Top Highlights
- ShinyHunters exploited CVE-2026-35273 in Oracle PeopleSoft to breach over 450,000 student records at the University of Nottingham, exposing sensitive personal data.
- A phishing-as-a-service network linked to China, Outsider, used Gemini for fake website creation and SMS phishing, targeting over 1.5 million URLs.
- Critical vulnerabilities like CVE-2026-50751 and CVE-2026-45657 are actively exploited, enabling remote code execution, bypassing authentication, and network propagation across enterprises.
Threats, Attack Techniques, and Targets
The report highlights several significant cyber threats from the week of June 15. One of the major attacks involved the University of Nottingham in the UK. Hackers, using the CVE-2026-35273 vulnerability, accessed student records stored in Oracle PeopleSoft. This incident affected over 450,000 students and exposed sensitive data. The same vulnerability is being exploited in a wave of attacks on more than 100 organizations.
Another attack targeted Mackay Sugar in Australia. The cyberattack disrupted operations and caused shutdowns at key mills. Attackers also targeted the pharmaceutical company Novo Nordisk in Denmark. They stole pseudonymized clinical trial data and some health information.
AI-related threats also appear. Researchers found flaws in LangGraph, an open-source AI framework. These flaws allowed attackers to run malicious code remotely by chaining SQL injection and deserialization issues.
Additionally, a phishing-as-a-service network called Outsider, based in China, uses fake websites and SMS scams to target victims on a large scale. There is also a concern about prompt-injection attacks on Anthropic’s Claude Code GitHub Action. These can leak secrets like API keys through malicious instructions in issue or pull request texts.
Vulnerabilities are actively exploited, especially CVE-2026-50751. This flaw affects Check Point VPNs using the outdated IKEv1 protocol and has been linked to ransomware activity.
Lastly, nation-state groups exploit the WinRAR flaw CVE-2025-8088 by infecting Ukrainian military and government computers with malware, including password stealers and credential harvesters.
Impact, Security Implications, and Remediation Guidance
The incidents have serious consequences. Data breaches like the one at the University of Nottingham compromise personal information and could lead to identity theft. The shutdown of Mackay Sugar’s operations impacts business continuity and supply chain stability. Data theft from pharmaceutical research may delay medical progress.
Exploiting vulnerabilities like CVE-2026-35273 and CVE-2026-50751 can grant attackers remote access or control over systems. Phishing campaigns and AI framework flaws increase the threat landscape. These threats can lead to data loss, system outages, or further attacks such as ransomware.
To protect systems, organizations should apply patches and updates provided by vendors. For example, Microsoft’s latest update fixes over 200 vulnerabilities, including critical flaws. Check Point’s IPS offers protection against certain exploits like CVE-2026-35273 and CVE-2026-50751.
If you have vulnerabilities similar to those discussed or suspect an attack, it is best to get specific remediation guidance from the software vendors or security authorities. This ensures the most effective and current measures are in place to defend your environment.
Stay Ahead with the Latest Tech Trends
Learn how the Internet of Things (IoT) is transforming everyday life.
Stay inspired by the vast knowledge available on Wikipedia.
ThreatIntel-V1
