Oracle on Thursday released an out-of-band advisory addressing a PeopleSoft vulnerability that can be exploited by an unauthenticated attacker for remote code execution. The security alert comes amid reports that the notorious ShinyHunters hacker group has been targeting organizations that… Read More "Oracle Addresses PeopleSoft Vulnerability Amid Reports of Zero-Day Attacks"
For thirty years, vulnerability management ran on a buffer: the months between when a vulnerability was found and when someone could figure out how to weaponize it. The solution was straightforward enough; triage by severity, schedule the fix, validate, and… Read More "AI Broke Vulnerability Management. That’s Why CISOs Are Moving Budget to BAS."
According to the company’s advisory, the vulnerability was initially reported through ServiceNow’s bug bounty program in April, prompting an investigation and subsequent security updates. ServiceNow said hosted customers received a security update (KB3067321) on June 5, while guidance (KB3067372) was… Read More "ServiceNow fixes API issue after reports of suspicious tenant activity"
The war in Iran was less than 24 hours old when it produced a historic first: the deliberate targeting of commercial data centers. On March 1st, Iranian drones hit three Amazon Web Services (AWS) facilities in the United Arab Emirates… Read More "What to have on your radar"
Many cybersecurity teams are struggling to keep up with emerging technologies and the challenges around securing their organizations against them because they don’t have the time to undertake the necessary training, a new study has warned. The research, published by… Read More "Most Security Teams Struggle to Find Time for Training on New Threats"
Encrypted Spaces is, in some sense, the next generation of the Signal protocol, but for more complex and fully featured tools that go beyond messaging and calls, says Matt Green, a cryptography-focused professor of computer science at Johns Hopkins. “They’ve… Read More "Signal Alums Reveal ‘Encrypted Spaces,’ a System for Making Private Collaboration Apps"
Threat actors have begun exploiting a high-severity vulnerability in the popular low-code AI development platform Langflow, according to VulnCheck. Tracked as CVE-2026-5027 (CVSS score of 8.8), the security defect is described as a path traversal issue that allows attackers to… Read More "Hackers Exploit Langflow Vulnerability for Remote Code Execution"
The Vietnam-aligned threat actor known as OceanLotus has been attributed to two distinct campaigns that targeted domestic entities and stock investors with a backdoor known as SPECTRALVIPER. The campaigns involve a prolonged cyber espionage operation aimed at a Vietnamese infrastructure… Read More "OceanLotus Hits Vietnam Investors With SPECTRALVIPER in FireAnt Attack"
Trust is operational, not emotional SRE teams do not trust tools in the abstract. They trust behavior under stress. A platform earns credibility when it helps engineers make better decisions during noisy alerts, partial outages, failed deploys and ambiguous telemetry,… Read More "What SRE teams need before they trust AI agents"
ESET’s Jake Moore used smart glasses, deepfakes and face swaps to ‘hack’ widely-used facial recognition systems – and he’ll demo it all at RSAC 2026 13 Mar 2026 • , 2 min. read Facial recognition is increasingly embedded in everything… Read More "What it takes to fool facial recognition"
