Critical vulnerabilities in Oracle PeopleSoft and Ivanti Sentry are under active exploitation, while new BitLocker and AI agent attacks expand the threat surface. CISA has tightened federal patching timelines to 3 days for exploited flaws, and ransomware groups are evolving toward worm-like propagation and AI-enhanced tactics.

Oracle PeopleSoft Zero-Day (CVE-2026-35273) Actively Exploited in ShinyHunter Attacks — A critical unauthenticated remote code execution vulnerability in Oracle PeopleSoft Suite is being actively exploited by the ShinyHunter group for data theft. Oracle has released mitigations but patches remain pending. Read more →
Ivanti Sentry Maximum-Severity Flaw (CVE-2026-10520) Exploited Within 24 Hours of Disclosure — Attackers are exploiting a max-severity OS command injection vulnerability in Ivanti Sentry to execute code with root privileges on Internet-exposed secure mobile gateways, with evidence suggesting pre-mapped reconnaissance. Read more →
GreatXML Zero-Day Bypasses Windows BitLocker via Recovery Partition — A new exploit discovered by researcher Chaotic Eclipse allows attackers to bypass BitLocker by abusing Microsoft Defender's offline scan functionality to spawn a SYSTEM shell during recovery mode. Read more →
OpenClaw AI Agent Tricked Into Executing Code and Leaking Secrets — Security researchers from Imperva and Varonis demonstrated that the popular self-hosted OpenClaw AI agent can be manipulated through hidden instructions in vCards and contact data to execute arbitrary code or exfiltrate sensitive information. Read more →
CISA Adds Ivanti Sentry to KEV Catalog; Issues BOD 26-04 Requiring 3-Day Patch Timeline — CISA has added CVE-2026-10520 (Ivanti Sentry) to its Known Exploited Vulnerabilities catalog and issued Binding Operational Directive 26-04, mandating federal agencies patch actively exploited critical flaws within 3 days. Read more →
The Gentlemen Ransomware Claims 478 Victims, Spreads Like a Worm — Analysis reveals The Gentlemen group operates as a financially motivated RaaS affiliate leveraging LockBit, Qilin, and Medusa infrastructure, with worm-like propagation capabilities and aggressive recruitment offering 90% ransom splits. Read more →
Langflow Path Traversal (CVE-2026-5027) Actively Exploited to Write Arbitrary Files — Attackers are actively exploiting a high-severity path traversal vulnerability in the AI development platform Langflow to write arbitrary files on exposed servers. Read more →
Phishing Attack Volume Down 20%, But Risk Rising as Attackers Leverage AI for Quality Over Quantity — While phishing volumes have declined, threat actors are using AI to craft more sophisticated, targeted attacks, shifting from mass campaigns to precision exploitation. Read more →