home.social

#zero-day — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #zero-day, aggregated by home.social.

fetched live
  1. According to Citizen Lab, former MEP Stelios Kouloglou was hacked with #Pegasus while serving on the PEGA Committee, led by Sophie in ’t Veld, investigating spyware abuse.

    Pegasus is commercial spyware from #NSOGroup, sold or licensed to operators willing to spy on democratically elected MEPs.

    Remember that when the #zeroday trade is laundered again as “cybersecurity” or “saving democracy.”

    citizenlab.ca/research/member-

  2. According to Citizen Lab, former MEP Stelios Kouloglou was hacked with #Pegasus while serving on the PEGA Committee, led by Sophie in ’t Veld, investigating spyware abuse.

    Pegasus is commercial spyware from #NSOGroup, sold or licensed to operators willing to spy on democratically elected MEPs.

    Remember that when the #zeroday trade is laundered again as “cybersecurity” or “saving democracy.”

    citizenlab.ca/research/member-

  3. Pegasus spia chi indaga su Pegasus: il caso Kouloglou scuote il Parlamento Europeo

    Il Citizen Lab conferma: l'eurodeputato greco Stelios Kouloglou, membro della commissione PEGA incaricata di indagare sugli abusi di spyware, è stato colpito da Pegasus nel 2022 e nel 2023 con un exploit zero-click che ha sfruttato una falla in HomeKit. È il primo caso pubblico di un membro della commissione stessa preso di mira.

    insicurezzadigitale.com/pegasu

  4. Pegasus spia chi indaga su Pegasus: il caso Kouloglou scuote il Parlamento Europeo

    Il Citizen Lab conferma: l'eurodeputato greco Stelios Kouloglou, membro della commissione PEGA incaricata di indagare sugli abusi di spyware, è stato colpito da Pegasus nel 2022 e nel 2023 con un exploit zero-click che ha sfruttato una falla in HomeKit. È il primo caso pubblico di un membro della commissione stessa preso di mira.

    insicurezzadigitale.com/pegasu

  5. "The dump, called ‘Exploitarium,’ was shared publicly on GitHub by an individual going by name ‘bikini’ and ‘ashdfrkl’ on Disco."

    Infosecurity-Magazine: A pseudonymous security researcher has released over 30 proof-of-concept exploits for zero-day vulnerabilities in open-source projects without disclosing them to the maintainers first infosecurity-magazine.com/news #opensource #vulnerability #zeroday #infosec #GitHub

    @ifin

  6. "The dump, called ‘Exploitarium,’ was shared publicly on GitHub by an individual going by name ‘bikini’ and ‘ashdfrkl’ on Disco."

    Infosecurity-Magazine: A pseudonymous security researcher has released over 30 proof-of-concept exploits for zero-day vulnerabilities in open-source projects without disclosing them to the maintainers first infosecurity-magazine.com/news #opensource #vulnerability #zeroday #infosec #GitHub

    @ifin

  7. ShinyHunters e lo zero-day PeopleSoft: il regolatore assicurativo USA tra le 100+ vittime di UNC6240

    Sfruttando CVE-2026-35273, una RCE non autenticata in Oracle PeopleSoft, il collettivo ShinyHunters/UNC6240 ha colpito oltre 100 organizzazioni prima ancora del rilascio della patch. Tra le vittime la NAIC, il regolatore assicurativo USA: 3,1 TB di dati esfiltrati e agenzie di rating in stallo.

    insicurezzadigitale.com/shinyh

  8. ShinyHunters e lo zero-day PeopleSoft: il regolatore assicurativo USA tra le 100+ vittime di UNC6240

    Sfruttando CVE-2026-35273, una RCE non autenticata in Oracle PeopleSoft, il collettivo ShinyHunters/UNC6240 ha colpito oltre 100 organizzazioni prima ancora del rilascio della patch. Tra le vittime la NAIC, il regolatore assicurativo USA: 3,1 TB di dati esfiltrati e agenzie di rating in stallo.

    insicurezzadigitale.com/shinyh

  9. Not very gentlemanly: Analyzing a zero-day exploit used to disable targets' EDRs

    Pulse ID: 6a45e7b8f7c0a3cd75a7418e
    Pulse Link: otx.alienvault.com/pulse/6a45e
    Pulse Author: Tr1sa111
    Created: 2026-07-02 04:23:20

