Data / Tool
Open the risk workbench
Search records, inspect source links, compare priority, export capped samples, and check source freshness before deciding what deserves deeper review.
Active Exploitation of Oracle E-Business Suite CVE-2026-46817 Highlights Critical Patch Delay Risks
Attackers are actively exploiting CVE-2026-46817, a critical unauthenticated remote code execution flaw in Oracle E-Business Suite’s Payments module, with Defused observing real-world exploitation over the weekend and Shadowserver tracking over 450 exposed instances globally. Oracle patched the vulnerability in its May 2026 CPU but warns unpatched systems remain at risk.
Nissan Employee Data Breach Highlights Systemic Risk in Oracle PeopleSoft in Oracle PeopleSoft Zero-Day Campaign
Nissan disclosed a data breach affecting current and former employees across North and South America after threat actors exploited CVE-2026-35273, a zero-day vulnerability in Oracle PeopleSoft PeopleTools, in a campaign linked to ShinyHunters that compromised over 300 instances across 100 organizations, primarily in education, between May 27 and June 9, 2026.
AhnLab Details May 2026 Korean APT Campaigns Using LNK Files and Living-off-the-Land Techniques
AhnLab’s May 2026 report identifies spear phishing with malicious LNK files as the dominant APT infection vector in South Korea, detailing six attack types that abuse PowerShell, curl.exe, and legitimate Windows tools to deploy info-stealers, keyloggers, and backdoors via GitHub and Google Drive, while also noting CHM and JSE-based variants using regsvr32 and certutil for evasion.
DirtyClone Linux Kernel Flaw Enables Root Escalation via Cloned Network Packets
CVE-2026-43503 (CVSS 8.8) allows local users to gain root by corrupting file-backed memory through cloned network packets, exploiting a missing shared-frag flag in kernel packet handling. The flaw affects multi-tenant systems where unprivileged namespaces are enabled, including CI runners and Kubernetes clusters. A patch was merged in Linux v7.1-rc5 on May 21, 2026.
CISA KEV Addition of PTC Windchill RCE Flaw Exposes Gaps in Enterprise Patch Timelines
CISA’s inclusion of CVE-2026-12569 in the KEV catalog confirms active exploitation of a critical deserialization flaw in PTC Windchill PDMlink and FlexPLM, with attackers deploying JSP web shells for persistence. Despite patches released the prior week, continued threat activity highlights systemic delays in enterprise patch deployment and detection coverage for specialized PLM systems.
Cisco Unified CM Exploit Analysis: CVE-2026-20230 File-Write Flaw Drives Federal Patch Mandate
Active exploitation of CVE-2026-20230, a critical SSRF vulnerability in Cisco Unified CM enabling unauthenticated file writes and potential root access via the WebDialer service, has prompted CISA to add the flaw to its KEV catalog with a June 28, 2026 deadline for federal agencies. Despite WebDialer being disabled by default, misconfigurations in enterprise deployments are exposing systems to attack, highlighting the critical need for configuration validation alongside patching.
CISA Alert: Active Exploitation of Critical Lantronix EDS5000 Flaw Demands Immediate Patching
CISA has warned of active exploitation of CVE-2025-67038, a critical code injection vulnerability in Lantronix EDS5000 Series devices, requiring Federal Civilian Executive Branch agencies to apply patches by June 26, 2026. The flaw allows unauthenticated remote command execution with root privileges via the HTTP RPC module, posing significant risks to network integrity and device security.
Research Digest: Explainable ML Framework Reveals Moral Condemnation as Dominant Tactic in Korean Foreign Influence Operations
A two-decade analysis of 112 million South Korean news comments identifies 23,998 accounts showing coordinated manipulation behavior, with moral condemnation of domestic political figures driving higher engagement than direct foreign narrative promotion, informing platform defense prioritization.
Cordyceps CI/CD Flaw Reveals Systemic Trust Boundary Failures in Open-Source Build Pipelines
Novee Security’s discovery of the Cordyceps CI/CD flaw exposes a widespread misconfiguration in GitHub Actions workflows where excessive permissions granted to pull requests enable unauthenticated attackers to hijack build systems, steal credentials, and compromise software supply chains across major technology organizations, highlighting critical gaps in trust boundary enforcement in automated development environments.
Operation Endgame Disrupts Amadey and StealC Malware Infrastructure, Recovers 27 Million Credentials
A coordinated international law enforcement operation, conducted between June 15–19, 2026, dismantled the criminal infrastructure supporting the Amadey and StealC malware-as-a-service networks, recovering 27 million stolen credentials, identifying and restricting $47 million in cryptocurrency assets, seizing 326 servers and 142 domains, and severing control over 18,000+ infected computers identified by Microsoft telemetry. The takedown targeted the initial access ‘assembly line’ used to launch ransomware, financial fraud, and critical infrastructure attacks across Belgium, Canada, Denmark, France, Germany, the Netherlands, the UK, and the US.