#zero-day — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #zero-day, aggregated by home.social.
-
According to Citizen Lab, former MEP Stelios Kouloglou was hacked with #Pegasus while serving on the PEGA Committee, led by Sophie in ’t Veld, investigating spyware abuse.
Pegasus is commercial spyware from #NSOGroup, sold or licensed to operators willing to spy on democratically elected MEPs.
Remember that when the #zeroday trade is laundered again as “cybersecurity” or “saving democracy.”
https://citizenlab.ca/research/member-of-committee-investigating-spyware-hacked-with-pegasus/
-
According to Citizen Lab, former MEP Stelios Kouloglou was hacked with #Pegasus while serving on the PEGA Committee, led by Sophie in ’t Veld, investigating spyware abuse.
Pegasus is commercial spyware from #NSOGroup, sold or licensed to operators willing to spy on democratically elected MEPs.
Remember that when the #zeroday trade is laundered again as “cybersecurity” or “saving democracy.”
https://citizenlab.ca/research/member-of-committee-investigating-spyware-hacked-with-pegasus/
-
Pegasus spia chi indaga su Pegasus: il caso Kouloglou scuote il Parlamento Europeo
Il Citizen Lab conferma: l'eurodeputato greco Stelios Kouloglou, membro della commissione PEGA incaricata di indagare sugli abusi di spyware, è stato colpito da Pegasus nel 2022 e nel 2023 con un exploit zero-click che ha sfruttato una falla in HomeKit. È il primo caso pubblico di un membro della commissione stessa preso di mira. -
Pegasus spia chi indaga su Pegasus: il caso Kouloglou scuote il Parlamento Europeo
Il Citizen Lab conferma: l'eurodeputato greco Stelios Kouloglou, membro della commissione PEGA incaricata di indagare sugli abusi di spyware, è stato colpito da Pegasus nel 2022 e nel 2023 con un exploit zero-click che ha sfruttato una falla in HomeKit. È il primo caso pubblico di un membro della commissione stessa preso di mira. -
🤖 Startup sues Palo Alto Networks' Koi Security,...
📝 MeetingTV has s...
📰 www.theregister.com - Articles
-
🤖 Startup sues Palo Alto Networks' Koi Security,...
📝 MeetingTV has s...
📰 www.theregister.com - Articles
-
"The dump, called ‘Exploitarium,’ was shared publicly on GitHub by an individual going by name ‘bikini’ and ‘ashdfrkl’ on Disco."
Infosecurity-Magazine: A pseudonymous security researcher has released over 30 proof-of-concept exploits for zero-day vulnerabilities in open-source projects without disclosing them to the maintainers first https://www.infosecurity-magazine.com/news/researcher-exploitarium-exploits/ #opensource #vulnerability #zeroday #infosec #GitHub
-
"The dump, called ‘Exploitarium,’ was shared publicly on GitHub by an individual going by name ‘bikini’ and ‘ashdfrkl’ on Disco."
Infosecurity-Magazine: A pseudonymous security researcher has released over 30 proof-of-concept exploits for zero-day vulnerabilities in open-source projects without disclosing them to the maintainers first https://www.infosecurity-magazine.com/news/researcher-exploitarium-exploits/ #opensource #vulnerability #zeroday #infosec #GitHub
-
ShinyHunters e lo zero-day PeopleSoft: il regolatore assicurativo USA tra le 100+ vittime di UNC6240
Sfruttando CVE-2026-35273, una RCE non autenticata in Oracle PeopleSoft, il collettivo ShinyHunters/UNC6240 ha colpito oltre 100 organizzazioni prima ancora del rilascio della patch. Tra le vittime la NAIC, il regolatore assicurativo USA: 3,1 TB di dati esfiltrati e agenzie di rating in stallo. -
ShinyHunters e lo zero-day PeopleSoft: il regolatore assicurativo USA tra le 100+ vittime di UNC6240
Sfruttando CVE-2026-35273, una RCE non autenticata in Oracle PeopleSoft, il collettivo ShinyHunters/UNC6240 ha colpito oltre 100 organizzazioni prima ancora del rilascio della patch. Tra le vittime la NAIC, il regolatore assicurativo USA: 3,1 TB di dati esfiltrati e agenzie di rating in stallo. -