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #CyberSecurity #EDR #InfoSec #OTX #OpenThreatExchange #ZeroDay #bot #Tr1sa111

  10. Not very gentlemanly: Analyzing a zero-day exploit used to disable targets' EDRs

    Pulse ID: 6a45e7b8f7c0a3cd75a7418e
    Pulse Link: otx.alienvault.com/pulse/6a45e
    Pulse Author: Tr1sa111
    Created: 2026-07-02 04:23:20

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #CyberSecurity #EDR #InfoSec #OTX #OpenThreatExchange #ZeroDay #bot #Tr1sa111

  11. Not very gentlemanly: Analyzing a zero-day exploit used to disable targets' EDRs

    Pulse ID: 6a45e7cc12c463cf068eb18e
    Pulse Link: otx.alienvault.com/pulse/6a45e
    Pulse Author: Tr1sa111
    Created: 2026-07-02 04:23:40

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #CyberSecurity #EDR #InfoSec #OTX #OpenThreatExchange #ZeroDay #bot #Tr1sa111

  12. Not very gentlemanly: Analyzing a zero-day exploit used to disable targets' EDRs

    Pulse ID: 6a45e7cc12c463cf068eb18e
    Pulse Link: otx.alienvault.com/pulse/6a45e
    Pulse Author: Tr1sa111
    Created: 2026-07-02 04:23:40

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #CyberSecurity #EDR #InfoSec #OTX #OpenThreatExchange #ZeroDay #bot #Tr1sa111

  13. Not very gentlemanly: Analyzing a zero-day exploit used to disable targets' EDRs

    The Gentlemen ransomware group, which emerged in July 2025, employed a zero-day vulnerability in a bring-your-own-vulnerable-driver (BYOVD) attack to disable endpoint detection and response systems. During an incident investigated in early April, the group leveraged an obscure third-party driver named ktapi.sys from Kontron to bypass security protections. The sophisticated exploit chains multiple advanced techniques to navigate Windows exploit mitigations, including bypassing Supervisor Mode Access Prevention and Supervisor Mode Execution Prevention. The toolkit enables the attackers to call privileged kernel mode functions from user mode processes, ultimately terminating EDR processes including Windows Defender, ESET, Palo Alto Cortex XDR, and SentinelOne. The vulnerability had no prior public documentation and was previously absent from vulnerable driver blocklists.

    Pulse ID: 6a43f039e387ddd12ed0896c
    Pulse Link: otx.alienvault.com/pulse/6a43f
    Pulse Author: AlienVault
    Created: 2026-06-30 16:35:05

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #CyberSecurity #EDR #ESET #Endpoint #EndpointDetectionandResponse #InfoSec #OTX #OpenThreatExchange #PaloAlto #RansomWare #SentinelOne #Vulnerability #Windows #ZeroDay #bot #AlienVault

  14. Not very gentlemanly: Analyzing a zero-day exploit used to disable targets' EDRs

    The Gentlemen ransomware group, which emerged in July 2025, employed a zero-day vulnerability in a bring-your-own-vulnerable-driver (BYOVD) attack to disable endpoint detection and response systems. During an incident investigated in early April, the group leveraged an obscure third-party driver named ktapi.sys from Kontron to bypass security protections. The sophisticated exploit chains multiple advanced techniques to navigate Windows exploit mitigations, including bypassing Supervisor Mode Access Prevention and Supervisor Mode Execution Prevention. The toolkit enables the attackers to call privileged kernel mode functions from user mode processes, ultimately terminating EDR processes including Windows Defender, ESET, Palo Alto Cortex XDR, and SentinelOne. The vulnerability had no prior public documentation and was previously absent from vulnerable driver blocklists.

