Ticker feed

A severe vulnerability chain in Splunk Enterprise is letting unauthenticated attackers execute remote code, no login required. Tracked as CVE-2026-20253 with a CVSS score of 9.8, the flaw targets the PostgreSQL Sidecar Service introduced in Splunk Enterprise 10 and later.

The service is active by default on AWS deployments, making cloud installations immediately exposed. Researchers at watchTowr Labs found attackers can send crafted HTTP requests to internal API endpoints, manipulate file paths, inject malicious database connections, and ultimately overwrite Python scripts to run arbitrary commands.

Splunk has released a patch — AWS users should prioritize updating immediately.

Source: Cybersecurity News

A well-known hacking group has breached the University of Nottingham's systems, accessing "a significant amount of data" — including financial information — belonging to current students and alumni. The university confirmed the attack on Wednesday and has since set up a helpline, notified police, and alerted the Information Commissioner's Office, the Office for Students, and Action Fraud.

Students and graduates are rattled. Incoming law student Tolu Olufunwa, 17, said the breach made her question her university choice. Graduate Jacob Edwards, 23, criticized the university's vague communication. Former applicant Margaret Ladipo, 19, has already changed her bank details and passwords after learning her national insurance number was compromised.

Source: BBC News

The ShinyHunters extortion gang exploited a critical zero-day vulnerability in Oracle's PeopleSoft software between May 27 and June 9, 2026, compromising more than 300 instances across 100+ organizations. The flaw, CVE-2026-35273 (CVSS 9.8), allowed unauthenticated remote code execution through PeopleSoft's Environment Management Hub service.

About 68% of targeted organizations were higher education institutions. The University of Nottingham confirmed a breach, with ShinyHunters claiming 40 GB of student records stolen. Oracle patched the vulnerability on June 10 after researchers flagged it. Organizations are urged to disable or block external access to the EMHub service immediately.

Source: Dark Reading

GitHub is overhauling npm with version 12, flipping three long-standing permissive defaults to fight software supply chain attacks. Starting July 2026, npm will block install scripts, Git dependencies, and remote URL packages by default — all requiring explicit developer opt-in. Developers can preview the changes now by upgrading to npm v11.16.0.

Security experts are cautiously supportive. Semgrep's Isaac Evans praised the structural approach but warned attackers will pivot to private repositories like Artifactory. Researcher Paul McCarty fears developers will blindly approve blocked scripts just to get builds working — potentially turning the update into security theatre.

Source: Infosecurity Magazine

South Korea has slapped e-commerce giant Coupang with a record $400 million fine after a data breach exposed personal information belonging to roughly 37.5 million users — more than half the country's population. Seoul's Personal Information Protection Commission found the company failed to properly manage authentication keys and access controls. Regulators added a separate penalty for collecting data without user consent.

Coupang says the breach likely started as early as June through a foreign server and initially affected 4,500 accounts before ballooning to nearly 34 million. The company's CEO resigned following the incident. Coupang plans to fight the ruling in court.

Source: BBC News

A researcher known as Nightmare-Eclipse has released yet another Microsoft zero-day exploit — this one called RoguePlanet — timed to drop right after Microsoft's June Patch Tuesday, which addressed a record 206 CVEs.

The new exploit targets Windows Defender via a race condition, potentially granting attackers full SYSTEM-level access on Windows 10 and 11. It's the latest salvo in a months-long feud that began in April with the BlueHammer exploit. Microsoft has since patched several of Nightmare-Eclipse's disclosures, but real-world exploitation has already occurred.

The researcher claims to have more vulnerabilities in Defender and other Windows components ready to go.

Source: Dark Reading

A malware attack has knocked out IT systems at Great Marlow School in Buckinghamshire, forcing a partial closure on Wednesday. The school can't contact parents via email, teachers can't set work, and internal exams for Years 10 and 12 have been postponed. Only Year 11 and 13 students are required in for external exams.

Headteacher Guy Pendlebury confirmed the school is working with cybersecurity professionals to restore systems, following guidance from the Department for Education and the National Cyber Security Centre. The school, famously attended by Olympic rower Steve Redgrave, says student safety remains its top priority.

Source: BBC News

Two Russia-linked hacker groups — Gamaredon and Shadow-Earth-066 — are actively exploiting a WinRAR vulnerability (CVE-2025-8088) that's been patched since July 2024, targeting Ukrainian military and government organizations through weaponized phishing emails.

The attacks differ in execution but share the same goal. Shadow-Earth-066 deploys the GiftedCrook stealer to harvest credentials and documents, while Gamaredon plants espionage malware via malicious HTA files. Both abuse WinRAR's path traversal flaw to drop payloads into Windows Startup folders.

The flaw stays dangerous because WinRAR doesn't auto-update and falls outside standard enterprise patching tools — leaving millions of endpoints exposed.

Source: Dark Reading

A 2020 cyberattack on South Staffordshire Water exposed the personal data of 633,887 people, with over 4.1 terabytes of information — including bank details and National Insurance numbers — ending up on the dark web. The breach went undetected for 20 months.

Victims like Chris Durham, 53, had phones fraudulently taken out in his name and spent months fighting to recover £60 monthly charges he never authorized. Another customer, Nigel Calladine, 75, had to change his email and bank accounts entirely after six months of phishing attacks.

The ICO fined South Staffordshire £963,900. Customers say the fine doesn't go far enough.

Source: BBC News

A self-replicating worm called Shai-Hulud has infected over 100 packages across NPM and PyPI since September 2025, with attacks sharply escalating in recent weeks. After hacking group TeamPCP released the worm's source code in mid-May, clones emerged fast.

The latest variants — Miasma and Hades — harvest credentials, API keys, and tokens, then spread by infecting packages the victim can access. Red Hat's Hybrid Cloud Console was among the targets, alongside SDKs like Vapi and Wrangler. In total, 471 malicious artifacts have been identified, including PyPI wheel files tied to the Hades branch.

Source: SecurityWeek