TECHZONE™

OceanLotus: From external espionage to domestic targeting https://www.welivesecurity.com/en/eset-research/oceanlotus-external-espionage-domestic-targeting/ A shift in operational pattern of the infamous Vietnam-aligned APT group

ShinyHunters Exploits Oracle PeopleSoft Zero-Day (CVE-2026-35273) to Breach Universities https://thehackernews.com/2026/06/shinyhunters-exploits-oracle-peoplesoft.html The ShinyHunters extortion crew exploited an unpatched flaw in Oracle PeopleSoft to break into enterprise systems, steal data, and demand payment to keep it private. The campaign hit universities hardest. Google's Mandiant attributes it to the group it tracks as UNC6240, and dates the activity between May 27 and June 9. Oracle did not publish its advisory until June 10, so the bug was a

AI Broke Vulnerability Management. That's Why CISOs Are Moving Budget to BAS. https://thehackernews.com/2026/06/ai-broke-vulnerability-management-thats.html For thirty years, vulnerability management ran on a buffer: the months between when a vulnerability was found and when someone could figure out how to weaponize it. The solution was straightforward enough; triage by severity, schedule the fix, validate, and move on. The buffer was what made that work. Today, that buffer is gone. AI didn't make your team slower. It changed the other side of the

OceanLotus Hits Vietnam Investors With SPECTRALVIPER in FireAnt Attack https://thehackernews.com/2026/06/oceanlotus-hits-vietnam-investors-with.html The Vietnam-aligned threat actor known as OceanLotus has been attributed to two distinct campaigns that targeted domestic entities and stock investors with a backdoor known as SPECTRALVIPER. The campaigns involve a prolonged cyber espionage operation aimed at a Vietnamese infrastructure and transport construction corporation between mid-2024 and February 2026, as well as a supply chain attack

GitHub to Disable npm Install Scripts by Default to Stop Supply Chain Attacks https://thehackernews.com/2026/06/github-to-disable-npm-install-scripts.html GitHub has announced what it said are "breaking changes" coming to npm version 12, one of which turns off install scripts by default to combat software supply chain threats. The changes aim to combat attack techniques that abuse the "npm install" command to trigger the execution of malicious code using npm lifecycle hooks. "Npm install" is used to download and install all the necessary

SMB cyber-readiness: What makes or breaks it https://www.welivesecurity.com/en/business-security/smb-cyber-readiness-what-makes-breaks-it/ A company that's expecting a cyberattack but hasn’t actively prepared for it risks making the hardest decisions at the worst possible moment

China-Linked JDY Botnet Expands to 1,500+ Devices for Cyber Reconnaissance https://thehackernews.com/2026/06/china-linked-jdy-botnet-expands-to-1500.html Cybersecurity researchers have warned of a "resurgence and expansion" of JDY, a covert network associated with China-nexus state-sponsored threat actors. "The JDY botnet comprises over 1,500 SOHO [small office and home office] and IoT devices and operates as a centrally controlled, high-performance scanner used to discover, fingerprint, and continuously map exposed services at scale," Lumen's

Ivanti, Fortinet, and SAP Release Patches for Multiple Critical Vulnerabilities https://thehackernews.com/2026/06/ivanti-fortinet-and-sap-release-patches.html Fortinet, Ivanti, and SAP have released security updates to address multiple critical security vulnerabilities that could result in arbitrary code execution and information disclosure. The security flaw patched by Fortinet relates to a command injection vulnerability in FortiSandbox, FortiSandbox Cloud, and FortiSandbox PaaS WEB UI. It's tracked as CVE-2026-25089 (CVSS score: 9.1). "An

Unpatched Langflow Flaw CVE-2026-5027 Exploited for Unauthenticated RCE https://thehackernews.com/2026/06/unpatched-langflow-flaw-cve-2026-5027.html A high-severity unpatched security flaw in Langflow, an open-source low-code platform to build artificial intelligence (AI) applications, has come under active exploitation in the wild, according to findings from VulnCheck. The vulnerability in question is CVE-2026-5027 (CVSS score: 8.8), a case of path traversal that could allow an attacker to write files to arbitrary locations. "The 'POST /

CISA Adds Cisco, Chrome, and Arista Flaws to KEV Catalog Amid Active Exploitation https://thehackernews.com/2026/06/cisa-adds-cisco-chrome-and-arista-flaws.html The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation. The list of vulnerabilities is as follows - CVE-2026-20245 (CVSS score: 7.8) - An improper encoding or escaping of output vulnerability in Cisco Catalyst SD-WAN Manager that could allow an

