U.S. CISA adds Oracle PeopleSoft Enterprise PeopleTools flaw to its Known Exploited Vulnerabilities catalog
U.S.
Oracle
20 articles
ShinyHunters is actively extorting universities after exploiting an unpatched Oracle flaw
Oracle still hasn't patched the vulnerability the group has been using in its attacks since late May. The post ShinyHunters is actively extorting universitie...
Active Exploitation of Oracle PeopleSoft Zero-Day (CVE-2026-35273)
Overview On June 10, 2026, Oracle published a security alert for CVE-2026-35273, a critical vulnerability in the Updates Environment Management component of ...
CISA Adds One Known Exploited Vulnerability to Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog, based on evidence of active exploitation. CVE-2026-35273 Oracle Pe...
Oracle mitigates PeopleSoft zero-day exploited in data theft attacks
Oracle is warning about a critical PeopleSoft Suite zero-day vulnerability tracked as CVE-2026-35273 that allows unauthenticated remote code execution, with ...
Oracle Addresses PeopleSoft Vulnerability Amid Reports of Zero-Day Attacks
Oracle has released a patch for CVE-2026-35273, but it has not said whether it’s a zero-day exploited in ShinyHunters attacks. The post Oracle Addresses Peop...
ShinyHunters gang targets Oracle PeopleSoft servers in data theft attacks
The ShinyHunters gang is exploiting a combination of old and zero-day vulnerabilities, referred to as a "gadget chain," to target both cloud and on-premises ...
Oracle PeopleSoft servers hacked in ShinyHunters data theft attacks
Oracle PeopleSoft servers are being targeted in ongoing data theft attacks by the ShinyHunters extortion gang, which claims to have stolen data from over 100...
Mini Shai-Hulud ‘Hades’ variant affects 23 PyPI package versions
The JavaScript stealer payload includes an anti-analysis LLM prompt injection.
Six Proto6 Vulnerabilities in protobuf.js Expose Node.js Apps to RCE and DoS
Cybersecurity researchers have flagged half a dozen vulnerabilities in protobuf.js, a JavaScript and TypeScript implementation of Protocol Buffers (Protobuf)...
New FROST Attack Lets Websites Track What Sites and Apps You Open via SSD Timing
A malicious website can work out which sites you visit and which apps you open, using nothing but JavaScript and the timing of your SSD. The attack, called F...
Lucid Stealer Hits 18 Browsers, Crypto Wallets, and Discord Tokens
A new, fully featured Lucid Stealer build that combines large-scale credential theft with hidden remote access. The sample, distributed through Telegram-link...
Fake Purchase Orders Spread JS.MonoGlyphRAT in U.S. Enterprise Attacks
Hackers are using highly convincing fake purchase orders and sales documents to sneak a new JavaScript backdoor, JS.MonoGlyphRAT, into US enterprises, where ...
Two-year old Oracle WebLogic Server vulnerability is being exploited
US federal government departments have been given until Thursday to patch a two-year old high severity vulnerability in Oracle WebLogic Server that could all...
CISA orders agencies to patch critical Oracle WebLogic Server vulnerability
The vulnerability, CVE-2024-21182, affects Oracle WebLogic Server versions 12.2.
Oracle WebLogic CVE-2024-21182 Added to KEV Catalog After Active Exploitation
The U.S.
CISA flags two-year-old Oracle flaw as actively exploited in attacks
CISA has ordered government agencies to secure their systems against a high-severity Oracle WebLogic Server vulnerability that was patched two years ago and ...
Oracle WebLogic Vulnerability Exploited in the Wild
The vulnerability is CVE-2024-21182 and it can be exploited without authentication to hack affected WebLogic servers. The post Oracle WebLogic Vulnerability ...
CISA Issues Alert on Oracle WebLogic Server Flaw Under Active Exploitation
The U.S.
Oracle’s First Monthly Patches Resolve 77 Vulnerabilities
Oracle’s monthly Critical Security Patch Update (CSPU) rollouts are meant to deliver critical fixes faster. The post Oracle’s First Monthly Patches Resolve 7...