12.06.2026

The Hacker News 11.06.2026 20:29
The ShinyHunters extortion crew exploited an unpatched flaw in Oracle PeopleSoft to break into enterprise systems, steal data, and demand payment to keep it private. The campaign hit universities hardest.

Google's Mandiant attributes it to the group it tracks as UNC6240, and dates the activity between May 27 and June 9. Oracle did not publish its advisory until June 10, so the bug was a

The Hacker News 11.06.2026 17:43
Security researcher Chaotic Eclipse (aka Nightmare-Eclipse and MSNightmare) has released a new Windows BitLocker bypass dubbed GreatXML, a day after they published an exploit for Microsoft Defender.

"This was an accidental discovery, it took a total of 4 hours to find this," the researcher said in a post on Blogger. "If you ever attempted to use Windows Defender Offline Scan, you're

Heise Security 11.06.2026 12:11
Auch in FreeBSD haben IT-Forscher eine Sicherheitslücke gefunden, die die Rechteausweitung ermöglicht. Name: „Bumsrakete[tm]“.

CSO Online 11.06.2026 09:57
A botnet made up of compromised small office and Internet of Things devices has grown into a larger reconnaissance network capable of rapidly identifying vulnerable internet-facing systems after public vulnerability disclosures, researchers said.
The botnet, tracked by Lumen’s Black Lotus Labs as JDY, now comprises more than 1,500 compromised small office and home office, or SOHO, and IoT devices, and is being used to “discover, fingerprint and continuously map exposed services at scale.”

Heise Security 11.06.2026 08:45
Zwei Sicherheitslücken bedrohen Ivanti Endpoint Manager Mobile. Sicherheitspatches schaffen Abhilfe.

Heise Security 11.06.2026 07:52
In aktuellen Versionen haben die OpenSSL-Entwickler insgesamt 18 Sicherheitslücken geschlossen.

Golem 11.06.2026 07:47
Chaotic Eclipse ist wohl doch nicht so erschöpft wie behauptet. Ein neuer Exploit zur Umgehung von Bitlocker auf Windows-Geräten ist noch drin. (Sicherheitslücke, Microsoft)

The Hacker News 11.06.2026 06:23
GitHub has announced what it said are "breaking changes" coming to npm version 12, one of which turns off install scripts by default to combat software supply chain threats.

The changes aim to combat attack techniques that abuse the "npm install" command to trigger the execution of malicious code using npm lifecycle hooks. "Npm install" is used to download and install all the necessary

Heise Security 11.06.2026 06:05
Oracle schließt außerhalb der üblichen Zeitpläne mit einem Update eine kritische Codeschmuggel-Lücke in PeopleSoft.