within 20 hours of the open-source AI-pipeline tool disclosing it.

According to a…

Read more →
Chinese hackers exploited zero-day Dell RecoverPoint flaw for 1.5 years

For the past 18 months, a Chinese cyberespionage group has been exploiting a prevously unknown vulnerability in Dell’s RecoverPoint for Virtual Machines, a VM disaster recovery solution. The flaw, patched by Dell this week, allows unauthenticated attackers to gain command execution on the underlying OS as root.

The vulnerability, tracked as CVE-2026-22769, stems from hardcoded admin credentials…

Read more →
Page 1