Weekly INK

Oracle PeopleSoft servers hacked in ShinyHunters data theft attacks Source: BleepingComputer Oracle PeopleSoft servers are being targeted in ongoing data theft attacks attributed to ShinyHunters, with the group claiming data from more than 100 organizations. The report is notable because PeopleSoft often supports HR, payroll, finance, procurement, and student administration, making exposed systems a high-value business data target. Link to article Critical HVAC and UPS Vulner

Cyber Insurance Rates Are Dropping, but Exclusions Widen Source: Dark Reading Cyber insurance coverage is slowly changing, and some policies may not provide coverage for social engineering attacks like ClickFix. The good news for enterprises is that cyber insurance policies are still affordable. The bad news is that coverage exclusions are increasing, and some might catch customers by surprise. Link to article VS Code zero-day lets hackers steal GitHub tokens in one click Sou

KnowledgeDeliver flaw exploited as a zero-day to install web shells Source: BleepingComputer Attackers exploited CVE-2026-5426, a deserialization flaw in the KnowledgeDeliver LMS, to gain unauthenticated remote code execution and deploy the Godzilla web shell. Mandiant said the issue stemmed from shared hardcoded ASP.NET machine keys, enabling malicious ViewState payloads and follow-on delivery of a Cobalt Strike backdoor. Link to article Feeding Frenzy: 'Megalodon' Malware I

On-Prem Microsoft Exchange Server CVE-2026-42897 Exploited via Crafted Email Source: The Hacker News Microsoft disclosed active exploitation of CVE-2026-42897, a spoofing flaw rooted in cross-site scripting on on-premises Exchange. The issue can let attackers deliver crafted emails that execute JavaScript in Outlook Web Access sessions. CISA has already added the bug to its known exploited vulnerabilities catalog, underscoring the urgency for defenders. Link to article Critic

CISA gives feds four days to patch Ivanti flaw exploited as zero-day Source: BleepingComputer CISA told federal agencies to secure Ivanti Endpoint Manager Mobile after CVE-2026-6973 was seen in zero-day attacks. The flaw can enable remote code execution on vulnerable on-prem systems, and exposed internet-facing appliances remain a concern. It is a strong reminder that device management platforms can become high-value attack paths. Link to article China's 'FamousSparrow' APT N

Attacks Abuse Windows Phone Link to Steal Texts & Bypass 2FA Source: Dark Reading Researchers say attackers are abusing Microsoft Phone Link on compromised Windows systems to intercept SMS messages and one-time passcodes from paired phones without infecting the mobile device itself. The campaign shows how trusted cross-device features can quietly become a path to credential theft and two-factor bypass. Link to article MetInfo, Weaver E-cology Vulnerabilities in Attackers’ Cro

Fresh Wave of GlassWorm VS Code Extensions Slices Through Supply Chain Source: Dark Reading Attackers are seeding Open VSX with sleeper VS Code extensions that look legitimate at first and later deliver self-propagating malware. Researchers said the campaign is scaling through cloned listings, delayed payload activation, and extension update abuse, raising the risk of developer workstation compromise and downstream software supply chain poisoning. Link to article Critical Git

Kyber Ransomware Gang Toys with Post-Quantum Encryption on Windows Source: BleepingComputer A newly identified ransomware operation called Kyber is targeting Windows servers and VMware ESXi environments, with its Windows variant implementing Kyber1024 post-quantum key encapsulation to protect symmetric encryption keys — a notable first among active ransomware groups. Rapid7 analyzed both variants, finding the Windows version written in Rust deletes shadow copies, disables bac

EDR-Killer Ecosystem Expansion Requires Stronger BYOVD Defenses Source: Dark Reading EDR killers, once a rarity in the threat landscape, are now linchpins of perplexing ransomware attacks, leaving enterprise security teams scrambling for answers. Over the past year, security researchers have observed an expansion of the ecosystem around these tools, which can disable endpoint detection and response (EDR) platforms and other threat detection products in a targeted environment.