Your Automated Pentest Looks Clean. See What It Missed in This Expert Webinar https://thehackernews.com/2026/06/your-automated-pentest-looks-clean-see.html Your pentest report looks clean. That might be the problem. Run automated pentesting long enough, and the new findings start to dry up. By the third or fourth run, fewer issues appear. The report looks stable. Leadership reads "stable" as "secure." It usually isn't. The work slows down. The risk does not. That gap is what a The Hacker News webinar with Picus Security sets out to close. Autumn

Microsoft Patches Record 206 Flaws, Including Three Zero-Days and Critical RCE Bugs https://thehackernews.com/2026/06/microsoft-patches-record-206-flaws.html Microsoft on Tuesday released fixes for a record 206 security vulnerabilities impacting its software portfolio, including three flaws that have been publicly disclosed at the time of release. Of the 206 flaws, 39 are rated Critical, and 167 are rated Important in severity. This includes 63 privilege escalation, 56 remote code execution, 30 information disclosure, 27 spoofing, 20 security

Anthropic Releases Claude Fable 5, Its Most Powerful AI Yet, With Cyber Safeguards https://thehackernews.com/2026/06/anthropic-releases-claude-fable-5-its.html On June 9, Anthropic released Claude Fable 5, the most capable model it has ever made, generally available. It also did something unusual: it shipped one model as two products, split not by capability but by a layer of safety classifiers. Fable 5 goes to the public. Its twin, Claude Mythos 5, the same underlying model with the cyber safeguards lifted, stays locked to a vetted group of cyber

ServiceNow Flaw Exploited to Gain Unauthorized Access to Customer Instances https://thehackernews.com/2026/06/servicenow-flaw-exploited-to-gain.html ServiceNow has warned about a security incident in which unknown threat actors exploited a flaw to obtain deeper unauthorized access to susceptible instances. "On June 5, 2026, ServiceNow applied a security update to hosted customer instances," the company revealed in an advisory that requires customer access. "The update concerned a security issue that could allow an unauthenticated user, in

Microsoft Defender RoguePlanet Zero-Day Grants SYSTEM Access on Updated Windows https://thehackernews.com/2026/06/microsoft-defender-rogueplanet-zero-day.html The anonymous security researcher going by the name Chaotic Eclipse (aka Nightmare-Eclipse) has released a proof-of-concept (PoC) exploit for yet another Microsoft Defender zero-day named RoguePlanet. "The exploit is a race condition, so it's a hit or miss," the researcher, who published the exploit under a new GitHub account, "MSNightmare" said. "I have managed to get a 100% success rate on

Six Proto6 Vulnerabilities in protobuf.js Expose Node.js Apps to RCE and DoS https://thehackernews.com/2026/06/six-proto6-vulnerabilities-in.html Cybersecurity researchers have flagged half a dozen vulnerabilities in protobuf.js, a JavaScript and TypeScript implementation of Protocol Buffers (Protobuf), that, if successfully exploited, could result in remote code execution (RCE) and denial-of-service (DoS) attacks. "In affected environments, a single malicious protobuf schema, descriptor, or crafted payload could be enough to trigger

Cybercriminals: the 'auditors' you never hired https://www.welivesecurity.com/en/business-security/cybercriminals-auditors-never-hired/ Every organisation gets audited. The question is who does the auditing.

Meta to Use Off-Site Business Data for Feed and AI Personalization https://thehackernews.com/2026/06/meta-to-use-off-site-business-data-for.html Meta on Tuesday announced that it will use information shared by other businesses to personalize users' feed and responses from its artificial intelligence (AI) chatbot, expanding its scope beyond targeted ads. "Businesses often share information about people's activity on their sites with us to make ads more relevant," Meta said in a statement. "We already use this data - like games you play

Veeam Backup & Replication RCE Flaw Lets Domain Users Run Remote Code https://thehackernews.com/2026/06/veeam-backup-replication-rce-flaw-lets.html Veeam has released security patches to address a critical flaw in its Backup & Replication software that could result in remote code execution. Tracked as CVE-2026-44963, the vulnerability carries a CVSS score of 9.4 out of a maximum of 10.0. "A vulnerability allowing remote code execution (RCE) on the Backup Server by an authenticated domain user," Veeam said in a Tuesday advisory. It

Microsoft Restores Some GitHub Repos, Keeps Others Offline as Miasma Probe Continues https://thehackernews.com/2026/06/microsoft-restores-some-github-repos.html Microsoft on Monday confirmed that it temporarily removed some GitHub repositories in response to a recent security incident that led to 73 of its open-source projects being compromised to inject an information stealer into the code. "Our priority is to protect customers and the broader ecosystem," a Microsoft spokesperson told The Hacker News via email. "We temporarily removed some