Not very gentlemanly: Analyzing a zero-day exploit used to disable targets' EDRs
Pulse ID: 6a45e7b8f7c0a3cd75a7418e
Pulse Link: https://otx.alienvault.com/pulse/6a45e7b8f7c0a3cd75a7418e
Pulse Author: Tr1sa111
Created: 2026-07-02 04:23:20Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #EDR #InfoSec #OTX #OpenThreatExchange #ZeroDay #bot #Tr1sa111
-
Not very gentlemanly: Analyzing a zero-day exploit used to disable targets' EDRs
Pulse ID: 6a45e7b8f7c0a3cd75a7418e
Pulse Link: https://otx.alienvault.com/pulse/6a45e7b8f7c0a3cd75a7418e
Pulse Author: Tr1sa111
Created: 2026-07-02 04:23:20Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #EDR #InfoSec #OTX #OpenThreatExchange #ZeroDay #bot #Tr1sa111
-
Not very gentlemanly: Analyzing a zero-day exploit used to disable targets' EDRs
Pulse ID: 6a45e7cc12c463cf068eb18e
Pulse Link: https://otx.alienvault.com/pulse/6a45e7cc12c463cf068eb18e
Pulse Author: Tr1sa111
Created: 2026-07-02 04:23:40Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #EDR #InfoSec #OTX #OpenThreatExchange #ZeroDay #bot #Tr1sa111
-
Not very gentlemanly: Analyzing a zero-day exploit used to disable targets' EDRs
Pulse ID: 6a45e7cc12c463cf068eb18e
Pulse Link: https://otx.alienvault.com/pulse/6a45e7cc12c463cf068eb18e
Pulse Author: Tr1sa111
Created: 2026-07-02 04:23:40Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #EDR #InfoSec #OTX #OpenThreatExchange #ZeroDay #bot #Tr1sa111
-
Not very gentlemanly: Analyzing a zero-day exploit used to disable targets' EDRs
The Gentlemen ransomware group, which emerged in July 2025, employed a zero-day vulnerability in a bring-your-own-vulnerable-driver (BYOVD) attack to disable endpoint detection and response systems. During an incident investigated in early April, the group leveraged an obscure third-party driver named ktapi.sys from Kontron to bypass security protections. The sophisticated exploit chains multiple advanced techniques to navigate Windows exploit mitigations, including bypassing Supervisor Mode Access Prevention and Supervisor Mode Execution Prevention. The toolkit enables the attackers to call privileged kernel mode functions from user mode processes, ultimately terminating EDR processes including Windows Defender, ESET, Palo Alto Cortex XDR, and SentinelOne. The vulnerability had no prior public documentation and was previously absent from vulnerable driver blocklists.
Pulse ID: 6a43f039e387ddd12ed0896c
Pulse Link: https://otx.alienvault.com/pulse/6a43f039e387ddd12ed0896c
Pulse Author: AlienVault
Created: 2026-06-30 16:35:05Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #EDR #ESET #Endpoint #EndpointDetectionandResponse #InfoSec #OTX #OpenThreatExchange #PaloAlto #RansomWare #SentinelOne #Vulnerability #Windows #ZeroDay #bot #AlienVault
-
Not very gentlemanly: Analyzing a zero-day exploit used to disable targets' EDRs
The Gentlemen ransomware group, which emerged in July 2025, employed a zero-day vulnerability in a bring-your-own-vulnerable-driver (BYOVD) attack to disable endpoint detection and response systems. During an incident investigated in early April, the group leveraged an obscure third-party driver named ktapi.sys from Kontron to bypass security protections. The sophisticated exploit chains multiple advanced techniques to navigate Windows exploit mitigations, including bypassing Supervisor Mode Access Prevention and Supervisor Mode Execution Prevention. The toolkit enables the attackers to call privileged kernel mode functions from user mode processes, ultimately terminating EDR processes including Windows Defender, ESET, Palo Alto Cortex XDR, and SentinelOne. The vulnerability had no prior public documentation and was previously absent from vulnerable driver blocklists.
