Vulnerabilities & Patches
Your ERP system has no patch. Hackers are already inside.
Your ERP system has no patch. Hackers are already inside. Oracle issued an emergency out-of-band security alert yesterday for CVE-2026-35273 — a critical unauthenticated remote code execution vulnerability in PeopleSoft PeopleTools 8.61 and 8.62. No password required. An attacker with HTTP access to the Environment Management Hub runs arbitrary code on your ERP server. ShinyHunters…
Read MoreYour backup server just became a CVSS 9.4 problem.
Your backup server just became a CVSS 9.4 problem. Veeam disclosed CVE-2026-44963 on June 9: any authenticated domain user — not an admin, not a privileged account — can execute code directly on a Veeam Backup & Replication server. A standard Active Directory login is enough. The flaw was discovered by watchTowr researcher Sina Kheirkhah.…
Read MoreThe biggest Patch Tuesday in Microsoft history dropped yesterday: 200 vulnerabilities. 33 Critical. 3 disclosed zero-days.
The biggest Patch Tuesday in Microsoft history dropped yesterday: 200 vulnerabilities. 33 Critical. 3 disclosed zero-days. And then â hours after the patches shipped â a researcher published an unpatched one that works on fully updated Windows 10 and 11. You patched everything available. You still have a gap. Here is what the June 9…
Read MoreYour VPN just let someone in without a password.
Your VPN just let someone in without a password. Not because they guessed it. Not because someone clicked a phishing link. Because the authentication check never happened at all. CVE-2026-0257 is an authentication bypass in Palo Alto Networks PAN-OS that affects GlobalProtect portal and gateway. The flaw is subtle: when the certificate used to encrypt…
Read MoreYour endpoint manager just delivered malware to every device it manages.
Your endpoint manager just delivered malware to every device it manages. That is not a hypothetical. It happened this week. CVE-2026-35616 is a pre-authentication API bypass in FortiClient Endpoint Management Server (EMS). CVSS 9.1. Actively exploited. Here is what the attack looks like: the attacker authenticates to your EMS without credentials, takes control of the…
Read More
