Archive for June 2026
You locked down your dependency pipeline. You audit your npm packages. Your CI/CD is hardened.
You locked down your dependency pipeline. You audit your npm packages. Your CI/CD is hardened. Your AI coding agent still executes whatever ends up in your error logs. Researchers at Tenet Security disclosed a new attack class this week called Agentjacking. Here is how it works: your team uses an AI coding agent — Claude…
Read MoreYour Windows is fully patched. And there’s a public exploit on GitHub that gives attackers SYSTEM on it right now.
Your Windows is fully patched. And there’s a public exploit on GitHub that gives attackers SYSTEM on it right now. On June 10 — hours after Microsoft shipped its June Patch Tuesday update — researcher Nightmare Eclipse published a working exploit called RoguePlanet. It targets a race condition in Microsoft Defender’s quarantine pipeline. Defender runs…
Read MoreYour ERP system has no patch. Hackers are already inside.
Your ERP system has no patch. Hackers are already inside. Oracle issued an emergency out-of-band security alert yesterday for CVE-2026-35273 — a critical unauthenticated remote code execution vulnerability in PeopleSoft PeopleTools 8.61 and 8.62. No password required. An attacker with HTTP access to the Environment Management Hub runs arbitrary code on your ERP server. ShinyHunters…
Read MoreTop 5 Cybersecurity News Stories June 12, 2026
The five stories in this week’s Cybersecurity News Stories June 12, 2026 do not describe organisations that ignored known risks or failed to apply available controls. They describe organisations — and security architectures — whose valid assumptions have been invalidated by conditions that changed without obvious warning. A compliance control that certified “data at rest”…
Read MoreYour backup server just became a CVSS 9.4 problem.
Your backup server just became a CVSS 9.4 problem. Veeam disclosed CVE-2026-44963 on June 9: any authenticated domain user — not an admin, not a privileged account — can execute code directly on a Veeam Backup & Replication server. A standard Active Directory login is enough. The flaw was discovered by watchTowr researcher Sina Kheirkhah.…
Read More