Pulse ID: 6a43f039e387ddd12ed0896c
Pulse Link: https://otx.alienvault.com/pulse/6a43f039e387ddd12ed0896c
Pulse Author: AlienVault
Created: 2026-06-30 16:35:05Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #EDR #ESET #Endpoint #EndpointDetectionandResponse #InfoSec #OTX #OpenThreatExchange #PaloAlto #RansomWare #SentinelOne #Vulnerability #Windows #ZeroDay #bot #AlienVault
-
Oracle PeopleSoft Zero-Day Leads to Nissan Data Breach
Pulse ID: 6a43b6c13fab9fc8aaf7d908
Pulse Link: https://otx.alienvault.com/pulse/6a43b6c13fab9fc8aaf7d908
Pulse Author: cryptocti
Created: 2026-06-30 12:29:53Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #DataBreach #InfoSec #OTX #OpenThreatExchange #ZeroDay #bot #cryptocti
-
Oracle PeopleSoft Zero-Day Leads to Nissan Data Breach
Pulse ID: 6a43b6c13fab9fc8aaf7d908
Pulse Link: https://otx.alienvault.com/pulse/6a43b6c13fab9fc8aaf7d908
Pulse Author: cryptocti
Created: 2026-06-30 12:29:53Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CyberSecurity #DataBreach #InfoSec #OTX #OpenThreatExchange #ZeroDay #bot #cryptocti
-
«Forscher wirft ganze Sammlung von Zero-Day-Exploits ins Netz:
Ein anonymer Sicherheitsforscher hat ohne vorherige Benachrichtigung der betroffenen Hersteller und Open-Source-Projekte funktionsfähige Exploit-Codes für insgesamt 15 bislang unbekannte Schwachstellen veröffentlicht.»Da ist wohl einer über was sehr wütend und trotzt nun mit unangemeldeten Zero-Day-Exploits was leider erheblichen Web weiten Schaden auswirken kann.
-
«Forscher wirft ganze Sammlung von Zero-Day-Exploits ins Netz:
Ein anonymer Sicherheitsforscher hat ohne vorherige Benachrichtigung der betroffenen Hersteller und Open-Source-Projekte funktionsfähige Exploit-Codes für insgesamt 15 bislang unbekannte Schwachstellen veröffentlicht.»Da ist wohl einer über was sehr wütend und trotzt nun mit unangemeldeten Zero-Day-Exploits was leider erheblichen Web weiten Schaden auswirken kann.
-
Zero-Day Exploitation of Vulnerability (CVE-2026-20245) in Cisco Catalyst SD-WAN Manager
Pulse ID: 6a3df9837d7dbabcbacbe505
Pulse Link: https://otx.alienvault.com/pulse/6a3df9837d7dbabcbacbe505
Pulse Author: Tr1sa111
Created: 2026-06-26 04:01:07Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Cisco #CyberSecurity #InfoSec #OTX #OpenThreatExchange #Vulnerability #ZeroDay #bot #Tr1sa111
-
Zero-Day Exploitation of Vulnerability (CVE-2026-20245) in Cisco Catalyst SD-WAN Manager
Pulse ID: 6a3df9837d7dbabcbacbe505
Pulse Link: https://otx.alienvault.com/pulse/6a3df9837d7dbabcbacbe505
Pulse Author: Tr1sa111
Created: 2026-06-26 04:01:07Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Cisco #CyberSecurity #InfoSec #OTX #OpenThreatExchange #Vulnerability #ZeroDay #bot #Tr1sa111
-
Cisco unter Beschuss
Es ist alles nicht so schlimm wie es aussieht, es ist alles viel viel schlimmer. Nicht nur werden in schöner (?) Regelmäßigkeit gefährliche Sicherheitslücken in Cisco-Produkten gefunden, sondern sie werden auch sofort für Angriffe ausgenutzt - manche schon vor der Veröffentlichung (Zero-Day). Eine kleine Historie füge ich unten an. Beginnen wir mit CVE-2026-20230 (8,6 von 10), über die ich noch nicht explizit berichtet hatte. Am Anfang Juni hatte Cisco Flicken gegen diese Sicherheitslücke veröffentlicht. Damals vermeldete die Firma, dass ein PoC Exploit vorläge. Anscheinend haben unbekannte Hacker den PoC gleich in einen
https://www.pc-fluesterer.info/wordpress/2026/06/25/cisco-unter-beschuss/
#0day #backdoor #cybercrime #exploits #hersteller #politik #privacy #sicherheit #spionage #UnplugTrump #wissen #zeroday
-
Cisco unter Beschuss
Es ist alles nicht so schlimm wie es aussieht, es ist alles viel viel schlimmer. Nicht nur werden in schöner (?) Regelmäßigkeit gefährliche Sicherheitslücken in Cisco-Produkten gefunden, sondern sie werden auch sofort für Angriffe ausgenutzt - manche schon vor der Veröffentlichung (Zero-Day). Eine kleine Historie füge ich unten an. Beginnen wir mit CVE-2026-20230 (8,6 von 10), über die ich noch nicht explizit berichtet hatte. Am Anfang Juni hatte Cisco Flicken gegen diese Sicherheitslücke veröffentlicht. Damals vermeldete die Firma, dass ein PoC Exploit vorläge. Anscheinend haben unbekannte Hacker den PoC gleich in einen
https://www.pc-fluesterer.info/wordpress/2026/06/25/cisco-unter-beschuss/
#0day #backdoor #cybercrime #exploits #hersteller #politik #privacy #sicherheit #spionage #UnplugTrump #wissen #zeroday
-
Zero-Day Exploitation of Vulnerability (CVE-2026-20245) in Cisco Catalyst SD-WAN Manager
