Google says ShinyHunters hackers targeting education sector via Oracle exploit

Alphabet's cybersecurity unit Mandiant and Google Threat Intelligence Group said Thursday they had identified an ​active compromise and extortion campaign targeting Oracle's PeopleSoft ‌enterprise ...
The Hacker News

Hacking Salesforce Sites With an LLM Agent

AI agent exploited Salesforce sites; 263 objects, 55 Apex methods exposed at one portal, leading to PII and file leaks.
The Hacker News

LiteLLM Flaw CVE-2026-42271 Exploited in the Wild, Chains to Unauthenticated RCE

CISA added CVE-2026-42271, a high-severity LiteLLM command injection flaw, to its KEV catalog after evidence of active ...

NSA warns that cybercriminals are targeting this one critical component that the energy, chemical, food, agriculture, and transportation sectors rely on - here's what …

Critical infrastructure organizations should move to harden their Automatic Tank Gauge (ATG) systems to defend against ...

Federal agencies warn energy and food sectors of vulnerabilities in tank gauge systems

ATGs are used in multiple critical sectors of industry, and many are still unsecured.
Yonkers Times

Web Application Penetration Testing: How Testers Think Like Attackers to Find Real Exploits

Most organizations find out about security gaps the hard way. By the time a vulnerability surfaces, attackers have already ...

Instagram Hackers Bypass Two-Factor Authentication Using 'Flawed' Meta AI Support System to Steal Rare Verified Accounts

A flaw in Meta's AI-powered Instagram recovery tool allowed attackers to hijack accounts by redirecting password reset links, ...
Tech Times

Ghost CMS SQL Injection Hits 700 Sites: Harvard, DuckDuckGo Serve Fake Cloudflare Malware

Ghost CMS SQL injection campaign has compromised 700+ websites — including Harvard University, Oxford University, and DuckDuckGo — using a CVSS 9.4 flaw to inject ClickFix malware lures that trick ...
Arabian Post

Drupal flaw draws urgent patch race

US cyber authorities have added a critical Drupal Core SQL injection flaw to their exploited-vulnerabilities list after attacks began targeting unpatched websites using PostgreSQL databases, ...
DATAQUEST

India's AI surge exposes software supply chain security gaps

India's software supply chain security challenge is deepening as AI expands the attack surface while many enterprises lack detection and protection tools.
Ars Technica

Google publishes exploit code threatening millions of Chromium users

Google on Wednesday published exploit code for an unfixed vulnerability in its Chromium browser codebase that threatens millions of people using Chrome, Microsoft Edge, and virtually all other ...
CoinTelegraph

THORChain pauses trading after suspected $10M exploit

THORChain paused trading after ZachXBT flagged a suspected $10 million exploit spanning Bitcoin, Ethereum, BNB Chain and Base. Decentralized liquidity protocol THORChain halted trading after ...