    Pulse ID: 6a43f039e387ddd12ed0896c
    Pulse Link: otx.alienvault.com/pulse/6a43f
    Pulse Author: AlienVault
    Created: 2026-06-30 16:35:05

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #CyberSecurity #EDR #ESET #Endpoint #EndpointDetectionandResponse #InfoSec #OTX #OpenThreatExchange #PaloAlto #RansomWare #SentinelOne #Vulnerability #Windows #ZeroDay #bot #AlienVault

  15. Oracle PeopleSoft Zero-Day Leads to Nissan Data Breach

    Pulse ID: 6a43b6c13fab9fc8aaf7d908
    Pulse Link: otx.alienvault.com/pulse/6a43b
    Pulse Author: cryptocti
    Created: 2026-06-30 12:29:53

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #CyberSecurity #DataBreach #InfoSec #OTX #OpenThreatExchange #ZeroDay #bot #cryptocti

  16. Oracle PeopleSoft Zero-Day Leads to Nissan Data Breach

    Pulse ID: 6a43b6c13fab9fc8aaf7d908
    Pulse Link: otx.alienvault.com/pulse/6a43b
    Pulse Author: cryptocti
    Created: 2026-06-30 12:29:53

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #CyberSecurity #DataBreach #InfoSec #OTX #OpenThreatExchange #ZeroDay #bot #cryptocti

  17. «Forscher wirft ganze Sammlung von Zero-Day-Exploits ins Netz:
    Ein anonymer Sicherheitsforscher hat ohne vorherige Benachrichtigung der betroffenen Hersteller und Open-Source-Projekte funktionsfähige Exploit-Codes für insgesamt 15 bislang unbekannte Schwachstellen veröffentlicht.»

    Da ist wohl einer über was sehr wütend und trotzt nun mit unangemeldeten Zero-Day-Exploits was leider erheblichen Web weiten Schaden auswirken kann.

    💥 winfuture.de/news,159668.html

    #zeroday #itsec #opensource #ssh #git

  18. «Forscher wirft ganze Sammlung von Zero-Day-Exploits ins Netz:
    Ein anonymer Sicherheitsforscher hat ohne vorherige Benachrichtigung der betroffenen Hersteller und Open-Source-Projekte funktionsfähige Exploit-Codes für insgesamt 15 bislang unbekannte Schwachstellen veröffentlicht.»

    Da ist wohl einer über was sehr wütend und trotzt nun mit unangemeldeten Zero-Day-Exploits was leider erheblichen Web weiten Schaden auswirken kann.

    💥 winfuture.de/news,159668.html

    #zeroday #itsec #opensource #ssh #git

  19. Zero-Day Exploitation of Vulnerability (CVE-2026-20245) in Cisco Catalyst SD-WAN Manager

    Pulse ID: 6a3df9837d7dbabcbacbe505
    Pulse Link: otx.alienvault.com/pulse/6a3df
    Pulse Author: Tr1sa111
    Created: 2026-06-26 04:01:07

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #Cisco #CyberSecurity #InfoSec #OTX #OpenThreatExchange #Vulnerability #ZeroDay #bot #Tr1sa111

  20. Zero-Day Exploitation of Vulnerability (CVE-2026-20245) in Cisco Catalyst SD-WAN Manager

    Pulse ID: 6a3df9837d7dbabcbacbe505
    Pulse Link: otx.alienvault.com/pulse/6a3df
    Pulse Author: Tr1sa111
    Created: 2026-06-26 04:01:07

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #Cisco #CyberSecurity #InfoSec #OTX #OpenThreatExchange #Vulnerability #ZeroDay #bot #Tr1sa111

  21. Cisco unter Beschuss

    Es ist alles nicht so schlimm wie es aussieht, es ist alles viel viel schlimmer. Nicht nur werden in schöner (?) Regelmäßigkeit gefährliche Sicherheitslücken in Cisco-Produkten gefunden, sondern sie werden auch sofort für Angriffe ausgenutzt - manche schon vor der Veröffentlichung (Zero-Day). Eine kleine Historie füge ich unten an. Beginnen wir mit CVE-2026-20230 (8,6 von 10), über die ich noch nicht explizit berichtet hatte. Am Anfang Juni hatte Cisco Flicken gegen diese Sicherheitslücke veröffentlicht. Damals vermeldete die Firma, dass ein PoC Exploit vorläge. Anscheinend haben unbekannte Hacker den PoC gleich in einen

    pc-fluesterer.info/wordpress/2

    #0day #backdoor #cybercrime #exploits #hersteller #politik #privacy #sicherheit #spionage #UnplugTrump #wissen #zeroday

