“Cyber warfare is as much about psychological strategy as technical prowess.”
― James Scott
-
Oracle PeopleSoft Zero-Day
What is the Attack? Google Threat Intelligence Group (GTIG) and Mandiant have identified an active compromise and extortion campaign attributed to ShinyHunters (tracked as UNC6240) targeting Oracle PeopleSoft environments. The attackers exploited a previously unknown remote code execution vulnerability, CVE-2026-35273, before Oracle released an advisory and patches, making this a true zero-day attack. The campaign…
-

FortiBleed Targeted FortiGate Firewalls in 110 Million-Credential Harvesting Operation [email protected] (The Hacker News)
A Russian-speaking initial access broker (IAB) driven by financial gain is assessed to be behind a large-scale credential-harvesting operation known as FortiBleed that has targeted over 430,000 FortiGate firewalls globally. The campaign, active since February 2026, involves collecting credential lists, searching for exposed services, brute-forcing accessible systems, and deploying bespokeRead More
-

Fake AI Agent Skill Passed Security Scans and Reportedly Reached 26,000 Agents [email protected] (The Hacker News)
Security firm AIR built a fake AI agent skill, pushed it through a popular skill marketplace and an Instagram ad, and says it reached roughly 26,000 agents, including some on corporate accounts. Every skill security scanner the firm tested it against marked it safe. The payload was harmless by design: it collected the user’s email address and…
-

Trump Order Sets 2030 Deadline for Federal Post-Quantum Crypto Migration [email protected] (The Hacker News)
President Trump signed an executive order on June 22 setting hard deadlines for federal agencies to move high-value assets and high-impact systems to post-quantum cryptography. Key establishment must move by December 31, 2030; digital signatures by December 31, 2031. EO 14409 leaves national security systems on a separate track. The deadlines matter because of a threat that…
-

GitHub Updates actions/checkout to Block Common Pwn Request Attack Patterns [email protected] (The Hacker News)
GitHub is moving to strengthen software supply chain security by updating “actions/checkout” to block pwn request attacks that exploit the risky use of the “pull_request_target workflow” trigger to run malicious code with the workflow’s full privileges. Effective June 18, 2026, the latest version of “actions/checkout,” the official GitHub action for checking out a repository into…
-

Agentic AI: The Weapon That No Longer Needs a Warrior [email protected] (The Hacker News)
Every weapon begins as an extension of the hand that holds it. The spear lengthened the reach of the arm. The bow sent the point flying without the throw. The rifle placed a man’s death a quarter mile beyond his sight, and the aircraft carried that death across oceans. At each turn, the distance between…
-

Malicious npm Packages Pose as PostCSS Tools to Deliver Windows RAT [email protected] (The Hacker News)
Cybersecurity researchers have discovered a set of malicious npm packages that are designed to deliver a Windows-based remote access trojan (RAT). The list of identified packages, is below – aes-decode-runner-pro (145 downloads) postcss-minify-selector (256 downloads) postcss-minify-selector-parser (615 downloads) All the packages were published over the past month by an npm user namedRead More
-

WhatsApp VBScript Campaign Uses Fake Documents to Install ManageEngine RMM Tool [email protected] (The Hacker News)
Direct messages sent via WhatsApp are being used to distribute malicious Visual Basic Script (VBScript) files that lead to the installation of legitimate Remote Monitoring and Management (RMM) software. Per findings from Kaspersky, the active campaign is targeting users of WhatsApp Desktop and WhatsApp Web across Malaysia, Brazil, India, Mexico, Singapore, the U.K., Spain, Taiwan,…
-

OpenAI Expands Daybreak With GPT-5.5-Cyber to Help Defenders Patch Security Flaws [email protected] (The Hacker News)
OpenAI on Monday said it’s releasing an improved version of its GPT‑5.5‑Cyber model to trusted defenders as part of the Daybreak initiative, the artificial intelligence (AI) company announced last month. Calling GPT‑5.5‑Cyber its “strongest model yet for finding and helping patch software vulnerabilities,” OpenAI said the model can “sustain deeper analysis across large codebases” to…
-

ShapedPlugin WordPress Pro Plugins Backdoored in Supply Chain Attack [email protected] (The Hacker News)
Multiple WordPress plugins from ShapedPlugin were compromised in a supply chain attack after unknown threat actors managed to tamper with the official release channels and push backdoor code. “Attackers compromised the vendor’s build and distribution pipeline, injecting backdoor code into Pro plugin releases distributed through official licensed update channels,” Wordfence said in an analysisRead More
“Security used to be an inconvenience sometimes, but now it’s a necessity all the time.”
― Martina Navratilova