In early 2026, a threat actor targeted SD-WAN infrastructure at a service provider, exploiting a zero-day vulnerability in Cisco Catalyst SD-WAN to escalate privileges. The attacker initially gained access through unauthorized peering connections and manipulated default account passwords. They then exploited CVE-2026-20245, a privilege escalation flaw in the file upload feature, by uploading a malicious CSV file to achieve root-level access. The vulnerability allowed the creation of a privileged user account through manipulation of system password files. Throughout the intrusion, the threat actor employed extensive anti-forensic techniques, systematically deleting malicious files, restoring modified system configurations, and executing validation scripts to ensure removal of indicators. This campaign demonstrates the living off the edge paradigm, where adversaries compromise network appliances to bypass traditional security perimeters and maintain persistent access.
Pulse ID: 6a3d476551c12310394b4adc
Pulse Link: https://otx.alienvault.com/pulse/6a3d476551c12310394b4adc
Pulse Author: AlienVault
Created: 2026-06-25 15:21:09Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Cisco #CyberSecurity #Edge #InfoSec #OTX #OpenThreatExchange #Password #Passwords #RAT #Vulnerability #Word #ZeroDay #bot #AlienVault
-
Zero-Day Exploitation of Vulnerability (CVE-2026-20245) in Cisco Catalyst SD-WAN Manager
In early 2026, a threat actor targeted SD-WAN infrastructure at a service provider, exploiting a zero-day vulnerability in Cisco Catalyst SD-WAN to escalate privileges. The attacker initially gained access through unauthorized peering connections and manipulated default account passwords. They then exploited CVE-2026-20245, a privilege escalation flaw in the file upload feature, by uploading a malicious CSV file to achieve root-level access. The vulnerability allowed the creation of a privileged user account through manipulation of system password files. Throughout the intrusion, the threat actor employed extensive anti-forensic techniques, systematically deleting malicious files, restoring modified system configurations, and executing validation scripts to ensure removal of indicators. This campaign demonstrates the living off the edge paradigm, where adversaries compromise network appliances to bypass traditional security perimeters and maintain persistent access.
Pulse ID: 6a3d476551c12310394b4adc
Pulse Link: https://otx.alienvault.com/pulse/6a3d476551c12310394b4adc
Pulse Author: AlienVault
Created: 2026-06-25 15:21:09Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Cisco #CyberSecurity #Edge #InfoSec #OTX #OpenThreatExchange #Password #Passwords #RAT #Vulnerability #Word #ZeroDay #bot #AlienVault
-
Kit AiTM contro AWS: Datadog svela una campagna di phishing che bypassa l’MFA in tempo reale
Tra il 16 e il 19 giugno 2026, una campagna di phishing mirato ha preso di mira le credenziali della console AWS usando tecniche adversary-in-the-middle per intercettare MFA via email, SMS e TOTP in tempo reale. Datadog Security Research ha analizzato il kit, pubblicando IoC, codice sorgente e guida al rilevamento. -
Kit AiTM contro AWS: Datadog svela una campagna di phishing che bypassa l’MFA in tempo reale
Tra il 16 e il 19 giugno 2026, una campagna di phishing mirato ha preso di mira le credenziali della console AWS usando tecniche adversary-in-the-middle per intercettare MFA via email, SMS e TOTP in tempo reale. Datadog Security Research ha analizzato il kit, pubblicando IoC, codice sorgente e guida al rilevamento. -
Skill AI malevola raggiunge 26.000 agenti: la tecnica del mutable link che inganna tutti gli scanner di sicurezza
I ricercatori di AIR hanno costruito una skill AI fasulla, l'hanno caricata su un marketplace e promossa via Instagram, raggiungendo 26.000 agenti — inclusi account aziendali — senza che un singolo scanner la rilevasse. La tecnica: un link esterno modificabile dopo il superamento dei controlli di sicurezza. -
Skill AI malevola raggiunge 26.000 agenti: la tecnica del mutable link che inganna tutti gli scanner di sicurezza
I ricercatori di AIR hanno costruito una skill AI fasulla, l'hanno caricata su un marketplace e promossa via Instagram, raggiungendo 26.000 agenti — inclusi account aziendali — senza che un singolo scanner la rilevasse. La tecnica: un link esterno modificabile dopo il superamento dei controlli di sicurezza. -
Beschleunigung durch AI: Die Zero-Day-Clock zeigt die Entwicklung. 8 Stunden dauert es nur noch im Schnitt von der CVE-Veröffentlichung bis zur Ausnutzung.
