Category: Exploits
Critical Oracle E-Business Suite Flaw Under Active Exploitation
Attackers are actively exploiting CVE-2026-46817, a critical unauthenticated takeover vulnerability in Oracle E-Business Suite, weeks after Oracle shipped a patch in its…
US Offers $10M Reward for Russian Hackers Targeting Signal and WhatsApp Accounts
The State Department's Rewards for Justice program is offering up to $10 million for information on two FSB- and GRU-linked groups that…
Nissan Employee Data Breach Tied to Oracle PeopleSoft Zero-Day Attacks
Nissan has disclosed a breach of current and former employee records after ShinyHunters exploited a critical zero-day in Oracle PeopleSoft, part of…
SimpleHelp Auth Bypass Exploited to Deploy Djinn Stealer and TaskWeaver
Attackers are actively exploiting a critical authentication bypass in SimpleHelp RMM software to install two previously undocumented malware families targeting developer credentials,…
Project Zero Details Exploitation of macOS CoreAudio Type Confusion Bug
Google Project Zero has published a deep technical walkthrough on exploiting CVE-2024-54529, a type confusion vulnerability in the macOS coreaudiod daemon, revealing…
Project Zero Chains 0-Click to Root on Pixel 10 via VPU Driver Flaw
Google Project Zero built a working zero-click root exploit chain for the Pixel 10, pivoting from a patched Dolby audio bug to…
Alleged Kimwolf Botmaster ‘Dort’ Arrested in Canada, Faces U.S. Charges
Jacob Butler, a 23-year-old Ottawa man, has been arrested by Canadian police and charged in both Canada and the United States for…
Scattered Spider Members Plead Guilty on Day One of UK Trial
Two key members of the Scattered Spider cybercrime group admitted to hacking Transport for London and conspiring in a series of ransomware…
Poland Arrests Four in SIM-Swapping Gang Behind Millions in Crypto Theft
Polish authorities, working with the FBI and HSI, have detained four members of a cybercrime group that breached telecom infrastructure and hijacked…
Phishing Campaign Hits Hotels in Europe and Asia with Node.js Implant
Microsoft has flagged an active phishing operation targeting hospitality organizations since April 2026, delivering a Node.js-based implant through photo-themed ZIP file lures.
Polymarket Hit by Supply Chain Attack, $3 Million in Crypto Stolen
A compromised third-party vendor injected a malicious script into Polymarket's frontend, enabling attackers to steal roughly $3 million from at least 11…
Klue Supply Chain Breach Widens as Extortion Takes a Chaotic Turn
Nearly two dozen confirmed victims have emerged from the Klue supply chain attack, while the threat actor behind the breach has reportedly…