🚨 CVE-2026-35273 in Oracle PeopleSoft EMHub enables unauthenticated RCE. 🔹 Active exploitation reported 🔹 Affects PeopleTools 8.61 / 8.62 🔹 Internet-facing systems are highest risk  hubs.la/Q04lccFz0 #CyberSecurity #Oracle #RCE

Most Phishing-as-a-Service ops hide behind faceless brands. Meet "Rock"—the one-man show running an entire PhaaS/MaaS empire. 🎣 Tracked by SOCRadar as "The Quarry," this ecosystem supports ~200 operators using U.S. tax lures & legit RMMs to compromise targets via Telegram C2. Over 90% of victims are in the U.S. Want to know how one dev built a massive threat network? The full SOCRadar whitepaper drops Monday, June 15, 2026. 📄👇 hubs.la/Q04lcpdd0 #CyberSecurity #ThreatIntel #Phishing #MaaS #InfoSec

Does your server care if it was taken offline by a hacker, a signal jammer, or a missile? Nope. It’s just offline. 💥 NATO realized this a decade ago. Today, cyber, electronic warfare, and kinetic strikes are deployed as a single, coordinated move. From GPS spoofing in civilian shipping lanes to the frontlines in Ukraine, the physical and digital battlefields have completely merged. What does this mean for your attack surface? Dive into our latest breakdown to understand the modern threat and mitigate the risk. 👇 hubs.ly/Q04l3yg50 #CyberWarfare #ThreatIntel #Geopolitics #InfoSec

Tengu Ransomware didn't just launch; it sprinted. 🏃‍♂️💨 In under 6 months, this RaaS group claimed 50 victims before pulling a classic dark web rebrand to "Shisa" in March 2026. Their playbook? 🔹 Double-extortion 🔹 Windows, Linux & ESXi targeting 🔹 Fast intermittent encryption 🔹 LOLBins & cloud exfil Structured affiliate models and low-noise tradecraft are a dangerous combo. Get the full profile and learn how to mitigate the risk: hubs.la/Q04l0Sc20 #CyberSecurity #Ransomware #ThreatIntelligence #DarkWeb

Hong Kong is a global financial hub, which makes it a massive target for cybercriminals. But the threat landscape has a few surprises. 🇭🇰📊 The Dark Web: It’s a seller's market. 87% of activity is stolen databases, with Finance & Insurance taking the hardest hits. 💸 The Phishing Scene: You’d expect banking lures, but Arts & Entertainment dominates (61%). The #1 lure? NetEase Cloud Music. 🎵 The Reality Check: 78.5% of these phishing sites use HTTPS. The browser padlock is officially a lie. 🔒❌ Time to update your threat models and strengthen your posture. hubs.la/Q04kN29H0 #ThreatIntel #HongKong #CyberSecurity #DarkWeb #Phishing

Hong Kong is a global financial hub, which makes it a massive target for cybercriminals. But the threat landscape has a few surprises. 🇭🇰📊 The Dark Web: It’s a seller's market. 87% of activity is stolen databases, with Finance & Insurance taking the hardest hits. 💸 The Phishing Scene: You’d expect banking lures, but Arts & Entertainment dominates (61%). The #1 lure? NetEase Cloud Music. 🎵 The Reality Check: 78.5% of these phishing sites use HTTPS. The browser padlock is officially a lie. 🔒❌ Time to update your threat models and strengthen your posture. hubs.la/Q04kW9vY0 #ThreatIntel #HongKong #CyberSecurity #DarkWeb #Phishing

SaaS platforms are great until an exposed API leaves your data wide open. 🚨 The recent #ServiceNow breach is a harsh reminder: unauthenticated endpoints can quickly turn into a customer data nightmare. Even if attackers only get "read-only" access, your tickets, attachments, and operational secrets are still up for grabs. Check your configs and mitigate the risk. 👇 hubs.la/Q04kNDsv0 #CyberSecurity #DataBreach #ThreatIntel #SaaS