-
Nightmare Eclipse promised to drop something about Windows Defender bypass in July.
Sad side? Not sharing full PoC
https://blog.projectnightcrawler.dev/posts/2026-06-22-microsoft-is-an-interesting-company/
#cybersecurity #infosec #windows #windowsdefender #windowsdefenderBypass #zeroday #0day #nightmareEclipse
-
🔹 THREAT INTELLIGENCE
Weekly Threat Roundup: 2026-06-15 to 2026-06-21
Roundup | HIGH
CVEs: CVE-2026-20262Cybersecurity roundup for 2026-06-15 to 2026-06-21. 1 CVE advisories, 5 breach reports, 3 threat news stories.
Full analysis:
https://www.yazoul.net/news/article/2026-w25-weekly-threat-roundup -
Qilin Ransomware Attacks Exploit Zero-Day in Check Point VPN Vulnerability
Pulse ID: 6a37ead6c2b4d6abae58d5fc
Pulse Link: https://otx.alienvault.com/pulse/6a37ead6c2b4d6abae58d5fc
Pulse Author: cryptocti
Created: 2026-06-21 13:44:54Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CheckPoint #CyberSecurity #InfoSec #OTX #OpenThreatExchange #RansomWare #VPN #Vulnerability #ZeroDay #bot #cryptocti
-
Qilin Ransomware Attacks Exploit Zero-Day in Check Point VPN Vulnerability
Pulse ID: 6a37ead6c2b4d6abae58d5fc
Pulse Link: https://otx.alienvault.com/pulse/6a37ead6c2b4d6abae58d5fc
Pulse Author: cryptocti
Created: 2026-06-21 13:44:54Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#CheckPoint #CyberSecurity #InfoSec #OTX #OpenThreatExchange #RansomWare #VPN #Vulnerability #ZeroDay #bot #cryptocti
-
Fileless RCE on stock Android (~2.5B devices). Reported to Google VRP, confirmed by their own engineering team, closed as NSBC anyway.
#AndroidSecurity #infosec #Android #MobileSecurity #VulnerabilityResearch #RCE #BugBounty #VRP #ResponsibleDisclosure #AppSec #ThreatIntel #WebView #ZeroDay #CVE
-
Windows. Neuer Proof-of-Concept-Exploit von Chaotic Eclipse (aka Nightmare Eclipse) für
RoguePlanet ZeroDay in Defender.Microsoft bestätigt, dass der RoguePlanet Zero-Day Microsoft Defender betrifft und als CVE-2026-50656 (CVSS-Score von 7,8) getrackt wird. Die Sicherheitslücke ermöglicht eine Rechteausweitung über die Microsoft Malware Protection Engine.
-
Een ministerie weet in maart dat het is gehackt. Pas in juni weet het hoe.
Elke dag een nieuwe vraag die je kunt beantwoorden op https://www.ccinfo.nl
Hoe lang zou uw organisatie erover doen om te achterhalen wat een aanvaller precies heeft meegenomen?
