Latest Briefings
Oracle PeopleSoft SSRF Flaw Requires No Auth, Scores 9.3 CVSS
A server-side request forgery vulnerability in Oracle PeopleSoft's HttpListeningConnector can be exploited by unauthenticated remote attackers and chained with other bugs to…
Critical libssh2 Flaw Gets Public PoC, Clients at Risk of Code Execution
A proof-of-concept exploit is now public for CVE-2026-55200, a critical memory corruption bug in libssh2 that allows a malicious SSH server to…
Critical Oracle E-Business Suite Flaw Under Active Exploitation
Attackers are actively exploiting CVE-2026-46817, a critical unauthenticated takeover vulnerability in Oracle E-Business Suite, weeks after Oracle shipped a patch in its…
Nissan Employee Data Breach Tied to Oracle PeopleSoft Zero-Day Attacks
Nissan has disclosed a breach of current and former employee records after ShinyHunters exploited a critical zero-day in Oracle PeopleSoft, part of…
SimpleHelp Auth Bypass Exploited to Deploy Djinn Stealer and TaskWeaver
Attackers are actively exploiting a critical authentication bypass in SimpleHelp RMM software to install two previously undocumented malware families targeting developer credentials,…
May 2026 Patch Tuesday: 118 Microsoft Fixes, No Zero-Days, AI Finds Bugs
Microsoft's May 2026 Patch Tuesday addresses 118 vulnerabilities with no actively exploited zero-days, while AI-assisted bug discovery is driving record patch volumes…
Project Zero Chains 0-Click to Root on Pixel 10 via VPU Driver Flaw
Google Project Zero built a working zero-click root exploit chain for the Pixel 10, pivoting from a patched Dolby audio bug to…
CISA Contractor Leaked AWS GovCloud Keys and Plaintext Passwords on GitHub
A public GitHub repository maintained by a Nightwing contractor exposed highly privileged AWS GovCloud credentials, plaintext passwords, and internal CISA system files…
Alleged Kimwolf Botmaster ‘Dort’ Arrested in Canada, Faces U.S. Charges
Jacob Butler, a 23-year-old Ottawa man, has been arrested by Canadian police and charged in both Canada and the United States for…
Active Exploitation of PAN-OS GlobalProtect Auth Bypass CVE-2026-0257
Unit 42 has confirmed active in-the-wild exploitation of a PAN-OS authentication bypass affecting GlobalProtect portals and gateways, with the flaw added to…
Critical Path Traversal Flaw in pynetdicom Threatens Healthcare Systems
A critical path traversal vulnerability in the pynetdicom library allows unauthenticated attackers to write files to arbitrary locations, affecting all versions from…
PTC Windchill Flaw Exploited in the Wild, CISA Issues KEV Alert
A remote code execution vulnerability in PTC Windchill and FlexPLM is being actively exploited to deploy persistent webshells, marking the first confirmed…