Oracle PeopleSoft Servers Hacked in ShinyHunters Data Theft Attacks
ShinyHunters hackers have targeted Oracle PeopleSoft servers in a new wave of data theft attacks. The threat actors likely exploited vulnerabilities or misconfigurations in the enterprise software to gain unauthorized access to corporate networks.
Once inside, they focused on exfiltrating sensitive corporate and employee data to use for extortion. This aligns with ShinyHunters’ known tactics of breaching high-value targets and demanding ransoms to prevent massive data leaks.
For organizations using PeopleSoft, the immediate action is clear: audit your configurations and apply recent patches immediately. But the broader lesson is that enterprise resource planning systems are prime targets. They touch payroll, finance, human resources, and supply chain data. A breach here isn’t just a security incident—it’s an operational crisis that affects multiple departments at once.
AgentJacking Attack Tricks AI Coding
A new attack technique dubbed “AgentJacking” has been discovered that tricks AI coding assistants into generating malicious or vulnerable code. Researchers found that attackers can manipulate the context or inputs provided to AI-driven development tools, causing them to output compromised code snippets.
By poisoning the prompts or relying on insecure training data patterns, hackers can introduce hidden backdoors directly into the software supply chain. Developers unknowingly accept these recommendations, seamlessly embedding severe vulnerabilities into production environments.
This demonstrates the growing, silent security risks associated with integrating AI code generation tools into software development workflows. The risk isn’t that AI tools are inherently unsafe. It’s that when developers trust their output without independent review, malicious code becomes easy to hide.
Read more: https://thehackernews.com/2026/06/agentjacking-attack-tricks-ai-coding.html
Microsoft June 2026 Patch Tuesday Fixes 6 Zero-Days, 200 Flaws
Microsoft’s June 2026 Patch Tuesday update addressed an enormous volume of security issues: 200 flaws and 6 zero-days. The massive security update provides critical fixes across a wide range of Microsoft products and services to patch known attack vectors.
Among the resolved vulnerabilities are six zero-day exploits that were already confirmed to be actively used by attackers in the wild. The sheer volume of patches indicates an ongoing and aggressive effort by Microsoft to keep up with newly discovered vulnerabilities.
Prompt patching is absolutely essential this month. Organizations relying on Windows, Microsoft Office, Azure, or Exchange Server need to prioritize these updates. Delay increases the risk that attackers exploiting active zero-days will find your environment still vulnerable.
Microsoft Defender Zero-Day RoguePlanet Grants SYSTEM Privileges
A new Microsoft Defender zero-day exploit named “RoguePlanet” has emerged, granting attackers full SYSTEM-level privileges. Disclosed by an exploit author known as Nightmare Eclipse shortly after June’s Patch Tuesday, the flaw affects Windows 10 and 11 machines.
It abuses local privilege escalation within Windows Defender’s native functionality to grant total system access, bypassing recent Microsoft updates. The exploit is currently unpatched, though Microsoft has been taking down repositories hosting the proof-of-concept to curb its spread.
This zero-day underscores an uncomfortable reality: built-in security tools can become attack vectors for complete system compromise. If an attacker already has a foothold on your machine, they can potentially weaponize Defender itself to gain administrative control. This highlights why endpoint security must include multiple layers—not just reliance on a single built-in tool.
Read more: https://www.threatlocker.com/blog/microsoft-defender-zero-day-rogueplanet-grants-system-privileges
Microsoft Patches Exploited Exchange Server Vulnerability
Microsoft has officially patched an actively exploited zero-day vulnerability in Exchange Server tracked as CVE-2026-42897. The flaw, which involves spoofing and cross-site scripting, impacts Exchange Server Subscription Edition, 2016, and 2019.
By sending specially crafted emails to users, attackers can execute arbitrary JavaScript in the Outlook Web Access browser context. Microsoft originally provided temporary mitigations in mid-May before releasing the permanent patches on June 9.
Patching this Exchange flaw is critical to prevent attackers from silently hijacking email environments via malicious messages. Email is often the entry point for broader compromise. Once an attacker can inject code into Outlook Web Access, they can harvest credentials, send phishing emails to your contacts, or move laterally into internal systems.
Read more: https://www.securityweek.com/microsoft-patches-exploited-exchange-server-vulnerability/
Phishing Campaigns Abusing Vercel’s Free Hosting Platform
Cybercriminals have been independently abusing Vercel’s free hosting platform to run extensive credential-harvesting phishing campaigns. Security researchers discovered that threat actors have been utilizing Vercel’s subdomains to host malicious phishing pages since December 2025.
Across thousands of blocked emails targeting numerous organizations, three distinct campaign clusters were identified, operating completely independently from the high-profile Vercel supply-chain breach reported in April 2026. The campaigns leverage the inherent trust of the legitimate hosting platform to bypass security filters and steal user credentials.
This highlights how attackers continuously weaponize free, legitimate cloud infrastructure to mask their malicious credential-theft operations. Because the hosting comes from a trusted platform, security tools may allow the traffic through or mark it as lower risk. Users see a legitimate domain and are more likely to trust it. Defenders see traffic from Vercel and assume it’s benign.
Read more: https://www.kaseya.com/blog/phishing-campaigns-abusing-vercels-free-hosting-platform/