  22. Cisco unter Beschuss

    Es ist alles nicht so schlimm wie es aussieht, es ist alles viel viel schlimmer. Nicht nur werden in schöner (?) Regelmäßigkeit gefährliche Sicherheitslücken in Cisco-Produkten gefunden, sondern sie werden auch sofort für Angriffe ausgenutzt - manche schon vor der Veröffentlichung (Zero-Day). Eine kleine Historie füge ich unten an. Beginnen wir mit CVE-2026-20230 (8,6 von 10), über die ich noch nicht explizit berichtet hatte. Am Anfang Juni hatte Cisco Flicken gegen diese Sicherheitslücke veröffentlicht. Damals vermeldete die Firma, dass ein PoC Exploit vorläge. Anscheinend haben unbekannte Hacker den PoC gleich in einen

    pc-fluesterer.info/wordpress/2

    #0day #backdoor #cybercrime #exploits #hersteller #politik #privacy #sicherheit #spionage #UnplugTrump #wissen #zeroday

  23. Zero-Day Exploitation of Vulnerability (CVE-2026-20245) in Cisco Catalyst SD-WAN Manager

    In early 2026, a threat actor targeted SD-WAN infrastructure at a service provider, exploiting a zero-day vulnerability in Cisco Catalyst SD-WAN to escalate privileges. The attacker initially gained access through unauthorized peering connections and manipulated default account passwords. They then exploited CVE-2026-20245, a privilege escalation flaw in the file upload feature, by uploading a malicious CSV file to achieve root-level access. The vulnerability allowed the creation of a privileged user account through manipulation of system password files. Throughout the intrusion, the threat actor employed extensive anti-forensic techniques, systematically deleting malicious files, restoring modified system configurations, and executing validation scripts to ensure removal of indicators. This campaign demonstrates the living off the edge paradigm, where adversaries compromise network appliances to bypass traditional security perimeters and maintain persistent access.

    Pulse ID: 6a3d476551c12310394b4adc
    Pulse Link: otx.alienvault.com/pulse/6a3d4
    Pulse Author: AlienVault
    Created: 2026-06-25 15:21:09

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #Cisco #CyberSecurity #Edge #InfoSec #OTX #OpenThreatExchange #Password #Passwords #RAT #Vulnerability #Word #ZeroDay #bot #AlienVault

  24. Zero-Day Exploitation of Vulnerability (CVE-2026-20245) in Cisco Catalyst SD-WAN Manager

    In early 2026, a threat actor targeted SD-WAN infrastructure at a service provider, exploiting a zero-day vulnerability in Cisco Catalyst SD-WAN to escalate privileges. The attacker initially gained access through unauthorized peering connections and manipulated default account passwords. They then exploited CVE-2026-20245, a privilege escalation flaw in the file upload feature, by uploading a malicious CSV file to achieve root-level access. The vulnerability allowed the creation of a privileged user account through manipulation of system password files. Throughout the intrusion, the threat actor employed extensive anti-forensic techniques, systematically deleting malicious files, restoring modified system configurations, and executing validation scripts to ensure removal of indicators. This campaign demonstrates the living off the edge paradigm, where adversaries compromise network appliances to bypass traditional security perimeters and maintain persistent access.

    Pulse ID: 6a3d476551c12310394b4adc
    Pulse Link: otx.alienvault.com/pulse/6a3d4
    Pulse Author: AlienVault
    Created: 2026-06-25 15:21:09

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #Cisco #CyberSecurity #Edge #InfoSec #OTX #OpenThreatExchange #Password #Passwords #RAT #Vulnerability #Word #ZeroDay #bot #AlienVault

  25. Kit AiTM contro AWS: Datadog svela una campagna di phishing che bypassa l’MFA in tempo reale

    Tra il 16 e il 19 giugno 2026, una campagna di phishing mirato ha preso di mira le credenziali della console AWS usando tecniche adversary-in-the-middle per intercettare MFA via email, SMS e TOTP in tempo reale. Datadog Security Research ha analizzato il kit, pubblicando IoC, codice sorgente e guida al rilevamento.

