CSO Online

Oracle PeopleSoft zero‑day fuels ShinyHunters extortion spree

Attackers leveraged a critical unauthenticated RCE bug to breach higher‑ed institutions, deploy stealth remote access tools, ...
InfoQ

Oracle's OpenJDK Bans Generative AI Contributions While Oracle's GraalVM Allows Them

Two related, Oracle-backed projects published opposing policies on open-source contributions created with generative AI: The ...
Dark Reading

Max-Severity Ivanti Flaw Exploited 24 Hours After Disclosure

Threat actors pounced on a critical Ivanti Sentry vulnerability within 24 hours of its disclosure, using a public proof-of-concept (PoC) exploit in attacks. Ivanti disclosed Tuesday CVE-2026-10520, an ...
CSO Online

Protocol Buffers schemas expose remote code execution risk

Researchers at Cyera found six vulnerabilities in protobuf.js, including a flaw that can turn attacker-controlled schema data ...