Weekly Exploit Roundup
Generated 2026-06-30T08:00:11.744223+00:00 (UTC)
- Oracle E-Business Suite Flaw CVE-2026-46817 Actively Exploited in the Wild
Source: The Hacker News | Published: 2026-06-30T05:04:06+00:00 | Score: 27.313A critical security flaw impacting Oracle E-Business Suite has come under active exploitation in the wild, according to Defused Cyber.
The vulnerability, tracked as CVE-2026-46817 (CVSS score: 9.8), refers to an improper privilege management and authentication flaw in Oracle Payments that could be abused to take over susceptible instances.
"Easily exploitable vulnerability allows
- Weekly Metasploit Update: Modules for Audiobookshelf, LiteLLM, Next.js, Dalfox and more
Source: Rapid7 Cybersecurity Blog | Published: 2026-06-26T19:32:52+00:00 | Score: 19.986Help shape the future of Metasploit Framework We are planning future work in relation to the evasion capabilities present in Metasploit Framework, and how they function/are presented to users. We are currently accepting responses to our feedback form, which means that you can shape the future of how evasive capabilities are implemented in Metasploit Framework. The proposal for the changes can be found here , and you can submit your responses to the form here . The form will stop accepting responses on the 1st of July, 2026. New module content and improvements have also been added this week. This includes a Next.js Middleware Authorization Bypass scanner, LiteLLM Proxy SQL Injection, an unauthenticated API authentication bypass scanner for Audiobookshelf, a deserialization RCE in Dalfox, and improvements to service and host reporting in bruteforce-related modules. New module content (4) Audiobookshelf Unauthenticated API Authentication Bypass Scanner Authors: Kenneth LaCroix and swiftbi
- Hackers now exploit critical Oracle E-Business flaw in attacks
Source: BleepingComputer | Published: 2026-06-29T13:46:17+00:00 | Score: 17.957Attackers have begun exploiting a critical vulnerability (CVE-2026-46817) in the Oracle E-Business Suite (EBS) financial application, according to threat intelligence company Defused. […]
- CISA Adds Exploited PTC Windchill RCE Flaw to KEV as Web Shell Attacks Continue
Source: The Hacker News | Published: 2026-06-26T12:31:56+00:00 | Score: 17.878The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a critical remote code execution vulnerability impacting PTC Windchill PDMlink and PTC FlexPLM enterprise Product Data Management (PDM) and Product Lifecycle Management (PLM) software to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.
The vulnerability in question is
- CISA Warns Critical Lantronix EDS5000 Flaw Is Being Actively Exploited
Source: The Hacker News | Published: 2026-06-24T17:19:18+00:00 | Score: 17.592The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday warned of active exploitation of a critical security flaw impacting Lantronix EDS5000 Series devices, urging Federal Civilian Executive Branch (FCEB) agencies to apply the fixes by June 26, 2026.
The vulnerability in question is CVE-2025-67038 (CVSS score: 9.8), a code injection flaw that could result in the execution
- CISA Adds One Known Exploited Vulnerability to Catalog
Source: Alerts | Published: 2026-06-29T12:00:00+00:00 | Score: 17.405CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog , based on evidence of active exploitation. CVE-2026-48558 SimpleHelp Authentication Bypass Vulnerability This type of vulnerability is a frequent attack vector for malicious cyber actors and poses significant risks to the federal enterprise. Binding Operational Directive (BOD) 26-04: Prioritizing Security Updates Based on Risk establishes vulnerability management requirements for Federal Civilian Executive Branch (FCEB) agencies. BOD 26-04 reinforces the importance of the KEV Catalog and requires federal agencies to prioritize rapid remediation of high-risk vulnerabilities, specifically those identified by Common Vulnerabilities and Exposures (CVEs) listed in CISA’s KEV Catalog on publicly exposed assets that grant total control of the asset post-exploitation, while deferring action for lower-risk vulnerabilities. BOD 26-04 further establishes basic expectations for when agencies must check wheth
- Nissan discloses employee data breach linked to Oracle zero-day attacks
Source: BleepingComputer | Published: 2026-06-29T20:40:44+00:00 | Score: 16.963Nissan is warning that it suffered a data breach affecting current and former employees after threat actors exploited an Oracle PeopleSoft vulnerability in data theft attacks previously linked to the ShinyHunters extortion group. […]
- NAIC says public data stolen in ShinyHunters' PeopleSoft breach
Source: BleepingComputer | Published: 2026-06-29T20:30:28+00:00 | Score: 16.958The National Association of Insurance Commissioners (NAIC) says the ShinyHunters extortion group stole only publicly available data, outdated logs, and configuration files after breaching its systems by exploiting a zero-day vulnerability in an Oracle PeopleSoft server. […]
- Critical SimpleHelp flaw exploited to deploy new stealer malware
Source: BleepingComputer | Published: 2026-06-29T14:00:00+00:00 | Score: 16.464Hackers are exploiting a recently disclosed critical vulnerability (CVE-2026-48558) in SimpleHelp to deploy Djinn Stealer, a previously undocumented cross-platform information stealer targeting Windows, macOS, and Linux. […]
- Cisco Catalyst SD-WAN Zero-Day CVE-2026-20245 Exploited to Gain Root Access
Source: The Hacker News | Published: 2026-06-25T05:46:54+00:00 | Score: 15.962An unknown threat actor exploited a recently disclosed high-severity security flaw impacting Cisco Catalyst SD-WAN as a zero-day at least two months before it was publicly disclosed, according to new findings from Google-owned Mandiant.
The vulnerability, tracked as CVE-2026-20245 (CVSS score: 7.8), allows an authenticated, local attacker to execute arbitrary commands with elevated privileges
End of report.