    insicurezzadigitale.com/kit-ai

  26. Kit AiTM contro AWS: Datadog svela una campagna di phishing che bypassa l’MFA in tempo reale

    Tra il 16 e il 19 giugno 2026, una campagna di phishing mirato ha preso di mira le credenziali della console AWS usando tecniche adversary-in-the-middle per intercettare MFA via email, SMS e TOTP in tempo reale. Datadog Security Research ha analizzato il kit, pubblicando IoC, codice sorgente e guida al rilevamento.

    insicurezzadigitale.com/kit-ai

  27. Skill AI malevola raggiunge 26.000 agenti: la tecnica del mutable link che inganna tutti gli scanner di sicurezza

    I ricercatori di AIR hanno costruito una skill AI fasulla, l'hanno caricata su un marketplace e promossa via Instagram, raggiungendo 26.000 agenti — inclusi account aziendali — senza che un singolo scanner la rilevasse. La tecnica: un link esterno modificabile dopo il superamento dei controlli di sicurezza.

    insicurezzadigitale.com/skill-

  28. Skill AI malevola raggiunge 26.000 agenti: la tecnica del mutable link che inganna tutti gli scanner di sicurezza

    I ricercatori di AIR hanno costruito una skill AI fasulla, l'hanno caricata su un marketplace e promossa via Instagram, raggiungendo 26.000 agenti — inclusi account aziendali — senza che un singolo scanner la rilevasse. La tecnica: un link esterno modificabile dopo il superamento dei controlli di sicurezza.

    insicurezzadigitale.com/skill-

  29. Beschleunigung durch AI: Die Zero-Day-Clock zeigt die Entwicklung. 8 Stunden dauert es nur noch im Schnitt von der CVE-Veröffentlichung bis zur Ausnutzung.

    zerodayclock.com/

    #AI #KI #ZeroDayClock #Exploit #ZeroDay #infosec

  30. 🔹 THREAT INTELLIGENCE

    Weekly Threat Roundup: 2026-06-15 to 2026-06-21

    Roundup | HIGH
    CVEs: CVE-2026-20262

    Cybersecurity roundup for 2026-06-15 to 2026-06-21. 1 CVE advisories, 5 breach reports, 3 threat news stories.

    Full analysis:
    yazoul.net/news/article/2026-w

    #InfoSec #ZeroDay #ThreatHunting

  31. Qilin Ransomware Attacks Exploit Zero-Day in Check Point VPN Vulnerability

    Pulse ID: 6a37ead6c2b4d6abae58d5fc
    Pulse Link: otx.alienvault.com/pulse/6a37e
    Pulse Author: cryptocti
    Created: 2026-06-21 13:44:54

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #CheckPoint #CyberSecurity #InfoSec #OTX #OpenThreatExchange #RansomWare #VPN #Vulnerability #ZeroDay #bot #cryptocti

  32. Qilin Ransomware Attacks Exploit Zero-Day in Check Point VPN Vulnerability

    Pulse ID: 6a37ead6c2b4d6abae58d5fc
    Pulse Link: otx.alienvault.com/pulse/6a37e
    Pulse Author: cryptocti
    Created: 2026-06-21 13:44:54

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #CheckPoint #CyberSecurity #InfoSec #OTX #OpenThreatExchange #RansomWare #VPN #Vulnerability #ZeroDay #bot #cryptocti

  33. Windows. Neuer Proof-of-Concept-Exploit von Chaotic Eclipse (aka Nightmare Eclipse) für
    RoguePlanet ZeroDay in Defender.

    Microsoft bestätigt, dass der RoguePlanet Zero-Day Microsoft Defender betrifft und als CVE-2026-50656 (CVSS-Score von 7,8) getrackt wird. Die Sicherheitslücke ermöglicht eine Rechteausweitung über die Microsoft Malware Protection Engine.

    github.com/MSNightmare/RoguePl

    #Microsoft #Windows #ZeroDay #infosec

  34. Een ministerie weet in maart dat het is gehackt. Pas in juni weet het hoe.

    Elke dag een nieuwe vraag die je kunt beantwoorden op ccinfo.nl

    Hoe lang zou uw organisatie erover doen om te achterhalen wat een aanvaller precies heeft meegenomen?

