Zero-Days in Microsoft Defender & Oracle PeopleSoft Exploited; Ransomware Hits Australian Sugar Giant
Summary
This period has been marked by the active exploitation of critical zero-day vulnerabilities, including the 'RoguePlanet' flaw in Microsoft Defender and a remote code execution bug in Oracle PeopleSoft used by ShinyHunters to breach the University of Nottingham. CISA has added actively exploited flaws in Cisco SD-WAN and LiteSpeed's cPanel plugin to its KEV catalog. Meanwhile, a ransomware attack by 'The Gentlemen' has crippled Australia's second-largest sugar producer, and a novel campaign by DragonForce ransomware was found abusing Microsoft Teams for covert communications. This highlights a trend of sophisticated attacks targeting both unpatched and seemingly secure systems.
Today New Articles
Zero-Day 'RoguePlanet' in Microsoft Defender Grants SYSTEM-Level Control
A critical zero-day vulnerability dubbed 'RoguePlanet' has been discovered in Microsoft Defender, affecting fully patched Windows 10 and 11 systems. The flaw, a time-of-check-to-time-of-use (TOCTOU) race condition, allows a local attacker with standard user pe...
Actively Exploited Cisco SD-WAN Flaw Added to CISA KEV Catalog
Cisco has confirmed that a critical path traversal vulnerability, CVE-2026-20262, in its Catalyst SD-WAN Manager is being actively exploited. The flaw allows an authenticated attacker to overwrite arbitrary files and escalate privileges to root. Affecting all...
Ransomware Attack by 'The Gentlemen' Shuts Down Major Australian Sugar Producer
Mackay Sugar, Australia's second-largest producer of raw sugar, has been forced to halt mill operations following a ransomware attack. The threat group 'The Gentlemen' (tracked as Storm-2697) has claimed responsibility, listing the company on its dark web leak...
China-Linked SprySOCKS Backdoor Adds Windows Variants with Kernel-Level Stealth
The China-linked espionage group 'FishMonger' (part of the Winnti umbrella) has upgraded its SprySOCKS backdoor, previously thought to be Linux-only, with two new Windows variants. The new versions, WIN_DRV and WIN_PLUS, feature significant stealth enhancement...
DragonForce Ransomware Hid C2 Traffic Inside Microsoft Teams Infrastructure
The DragonForce ransomware group demonstrated a novel stealth technique by compromising a major US services firm and hiding its command-and-control (C2) traffic within legitimate Microsoft Teams infrastructure. The attackers used a custom Go-based RAT and dwel...
CISA KEV Catalog Adds Exploited LiteSpeed cPanel Plugin Flaw
The US Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2026-54420, a privilege escalation vulnerability in the LiteSpeed cPanel plugin, to its Known Exploited Vulnerabilities (KEV) catalog. The flaw (CVSS 8.5) allows a user with basic web...
EU Includes Ukraine in Cybersecurity Reserve for Emergency Incident Response
The Council of the European Union has officially approved Ukraine's inclusion in the EU Cybersecurity Reserve. This strategic partnership allows Ukraine to request and receive emergency, on-the-ground support from a pool of trusted private cybersecurity provid...
Vast Malicious Infrastructure Found Delivering EtherRAT and Phishing Kits
Security researchers have discovered a large, active malicious infrastructure responsible for distributing the EtherRAT malware, phishing pages, and other malicious software. The operation utilizes a network of websites with open directories. EtherRAT, a Node....
HIBP Adds 56 Million Emails from Massive Infostealer Log Compilation
The data breach notification service Have I Been Pwned (HIBP) has absorbed a massive new dataset compiled from numerous information-stealing malware logs. This 'June 2026 Stealer Logs' collection contains 56.3 million unique email addresses and 124 million uni...
Microsoft Edge Flaw CVE-2026-11645 Actively Exploited in the Wild
Microsoft has released an urgent security update for its Edge browser to address multiple vulnerabilities, one of which, CVE-2026-11645, is being actively exploited. This critical flaw allows a remote attacker to execute arbitrary code within the browser's san...
Pickle in the Middle: Critical RCE Flaw in Google Vertex AI Enables ML Model Hijacking
Palo Alto Networks' Unit 42 has discovered and disclosed a high-severity vulnerability in Google Cloud's Vertex AI Python SDK that could allow an attacker to achieve remote code execution (RCE) across different customer tenants. The attack, named 'Pickle in th...
Article Updates
AI-Powered Phishing Hits New Levels of Sophistication, Bypassing MFA
Update:The FBI has issued a warning about 'Kali365', a new AI-powered Phishing-as-a-Service platform that automates sophisticated MFA-bypassing attacks against Microsoft 365 environments. Kali365 facilitates OAuth token theft through device code phishing, making thes...
Update:New reports confirm the University of Nottingham breach by ShinyHunters impacted approximately 455,000 current and former students. Attackers exfiltrated 40 GB of sensitive data, including names, addresses, and critically, passport numbers. The university has...
China-Linked Group UNC6508 Bypasses Defenses for Over a Year in Massive Research Data Heist
Update:The UNC6508 campaign's duration has been refined to over two years (September 2023 to November 2025), indicating a longer period of compromise. Crucially, a novel exfiltration technique was identified: the threat actor manipulated Google Workspace email forwar...