#Cybersecurity #zeroday #Rijksoverheid #incidentrespons #informatiebeveiliging
-
ClickFix si evolve: BabaDeda, Lorem Ipsum Loader e Potemkin portano ransomware e RAT con architetture modulari anti-detection
Tre ricerche indipendenti documentano l'evoluzione di ClickFix come framework di delivery ransomware di prima scelta: BabaDeda Loader, Lorem Ipsum Loader (attribuito a Vanilla Tempest/Rhysida) e Potemkin mostrano un'architettura sempre più modulare pensata per eludere il rilevamento. -
ClickFix si evolve: BabaDeda, Lorem Ipsum Loader e Potemkin portano ransomware e RAT con architetture modulari anti-detection
Tre ricerche indipendenti documentano l'evoluzione di ClickFix come framework di delivery ransomware di prima scelta: BabaDeda Loader, Lorem Ipsum Loader (attribuito a Vanilla Tempest/Rhysida) e Potemkin mostrano un'architettura sempre più modulare pensata per eludere il rilevamento. -
«Rekord-Datenleck — 24 Milliarden Zugangsdaten offen im Netz:
Ein ungeschützter Server enthielt 24 Milliarden Zugangsdaten im Klartext. Laut Cybernews sind Milliarden Konten ohne Multi-Faktor-Authentifizierung bedroht»Ob nun Arch Linux, JavaScript, Microsoft Produkte oder Online-Dienste, fast kein Tag ohne Zero-Day Meldungen. Nun aber Kundendaten im Klartext ungeschützt aufbewahren ist so was von Vorgestern.
🔓 https://www.it-daily.net/it-sicherheit/cybercrime/rekord-datenleck-24-milliarden
-
«Rekord-Datenleck — 24 Milliarden Zugangsdaten offen im Netz:
Ein ungeschützter Server enthielt 24 Milliarden Zugangsdaten im Klartext. Laut Cybernews sind Milliarden Konten ohne Multi-Faktor-Authentifizierung bedroht»Ob nun Arch Linux, JavaScript, Microsoft Produkte oder Online-Dienste, fast kein Tag ohne Zero-Day Meldungen. Nun aber Kundendaten im Klartext ungeschützt aufbewahren ist so was von Vorgestern.
🔓 https://www.it-daily.net/it-sicherheit/cybercrime/rekord-datenleck-24-milliarden
-
Cybergang #ShinyHunters attackiert #Oracle-PeopleSoft-Schwachstelle | Security https://www.heise.de/news/Cybergang-ShinyHunters-attackiert-Oracle-PeopleSoft-Schwachstelle-11331861.html #ZeroDay #0day #UNC6240 #Patchday
-
Cybergang #ShinyHunters attackiert #Oracle-PeopleSoft-Schwachstelle | Security https://www.heise.de/news/Cybergang-ShinyHunters-attackiert-Oracle-PeopleSoft-Schwachstelle-11331861.html #ZeroDay #0day #UNC6240 #Patchday
-
Nightmare Eclipse: один против Microsoft
Хабр, привет! На связи Владимир Шнейдмюллер, аналитик-исследователь угроз кибербезопасности R-Vision. Вокруг Nightmare Eclipse за последние недели успело сложиться почти всё, что обычно сопровождает громкие публичные zero-day: резкие заявления автора, споры о такой практике раскрытия, быстрые проверки PoC сообществом, первые форки и закономерный вопрос - что из этого можно увидеть в телеметрии, а что останется почти полностью за пределами SIEM? Мы разобрали несколько опубликованных PoC и в этой статье начнем с первых трёх: YellowKey, GreenPlasma и MiniPlasma. Они существенно различаются как по векторам атак, так и по возможностям обнаружения. YellowKey интересен как обход BitLocker через WinRE, но почти не оставляет удобных событий в ОС. GreenPlasma демонстрирует низкоуровневый примитив на стыке CTF/Winlogon и Windows Object Manager. MiniPlasma, наоборот, уже дает практический сценарий локального повышения привилегий, где можно строить вполне рабочие детекты по реестру, файловой системе и запуску процессов. Ниже не будет пошаговой инструкции по эксплуатации. Нас интересуют механика, артефакты и точки наблюдения, которые полезны SOC и threat hunting-командам.
https://habr.com/ru/companies/rvision/articles/1048510/
#кибербезопасность #управление_уязвимостями #zeroday #windows #bitlocker #poc #winre #MiniPlasma #YellowKey #GreenPlasma
-
🔵 THREAT INTELLIGENCE
Cisco Releases Security Updates for Actively Exploited SD-WAN Manager Flaw
Vulnerability | CRITICAL
CVEs: CVE-2026-20262Cisco has released security updates to address a vulnerability in the Catalyst SD-WAN Manager, tracked as CVE-2026-20262, that was exploited in...