    #Cybersecurity #zeroday #Rijksoverheid #incidentrespons #informatiebeveiliging

  35. ClickFix si evolve: BabaDeda, Lorem Ipsum Loader e Potemkin portano ransomware e RAT con architetture modulari anti-detection

    Tre ricerche indipendenti documentano l'evoluzione di ClickFix come framework di delivery ransomware di prima scelta: BabaDeda Loader, Lorem Ipsum Loader (attribuito a Vanilla Tempest/Rhysida) e Potemkin mostrano un'architettura sempre più modulare pensata per eludere il rilevamento.

    insicurezzadigitale.com/clickf

  36. ClickFix si evolve: BabaDeda, Lorem Ipsum Loader e Potemkin portano ransomware e RAT con architetture modulari anti-detection

    Tre ricerche indipendenti documentano l'evoluzione di ClickFix come framework di delivery ransomware di prima scelta: BabaDeda Loader, Lorem Ipsum Loader (attribuito a Vanilla Tempest/Rhysida) e Potemkin mostrano un'architettura sempre più modulare pensata per eludere il rilevamento.

    insicurezzadigitale.com/clickf

  37. «Rekord-Datenleck — 24 Milliarden Zugangsdaten offen im Netz:
    Ein ungeschützter Server enthielt 24 Milliarden Zugangsdaten im Klartext. Laut Cybernews sind Milliarden Konten ohne Multi-Faktor-Authentifizierung bedroht»

    Ob nun Arch Linux, JavaScript, Microsoft Produkte oder Online-Dienste, fast kein Tag ohne Zero-Day Meldungen. Nun aber Kundendaten im Klartext ungeschützt aufbewahren ist so was von Vorgestern.

    🔓 it-daily.net/it-sicherheit/cyb

    #hacker #datenschutz #datenleck #online #zeroday #klartext

  38. «Rekord-Datenleck — 24 Milliarden Zugangsdaten offen im Netz:
    Ein ungeschützter Server enthielt 24 Milliarden Zugangsdaten im Klartext. Laut Cybernews sind Milliarden Konten ohne Multi-Faktor-Authentifizierung bedroht»

    Ob nun Arch Linux, JavaScript, Microsoft Produkte oder Online-Dienste, fast kein Tag ohne Zero-Day Meldungen. Nun aber Kundendaten im Klartext ungeschützt aufbewahren ist so was von Vorgestern.

    🔓 it-daily.net/it-sicherheit/cyb

    #hacker #datenschutz #datenleck #online #zeroday #klartext

  39. Nightmare Eclipse: один против Microsoft

    Хабр, привет! На связи Владимир Шнейдмюллер, аналитик-исследователь угроз кибербезопасности R-Vision. Вокруг Nightmare Eclipse за последние недели успело сложиться почти всё, что обычно сопровождает громкие публичные zero-day: резкие заявления автора, споры о такой практике раскрытия, быстрые проверки PoC сообществом, первые форки и закономерный вопрос - что из этого можно увидеть в телеметрии, а что останется почти полностью за пределами SIEM? Мы разобрали несколько опубликованных PoC и в этой статье начнем с первых трёх: YellowKey, GreenPlasma и MiniPlasma. Они существенно различаются как по векторам атак, так и по возможностям обнаружения. YellowKey интересен как обход BitLocker через WinRE, но почти не оставляет удобных событий в ОС. GreenPlasma демонстрирует низкоуровневый примитив на стыке CTF/Winlogon и Windows Object Manager. MiniPlasma, наоборот, уже дает практический сценарий локального повышения привилегий, где можно строить вполне рабочие детекты по реестру, файловой системе и запуску процессов. Ниже не будет пошаговой инструкции по эксплуатации. Нас интересуют механика, артефакты и точки наблюдения, которые полезны SOC и threat hunting-командам.

    habr.com/ru/companies/rvision/

    #кибербезопасность #управление_уязвимостями #zeroday #windows #bitlocker #poc #winre #MiniPlasma #YellowKey #GreenPlasma

  40. 🔵 THREAT INTELLIGENCE

    Cisco Releases Security Updates for Actively Exploited SD-WAN Manager Flaw

    Vulnerability | CRITICAL
    CVEs: CVE-2026-20262

    Cisco has released security updates to address a vulnerability in the Catalyst SD-WAN Manager, tracked as CVE-2026-20262, that was exploited in...

