4 articles
A critical, unauthenticated RCE in Oracle PeopleSoft let ShinyHunters compromise universities and other organizations for weeks before Oracle's advisory caught up. Google notified 100+ potentially exposed organizations. The technical breakdown, IOCs, and what to hunt for.
RoguePlanet is the latest public Nightmare Eclipse proof-of-concept targeting Microsoft Defender. The code points to a race condition that turns Defender cleanup behavior into SYSTEM execution.
A researcher discovered a zero-day that bypasses BitLocker encryption on Windows 11 using a USB stick and the recovery environment — and suspects the component may be intentional. CVE-2026-45585, CVSS 6.8. Microsoft released an official mitigation on May 21, 2026.
Microsoft's on-prem Exchange Server has an actively exploited XSS zero-day (CVSS 8.1). A single crafted email in OWA triggers arbitrary JavaScript — here's how it works and how to stop it.