Vietnam-linked OceanLotus ran two campaigns from mid-2024 to February 2026, deploying SPECTRALVIPER against a Vietnamese infrastructure corporation and stock investors via a supply chain attack.
Russian national Denis Obrezko was charged for orchestrating Void Blizzard cyberattacks that compromised at least 11 U.S. companies in a Kremlin-linked espionage campaign. The indictment names a specific GRU-affiliated operator, extending the U.S.
Russia and the Taliban have reached a security agreement that serves both parties' immediate interests in countering shared threats in Central Asia. The pact legitimizes Taliban governance through a major-power partnership and complicates U.S. and Chinese strategic calculations in the region.
Hostilities between the U.S. and Iran intensified in early June 2026, effectively ending a truce held since April, as Israel-Hizballah clashes complicated nuclear negotiations. Iran's insistence on linking the two tracks threatens to collapse diplomatic channels entirely.
The Chinese military has significantly grown its special mission aircraft inventory over the past decade, advancing both capability and numbers. The expansion signals Beijing hardening its ISR, electronic warfare, and command functions ahead of potential high-intensity regional conflict.
Trump reversed planned military strikes on Iran, citing progress toward a nuclear deal, but Iranian state media reported no agreement has been reached. The public contradiction between Washington and Tehran exposes negotiating fragility and raises escalation risk if talks collapse.
Four years into the Russia-Ukraine war, Ukraine's resistance evolved beyond predicted insurgency tactics into a sophisticated drone-and-conventional hybrid model. The shift signals a new template for asymmetric warfare against a peer adversary occupying national territory.
Multiple Brickcom camera models running firmware 3.2.3.5.6 carry vulnerabilities scoring 7.7 CVSS that allow unauthenticated remote access to live video and full administrative control.
CISA's Binding Operational Directive 26-04 ordered federal agencies to patch an actively exploited Ivanti Sentry vulnerability within three days. Active in-the-wild exploitation against a product with a history of targeted abuse makes delayed patching untenable for any networked federal environment.
CISA's new Binding Operational Directive 26-04 compresses remediation windows for critical exploited vulnerabilities to 3 days for Federal Civilian Executive Branch agencies. The directive institutionalizes emergency-tempo patching, reflecting CISA's assessment that dwell-time gaps are actively enabling intrusions.
UNC6240 (ShinyHunters) exploited CVE-2026-35273, a CVSS 9.8 RCE flaw in Oracle PeopleSoft, in an active extortion campaign observed May 27–June 9, 2026. The education sector's reliance on legacy ERP infrastructure makes it a systemic soft target for financially motivated actors wielding critical zero-days.
A supply chain attack toolkit appeared in a public repository, a $5,000-per-month RAT capable of cloning browser sessions was identified, and research confirmed AI agents can be manipulated into exfiltrating real credentials.
ShinyHunters exploited CVE-2026-35273, a critical unauthenticated RCE flaw in Oracle PeopleSoft, in active data theft attacks before Oracle issued mitigations. A zero-day in PeopleSoft—widely used for HR and finance data—puts sensitive enterprise records across sectors at immediate risk.
Great Marlow School in the UK shut down operations for 1,428 students following a cyberattack, engaging specialist IT and cybersecurity responders. The closure illustrates how attacks on under-resourced educational institutions now carry immediate real-world disruption equivalent to critical-infrastructure incidents.
CISA disclosed CVSS 9.8 vulnerabilities in Yarbo's Android/iOS app and cloud MQTT infrastructure, allowing attackers to extract hard-coded credentials and issue operational commands to robot fleets.
CISA flagged CVSS 9.8 authorization bypass and missing authentication vulnerabilities across Naxclow's Smart Doorbell X3, V720, ix cam, and X Smart Home platforms, enabling device impersonation and large-scale credential harvesting.
CISA flagged CVE-2026-10520, an OS command injection flaw in Ivanti Sentry, as actively exploited and mandated federal remediation under BOD 26-04. Ivanti vulnerabilities have anchored multiple nation-state intrusion campaigns, making active exploitation a high-confidence escalation signal.
Google confirmed ShinyHunters exploited CVE-2026-35273 in the wild while Oracle declined to publicly acknowledge active exploitation. The divergence between vendor transparency and third-party confirmation exposes a disclosure gap that leaves defenders without authoritative guidance.
Oracle released mitigations for CVE-2026-35273 in PeopleSoft without confirming it was actively exploited by ShinyHunters. Oracle's silence on exploitation status delays enterprise risk prioritization while attacks are reportedly ongoing.
A proof-of-concept exploit dubbed GreatXML leverages Microsoft Defender's offline scan to spawn a SYSTEM shell during Recovery Mode reboot, bypassing BitLocker. The technique targets a trusted Windows security component, undermining full-disk encryption as a last-line physical-access control.