A zero-day vulnerability (CVE-2026-35273) in Oracle PeopleSoft PeopleTools is being exploited in the wild, Charles Carmakal, CTO at cybersecurity firm Mandiant, part of Google Cloud, warned today. The warning comes a day after Oracle published an out-of-band security alert about…
Episource Cyberattack Affects 6.7M Individuals
Episource LLC, a medical coding and risk adjustment services provider owned by UnitedHealth Group’s Optum division, has disclosed a cyberattack that compromised the protected health information of 6,725,572 individuals. This article has been indexed from CyberMaterial Read the original article:…
Check Point expands MSP platform with AI governance
Check Point has announced a significant expansion of its Managed Service Provider platform, introducing three strategic capabilities designed to address the challenges MSPs face in securing AI adoption and delivering managed security services. This article has been indexed from CyberMaterial…
IT Security News Hourly Summary 2026-06-11 15h : 17 posts
17 posts were published in the last hour 13:5 : FBI Seizes 13 Domains in Chinese Intelligence Op 13:4 : AI Coding Adoption at 97% but Governance Lags 12:32 : Multiple Splunk Enterprise Vulnerabilities Allow Attackers to Execute Malicious Script…
FBI Seizes 13 Domains in Chinese Intelligence Op
Federal authorities have taken down 13 internet domains allegedly connected to a Chinese intelligence-gathering operation targeting U.S. This article has been indexed from CyberMaterial Read the original article: FBI Seizes 13 Domains in Chinese Intelligence Op
AI Coding Adoption at 97% but Governance Lags
Nearly all software development teams have adopted AI coding assistants, but a critical governance gap is preventing organizations from realizing the full productivity benefits these tools promise. This article has been indexed from CyberMaterial Read the original article: AI Coding…
Multiple Splunk Enterprise Vulnerabilities Allow Attackers to Execute Malicious Script
Multiple high and critical vulnerabilities in Splunk Enterprise could allow attackers to execute malicious scripts, exfiltrate sensitive data, and perform unauthorized file operations, according to a series of security advisories released on June 10, 2026. The most severe flaw, tracked…
Hackers Abuse VMware-Signed Binary to Sideload NIGHTFORGE Loader in Espionage Attacks
A newly uncovered espionage operation has been quietly targeting government institutions in Cambodia, and the method behind it is as clever as it is alarming. Threat actors have been abusing a legitimate, digitally signed VMware binary to slip a custom…
GreatXML BitLocker Bypass 0-Day Exploited Via Windows Defender Offline Scan
A newly disclosed zero-day exploit, dubbed GreatXML, enables attackers with physical access to fully bypass BitLocker drive encryption on Windows systems by leveraging an obscure but common side effect of Windows Defender Offline Scan, no login required, under certain conditions.…
Oracle Emergency Security Update to Fix Critical RCE Vulnerability
Oracle has issued an emergency Security Alert to address a critical remote code execution vulnerability (CVE-2026-35273) affecting PeopleSoft Enterprise PeopleTools. The vulnerability carries a CVSS v3.1 score of 9.8, highlighting its severity and the urgent need for remediation across enterprise…
PoC Exploit Released for Guest-to-Host Escape Linux Kernel Vulnerability
A proof-of-concept (PoC) exploit has been released for a critical Linux kernel vulnerability, CVE-2026-46316, that enables a guest-to-host escape in KVM environments on arm64 systems. The flaw, named “ITScape,” allows attackers to break out of a virtual machine and execute…
Most Cybersecurity Teams Struggle to Find Time for Training on New Cyber Threats
Organizations are aware of the challenges that new technologies like AI bring: but cybersecurity staff struggle to make time for the required training during working hours This article has been indexed from www.infosecurity-magazine.com Read the original article: Most Cybersecurity Teams…
GitHub Introduces Automatic Controls to Prevent Malicious npm Install Scripts
GitHub has announced a major security-focused overhaul of npm with the upcoming release of npm v12, introducing stricter default controls designed to mitigate software supply chain attacks and prevent unauthorized code execution during package installation. The changes, currently available as…
Hackers Exploit SniperDz PhaaS for Brand Spoofing and Browser Hijacking
A wave of phishing campaigns across the Middle East and North Africa exposes a sophisticated, centralized fraud ecosystem operating under the SniperDz banner. What initially appeared as isolated Facebook and Instagram scams fake offers for free mobile data, government subsidies,…
Attackers Exploit Critical Langflow Flaw for Remote Code Execution
Attackers have begun actively exploiting a high-severity vulnerability in Langflow, tracked as CVE-2026-5027, which enables remote code execution via a path traversal flaw in the platform’s file upload functionality. The issue, disclosed by Tenable under advisory TRA-2026-26, affects the POST /api/v2/files endpoint,…
Claude Fable 5 vs Mythos: Which AI Model Better Cybersecurity Teams?
The real question in cybersecurity isn’t “Which AI is smarter?”—it’s “Which AI helps security teams make better decisions?”… The post Claude Fable 5 vs Mythos: Which AI Model Better Cybersecurity Teams? appeared first on Hackers Online Club. This article has…
Signal Alums Reveal ‘Encrypted Spaces,’ a System for Making Private Collaboration Apps
The new open-source project could serve as the basis for a future of apps with features as complex as Slack, Discord, or Google Docs—but with added protection against surveillance. This article has been indexed from Security Latest Read the original…
Data of 2.4 million VRChat users stolen
We explain what data was exposed, the potential risks, and the steps you should take now. This article has been indexed from Malwarebytes Read the original article: Data of 2.4 million VRChat users stolen
Siemens Says Desigo CC Files Flagged as Malware by Security Engines
A PowerShell script included in patch files appears to be triggering false positives by multiple security engines. The post Siemens Says Desigo CC Files Flagged as Malware by Security Engines appeared first on SecurityWeek. This article has been indexed from…
Hackers Exploit Langflow Vulnerability for Remote Code Execution
Disclosed in March, the security defect enables unauthenticated attackers to write files to arbitrary locations on the system. The post Hackers Exploit Langflow Vulnerability for Remote Code Execution appeared first on SecurityWeek. This article has been indexed from SecurityWeek Read…
AI Broke Vulnerability Management. That’s Why CISOs Are Moving Budget to BAS.
For thirty years, vulnerability management ran on a buffer: the months between when a vulnerability was found and when someone could figure out how to weaponize it. The solution was straightforward enough; triage by severity, schedule the fix, validate, and…
Chaotic Eclipse Strikes Again: New Zero-Day Unlocks BitLocker in Four Hours of Research
GreatXML bypasses BitLocker via Defender offline scan artifacts, giving SYSTEM shell in Recovery Mode. No patch exists. Any machine that ran an offline scan is vulnerable. On June 10, security researcher Chaotic Eclipse (aka Nightmare Eclipse) published a new working…
Enhanced License Plate Tracking
The surveillance company Leonardo wants more data: A surveillance company plans to add sensors to automatic license plate readers (ALPRs) that would mean the devices, as well as capture the license plate of passing vehicles, would also sweep up unique…
Children’s phones must block nude images by September, UK says
Apple and Google have three months to block nude images on children’s phones. They’re not allowed to collect any data while they do it. This article has been indexed from Malwarebytes Read the original article: Children’s phones must block nude…