Skip to content
RiverCore
pragma blog/security >=6.0.0;

Cybersecurity

// News, case studies and technical insights
PeopleSoft 0-Day Bleeds Universities as ShinyHunters Cashes In
PeopleSoft zero-dayShinyHuntersCVE-2026-35273

PeopleSoft 0-Day Bleeds Universities as ShinyHunters Cashes In

A 9.8-severity SSRF in Oracle PeopleSoft handed ShinyHunters two weeks of unmonitored access, 300 endpoints, and a 48GB haul from a single victim. Universities took the worst of it.

13 Jun 20266 min
Read article
// LATEST ARTICLES
SoFi Confirms Hong Kong Breach via Third-Party Vendor
SoFi Hong Kong breachdata breach

SoFi Confirms Hong Kong Breach via Third-Party Vendor

SoFi Hong Kong discovered a third-party vendor breach on April 30, 2026. The vendor stays anonymous, the scope is unknown, and customers are left refreshing their inboxes.

PAN-OS CVE-2026-0257 Exploited: GlobalProtect VPN Bypass Hits Wild
PAN-OS CVE-2026-0257GlobalProtect VPN

PAN-OS CVE-2026-0257 Exploited: GlobalProtect VPN Bypass Hits Wild

A medium-severity PAN-OS bug is now CISA KEV-listed, actively exploited, and has a public PoC. The unit economics of patch delay just got ugly.

Gitea Registry Bug Leaks Private Images for Four Years
Gitea auth bypassCVE-2026-27771

Gitea Registry Bug Leaks Private Images for Four Years

A four-year-old auth bypass in Gitea's container registry lets anyone pull private images from 31,750 exposed instances. Patch is in 1.26.2. Move now.

77% Updated Cloud Security for AI, Only 26% Can Enforce It
cloud security AIAI enforcement

77% Updated Cloud Security for AI, Only 26% Can Enforce It

Check Point's 2026 report shows a 51-point gap between organizations that updated cloud security for AI (77%) and those whose architecture can actually enforce it (26%).

Zero-Day Clock Says Exploit Window Is Now 24 Hours
zero-day exploitpatch window

Zero-Day Clock Says Exploit Window Is Now 24 Hours

The Zero-Day Clock pegs mean time from disclosure to exploitation at just over a day, down from a year in 2021. The 90-day patch cycle is dead.

KnowledgeDeliver Zero-Day Exposes 100% Shared-Key LMS Footprint
KnowledgeDeliver zero-dayCVE-2026-5426

KnowledgeDeliver Zero-Day Exposes 100% Shared-Key LMS Footprint

Every KnowledgeDeliver deployment shipped before Feb 24, 2026 carried the same hardcoded ASP.NET machineKey. One leaked secret, one ViewState payload, full RCE. Here's what that means.

Showing 22–28 of 52 articles
12345...8
HomeSolutionsWorkAboutContact
News06
Dublin, Ireland · EUGMT+1
LinkedIn
🇬🇧EN