Issue #202 - June 08, 2026
- 4 days ago
- 2 min read
Oracle PeopleSoft servers hacked in ShinyHunters data theft attacks
Source: BleepingComputer
Oracle PeopleSoft servers are being targeted in ongoing data theft attacks attributed to ShinyHunters, with the group claiming data from more than 100 organizations. The report is notable because PeopleSoft often supports HR, payroll, finance, procurement, and student administration, making exposed systems a high-value business data target.
Critical HVAC and UPS Vulnerabilities Could Let Hackers Disrupt Data Centers
Source: SecurityWeek
Researchers disclosed critical flaws affecting Vertiv UPS network cards and the Trane Tracer SC+ HVAC controller. The weaknesses could enable remote control, code execution, denial of service, or information disclosure against systems that support power and cooling. The story highlights how cyber exposure in facilities technology can become operational disruption.
Six Proto6 Vulnerabilities in protobuf.js Expose Node.js Apps to RCE and DoS
Source: The Hacker News
Researchers identified six Proto6 vulnerabilities in protobuf.js, a widely used JavaScript and TypeScript Protocol Buffers implementation. Exploitation could allow remote code execution or denial-of-service conditions when affected Node.js applications process malicious schemas, descriptors, or payloads, raising risk for APIs, cloud libraries, CI/CD pipelines, and messaging frameworks.
Bug Bounty Research Triggers ServiceNow Security Alert
Source: Dark Reading
Dark Reading reports that bug bounty research triggered a ServiceNow security alert after activity around customer instances raised breach concerns. The incident shows how configuration and access control issues in major enterprise platforms can create confusion, exposure, and urgent response work even before full technical details are publicly available.
Exposed Fuel Tank Gauges Under Attack in the US
Source: Dark Reading
Threat actors are abusing internet-exposed fuel tank gauges at U.S. gas stations, creating a cyber-physical risk for operators. The attacks show how overlooked connected devices can become entry points for disruption, especially when operational technology is reachable online and lacks hardened authentication, monitoring, or segmentation.