Nothing ruins a day quite like a CVSS 10.0 vulnerability on an internet-facing appliance. 🚨 Meet CVE-2026-10520: a critical OS command injection flaw in Ivanti Sentry that hands over remote, unauthenticated root RCE. Here is why this needs to be at the top of your to-do list today: 🔹 Zero friction: It requires absolutely no credentials or user interaction. 🔹 Maximum impact: CVSS 10.0 means it doesn't get worse than this. 🔹 The Fix: Patches are available now in R10.5.2, R10.6.2, and R10.7.1. While there is no confirmed in-the-wild exploitation *yet*, this is exactly the type of edge-device flaw that threat actors race to weaponize. Don't give them the opportunity. Patch immediately to strengthen your posture and mitigate the risk. 🔍 Read the full breakdown here: hubs.la/Q04kVLt70 #CyberSecurity #Ivanti #RCE #VulnerabilityManagement #ThreatIntel #InfoSec

SAP admins, grab your coffee. ☕️ June 2026 Patch Day just dropped 4 critical vulnerabilities you can't ignore. Leading the pack: 🔴 CVSS http://9.9: A SAML auth bypass that lets attackers forge identities. 🔴 CVSS http://9.8: Unauthenticated memory corruption that CISA warns is automatable. Time to patch and mitigate the risk before threat actors do the work for you. Full breakdown 👇 hubs.la/Q04kStDQ0 #SAP #CyberSecurity #PatchTuesday #Vulnerability

Cancel your afternoon plans. Microsoft’s June 2026 Patch Tuesday is a monster. 🚨 They just dropped fixes for 206 vulnerabilities, including 3 zero-days. The standout? CVE-2026-49160, which brings the infamous HTTP/2 Bomb right to Windows http://HTTP.sys. With a nasty mix of internet-facing and post-exploitation risks, it's time to patch and mitigate the exposure. 👇 hubs.la/Q04kT_Bs0 #CyberSecurity #PatchTuesday #Microsoft #ZeroDay

Double trouble in the latest CISA KEV update. 🚨 Threat actors are targeting both the cutting edge and the front door: 1️⃣ CVE-2026-42271 (LiteLLM): Exposed AI gateways leading to command execution. 2️⃣ CVE-2026-50751 (Check Point VPN): Auth bypass right at your perimeter. One sits in your AI workflows. The other sits at your network edge. Patch now to mitigate the risk. 👇 hubs.la/Q04kKwfn0 #CyberSecurity #CISA #KEV #VulnerabilityManagement #ThreatIntel

If your team treats browser updates like a suggestion, today is the day for a reality check. 🚨 Google just confirmed CVE-2026-11645—a high-severity zero-day in Chrome's V8 engine—is actively exploited in the wild. One bad click on crafted content = in-browser code execution. The fix is live in Chrome 149, but here is the catch: it does nothing until the browser restarts. Tell your users to close their 400 open tabs to actually mitigate the risk. 👇 hubs.la/Q04kLhNY0 #CyberSecurity #ZeroDay #Chrome #ThreatIntel

A routine pip install shouldn't be a nightmare, but here we are. 🐍🚨 The new Shai-Hulud “Hades” PyPI wave is actively turning dependency installs into full CI/CD compromises. 🔹 19 trojanized packages 🔹 37 malicious wheels 🔹 Code executes via Python startup hooks (no import needed!) 🔹 Steals cloud creds, SSH keys & CI secrets One infected dev environment is all it takes to expose the rest. Time to audit those dependencies. 👇 hubs.la/Q04kBYKx0 #CyberSecurity #PyPI #SupplyChainSecurity #DevSecOps

Bold claims or actual disruption? 📡🚨 Pro-Iranian threat group Handala claims they’ve disrupted Israeli radar systems amidst active missile exchanges today. They’re also flexing screenshots of a compromised VoIP admin panel in central Israel. Handala (tied to Iran's MOIS) has a history of real damage—like the 2026 Stryker wiper attack—but also a habit of exaggerating. So far, the radar claim is completely unverified. We're tracking this closely to provide timely alerts as the situation develops. 👇 hubs.ly/Q04ktxYC0 #ThreatIntel #CyberWarfare #Handala #InfoSec

Most ransomware groups start slow, quietly courting affiliates in the shadows. Vect just kicked the door down. 🚪💥 Since their New Year's Eve 2025 debut, they’ve spent exactly zero time hiding. In just 4 months, Vect has: 🌍 Hit 25 victims across 5 continents 🤝 Partnered with BreachForums for massive affiliate access 🔗 Tied their extortion pipeline to TeamPCP (the crew behind the Trivy & Checkmarx supply chain attacks) They aren't just launching; they're aggressively scaling. socradar.io/blog/2026-fifa-w… #Ransomware #ThreatIntel #SupplyChainAttacks #CyberSecurity