Accenture acknowledges security incident following 35GB data theft claim

Accenture appears to have suffered a data breach, the extent of which is currently unknown. On Monday, a threat actor going by the handle “888” posted on the cybercrime forum PwnForums, claiming to have breached the technology consulting co… Continue reading Accenture acknowledges security incident following 35GB data theft claim

Attackers exploit critical Adobe ColdFusion vulnerability (CVE-2026-48282)

CVE-2026-48282, one of the maximum severity vulnerabilities patched in Adobe ColdFusion on June 30, 2026, has been targeted by attackers in the wild. Exploitation attempts were detected on July 2, through the honeypot sensors of cybersecurity threat-in… Continue reading Attackers exploit critical Adobe ColdFusion vulnerability (CVE-2026-48282)

Oracle E-Business Suite Payments flaw under attack (CVE-2026-46817)

Exploitation attempts targeting a critical vulnerability (CVE-2026-46817) in Oracle Payments, the payment-processing module within Oracle’s E-Business Suite (EBS), have been spotted over the weekend, threat intelligence company Defused warned on … Continue reading Oracle E-Business Suite Payments flaw under attack (CVE-2026-46817)

SimpleHelp vulnerability exploited to deliver mighty Djinn Stealer (CVE-2026-48558)

Attackers are exploiting CVE-2026-48558, a recently patched authentication bypass vulnerability in SimpleHelp RMM, to drop the novel Djinn Stealer malware on victim computers. The malware is capable of targeting Windows, macOS, and Linux systems, and &… Continue reading SimpleHelp vulnerability exploited to deliver mighty Djinn Stealer (CVE-2026-48558)

JSP webshells being dropped on unpatched PTC Windchill instances

The US Cybersecurity and Infrastructure Security Agency (CISA) added a vulnerability (CVE-2026-12569) in Windchill and FlexPLM, two product lifecycle management software platforms developed by PTC, to its Known Exploited Vulnerabilities (KEV) catalog. … Continue reading JSP webshells being dropped on unpatched PTC Windchill instances

Mozilla warns of indirect prompt injection risk in AI coding agents

A malicious GitHub repository can silently compromise a developer’s machine without containing a single line of malicious code, security researchers at Mozilla’s Zero Day Investigative Network (0DIN) warned. The attack The proof-of-concept … Continue reading Mozilla warns of indirect prompt injection risk in AI coding agents

Synology issues critical fix for MailPlus Server vulnerabilities

Synology has has fixed critical vulnerabilities in MailPlus Server, a software package used to run private email infrastructure on Synology NAS devices. The security update fixes three flaws: CVE-2026-13136, stemming from faulty authorization checks, m… Continue reading Synology issues critical fix for MailPlus Server vulnerabilities

Mystery hackers use novel SharkLoader dropper against governments, software devs

Kaspersky researchers have uncovered a previously unknown cyberattack campaign that has compromised government organizations and software development companies in multiple countries. They first stumbled onto the campaign while investigating an attack o… Continue reading Mystery hackers use novel SharkLoader dropper against governments, software devs

Law enforcement hits StealC and Amadey malware networks

Operation Endgame, the largest international law enforcement operation aimed at disrupting ransomware and cybercrime infrastructure across the world, has claimed its latest targets: StealC and Amadey. The notice on disrupted websites (Source: Microsoft… Continue reading Law enforcement hits StealC and Amadey malware networks

Cisco Unified CM flaw actively exploited to drop webshells (CVE-2026-20230)

CVE-2026-20230, a server-side request forgery (SSRF) vulnerability affecting Cisco’s Unified Communications Manager (Unified CM), is being exploited to drop webshells and achieve remote code execution capability on the underlying server. “O… Continue reading Cisco Unified CM flaw actively exploited to drop webshells (CVE-2026-20230)