Full analysis:
https://www.yazoul.net/news/article/cisco-releases-security-updates-for-actively-exploited-sd-wan-manager-flaw -
Europarat gehackt – dank Oracle.
Die Besetzungsliste: ShinyHunters, Oracle, der Europarat. Die Handlung: Vor mehr als zwanzig Jahren hat Oracle* nach einer wahren Übernahmeschlacht die Firma PeopleSoft geschluckt. Deren Software wird vor allem in den USA eingesetzt, aber eben auch im Europarat. Die Software enthielt eine Zero-Day Sicherheitslücke CVE-2026-35273, die von ShinyHunters ausgenutzt wurde. Die Hackergruppe will darüber mehr als 100 Institutionen gehackt haben, darunter den Europarat. Dabei seien fast 300 GByte an Daten in die Hände der Erpresser gefallen, darunter Personalakten, Gehaltsabrechnungen, Einkäufe; Lebensläufe, Gehälter,
https://www.pc-fluesterer.info/wordpress/2026/06/16/europarat-gehackt-dank-oracle/
#0day #closedsource #cybercrime #datenleck #datenschutz #exploits #sicherheit #UnplugOracle #UnplugTrump #zeroday
-
Europarat gehackt – dank Oracle.
Die Besetzungsliste: ShinyHunters, Oracle, der Europarat. Die Handlung: Vor mehr als zwanzig Jahren hat Oracle* nach einer wahren Übernahmeschlacht die Firma PeopleSoft geschluckt. Deren Software wird vor allem in den USA eingesetzt, aber eben auch im Europarat. Die Software enthielt eine Zero-Day Sicherheitslücke CVE-2026-35273, die von ShinyHunters ausgenutzt wurde. Die Hackergruppe will darüber mehr als 100 Institutionen gehackt haben, darunter den Europarat. Dabei seien fast 300 GByte an Daten in die Hände der Erpresser gefallen, darunter Personalakten, Gehaltsabrechnungen, Einkäufe; Lebensläufe, Gehälter,
https://www.pc-fluesterer.info/wordpress/2026/06/16/europarat-gehackt-dank-oracle/
#0day #closedsource #cybercrime #datenleck #datenschutz #exploits #sicherheit #UnplugOracle #UnplugTrump #zeroday
-
🚨 CRITICAL: Cisco Catalyst SD-WAN Manager zero-day (CVE-2026-20262) exploited in the wild. Attackers w/ write access can escalate to root via crafted HTTP requests. Patch now & review access controls! https://radar.offseq.com/threat/cisco-patches-another-sd-wan-zero-day-exploited-in-e2c68ff5 #OffSeq #Cisco #ZeroDay #Vuln
-
Targets Education Sector with Oracle PeopleSoft Exploit
Between May 27 and June 9, 2026, UNC6240 (ShinyHunters) conducted an active compromise and extortion campaign targeting Oracle PeopleSoft application infrastructure. The threat actor exploited CVE-2026-35273, a critical remote code execution vulnerability (CVSS 9.8) in the Environment Management component, as a zero-day before Oracle's June 10, 2026 advisory. Over 100 organizations were potentially affected, with 68 percent operating in higher education and most based in the United States. Attackers deployed customized MeshCentral agents masquerading as Microsoft Azure services, established C2 infrastructure at azurenetfiles.net, and used lateral movement scripts to propagate across internal networks. The campaign culminated in data exfiltration and publication of stolen data on the ShinyHunters Data Leak Site on June 9, 2026. Compromised systems received defacement markers and extortion notices.
Pulse ID: 6a2b24138a34132bc69a0072
Pulse Link: https://otx.alienvault.com/pulse/6a2b24138a34132bc69a0072
Pulse Author: AlienVault
Created: 2026-06-11 21:09:39Be advised, this data is unverified and should be considered preliminary. Always do further verification.
#Azure #CyberSecurity #Education #Extortion #InfoSec #Microsoft #NET #OTX #OpenThreatExchange #RAT #RCE #RemoteCodeExecution #UnitedStates #Vulnerability #ZeroDay #bot #AlienVault