    Full analysis:
    yazoul.net/news/article/cisco-

    #InfoSec #ZeroDay #SecurityOps

  41. Europarat gehackt – dank Oracle.

    Die Besetzungsliste: ShinyHunters, Oracle, der Europarat. Die Handlung: Vor mehr als zwanzig Jahren hat Oracle* nach einer wahren Übernahmeschlacht die Firma PeopleSoft geschluckt. Deren Software wird vor allem in den USA eingesetzt, aber eben auch im Europarat. Die Software enthielt eine Zero-Day Sicherheitslücke CVE-2026-35273, die von ShinyHunters ausgenutzt wurde. Die Hackergruppe will darüber mehr als 100 Institutionen gehackt haben, darunter den Europarat. Dabei seien fast 300 GByte an Daten in die Hände der Erpresser gefallen, darunter Personalakten, Gehaltsabrechnungen, Einkäufe; Lebensläufe, Gehälter,

    pc-fluesterer.info/wordpress/2

    #0day #closedsource #cybercrime #datenleck #datenschutz #exploits #sicherheit #UnplugOracle #UnplugTrump #zeroday

  42. Europarat gehackt – dank Oracle.

    Die Besetzungsliste: ShinyHunters, Oracle, der Europarat. Die Handlung: Vor mehr als zwanzig Jahren hat Oracle* nach einer wahren Übernahmeschlacht die Firma PeopleSoft geschluckt. Deren Software wird vor allem in den USA eingesetzt, aber eben auch im Europarat. Die Software enthielt eine Zero-Day Sicherheitslücke CVE-2026-35273, die von ShinyHunters ausgenutzt wurde. Die Hackergruppe will darüber mehr als 100 Institutionen gehackt haben, darunter den Europarat. Dabei seien fast 300 GByte an Daten in die Hände der Erpresser gefallen, darunter Personalakten, Gehaltsabrechnungen, Einkäufe; Lebensläufe, Gehälter,

    pc-fluesterer.info/wordpress/2

    #0day #closedsource #cybercrime #datenleck #datenschutz #exploits #sicherheit #UnplugOracle #UnplugTrump #zeroday

  43. 🚨 CRITICAL: Cisco Catalyst SD-WAN Manager zero-day (CVE-2026-20262) exploited in the wild. Attackers w/ write access can escalate to root via crafted HTTP requests. Patch now & review access controls! radar.offseq.com/threat/cisco- #OffSeq #Cisco #ZeroDay #Vuln

  44. Targets Education Sector with Oracle PeopleSoft Exploit

    Between May 27 and June 9, 2026, UNC6240 (ShinyHunters) conducted an active compromise and extortion campaign targeting Oracle PeopleSoft application infrastructure. The threat actor exploited CVE-2026-35273, a critical remote code execution vulnerability (CVSS 9.8) in the Environment Management component, as a zero-day before Oracle's June 10, 2026 advisory. Over 100 organizations were potentially affected, with 68 percent operating in higher education and most based in the United States. Attackers deployed customized MeshCentral agents masquerading as Microsoft Azure services, established C2 infrastructure at azurenetfiles.net, and used lateral movement scripts to propagate across internal networks. The campaign culminated in data exfiltration and publication of stolen data on the ShinyHunters Data Leak Site on June 9, 2026. Compromised systems received defacement markers and extortion notices.

    Pulse ID: 6a2b24138a34132bc69a0072
    Pulse Link: otx.alienvault.com/pulse/6a2b2
    Pulse Author: AlienVault
    Created: 2026-06-11 21:09:39

    Be advised, this data is unverified and should be considered preliminary. Always do further verification.

    #Azure #CyberSecurity #Education #Extortion #InfoSec #Microsoft #NET #OTX #OpenThreatExchange #RAT #RCE #RemoteCodeExecution #UnitedStates #Vulnerability #ZeroDay #bot #AlienVault