Active Exploitation of Oracle PeopleSoft Zero-Day (CVE-2026-35273)

Overview On June 10, 2026, Oracle published a security alert for CVE-2026-35273, a critical vulnerability in the Updates Environment Management component of PeopleSoft Enterprise PeopleTools. Oracle released an out-of-band patch the same day as the advisory, underscoring the urgency of remediatio...

PT-2026-49070

🔴 ShinyHunters exploits Oracle PeopleSoft 0-day CVSS 9.8 targeting 100+ organizations Ransomware group ShinyHunters exploited CVE-2025-35273, a critical server-side request forgery vulnerability in Oracle PeopleSoft, for more than two weeks before Oracle disclosed it. The group targeted roughly 3...

Russia-Linked Hackers Use Microsoft 365 Device Code Phishing for Account Takeovers

A suspected Russia-aligned group has been attributed to a phishing campaign that employs device code authentication workflows to steal victims' Microsoft 365 credentials and conduct account takeover attacks. The activity, ongoing since September 2025, is being tracked by Proofpoint under the...

Investigating targeted “payroll pirate” attacks affecting US universities

Microsoft Threat Intelligence has observed a financially motivated threat actor that we track as Storm-2657 compromising employee accounts to gain unauthorized access to employee profiles and divert salary payments to attacker-controlled accounts. These types of attacks have been dubbed “payroll...

FBI Warns FSB-Linked Hackers Exploiting Unpatched Cisco Devices for Cyber Espionage

A Russian state-sponsored cyber espionage group known as Static Tundra has been observed actively exploiting a seven-year-old security flaw in Cisco IOS and Cisco IOS XE software as a means to establish persistent access to target networks. Cisco Talos, which disclosed details of the activity, sa...

Russian state-sponsored espionage group Static Tundra compromises unpatched end-of-life network devices

Static Tundra is a Russian state-sponsored cyber espionage group linked to the FSB's Center 16 unit that has been operating for over a decade, specializing in compromising network devices for long-term intelligence gathering operations. The group actively exploits a seven-year-old vulnerability...

The vulnerability of the student lifecycle management system in higher education institutions, SAP Student Life Cycle Management (SLcM), is related to deficiencies in the authentication process, which allow unauthorized users to elevate their privileges.

The vulnerability of the student lifecycle management system in higher education institutions, SAP Student Life Cycle Management SLcM, is related to deficiencies in the authentication process. Exploiting this vulnerability could allow a malicious actor to enhance their privileges remotely...

2024 State of Malware in Education report: Top 6 cyberthreats facing K-12 and Higher Ed

Educational institutions may face a range of cyberthreats in 2024, but our 2024 State of Malware in Education report identifies the six most critical ones. Ransomware, for example, stands out as a key threat for schools and universities. The report covers how last year, we witnessed a 92% increas...

"Mysterious Team Bangladesh" Targeting India with DDoS Attacks and Data Breaches

A hacktivist group known as Mysterious Team Bangladesh has been linked to over 750 distributed denial-of-service DDoS attacks and 78 website defacements since June 2022. "The group most frequently attacks logistics, government, and financial sector organizations in India and Israel,"...

Terminalfour Information Disclosure Vulnerability

Terminalfour is a digital marketing and web content management platform for higher education from Terminalfour, Inc. Terminalfour suffers from an information disclosure vulnerability that stems from insufficient protection of sensitive information when debug logging is enabled. An attacker could...

Disrupting SEABORGIUM’s ongoing phishing operations

The Microsoft Threat Intelligence Center MSTIC has observed and taken actions to disrupt campaigns launched by SEABORGIUM, an actor Microsoft has tracked since 2017. SEABORGIUM is a threat actor that originates from Russia, with objectives and victimology that align closely with Russian state...

Disrupting SEABORGIUM’s ongoing phishing operations

The Microsoft Threat Intelligence Center MSTIC has observed and taken actions to disrupt campaigns launched by SEABORGIUM, an actor Microsoft has tracked since 2017. SEABORGIUM is a threat actor that originates from Russia, with objectives and victimology that align closely with Russian state...

Terminalfour Cross-Site Scripting Vulnerability

Terminalfour is a digital marketing and web content management platform for higher education from Terminalfour, Inc. A cross-site scripting vulnerability exists in versions prior to Terminalfour 8.3.8, which could be exploited by attackers to execute JavaScript code...

College closes down after ransomware attack

Lincoln College, one of the few rural schools in Illinois, said that it will permanently close on Friday, May 13, after 157 years, partly due to the impacts of the COVID-19 pandemic and partly due to a long recovery after a ransomware attack in December 2021. The institution notified the Illinois...

Defenders wanted—building the new cybersecurity professionals

As part of Cybersecurity Awareness Month, we published a special blog post earlier this week featuring real-world experiences shared by cybersecurity professionals: people with diverse backgrounds in law, academia, software development, and other seemingly unrelated fields. This topic is near and...

SQL Injection Vulnerability in Higher Education Online Learning and Information Service Platform of Huaxia Earth Education Network

Ltd. is a large-scale enterprise focusing on distance learning content provision and learning support services. A SQL injection vulnerability exists in the Huaxia Dadi Education Network's higher education e-learning and information service platform, which can be exploited by an attacker to obtain...

Microsoft Kills 18 Azure Accounts Tied to Nation-State Attacks

Microsoft has suspended 18 Azure Active Directory applications that were being leveraged for command-and-control C2 infrastructure by what it says is a Chinese nation-state actor. While Microsoft services like Azure Active Directory AD – its cloud-based identity and access management service – ar...

Microsoft Security—detecting empires in the cloud

Microsoft consistently tracks the most advanced threat actors and evolving attack techniques. We use these findings to harden our products and platform and share them with the security community to help defenders everywhere better protect the planet. Recently, the Microsoft Threat Intelligence...

SQL Injection Vulnerability in Digital Learning Resource Platform of Higher Education Publishing House

Digital Learning Resource Platform is a digital product of Higher Education Press, a practical, effective and scalable CMS system. SQL injection vulnerability exists in the Digital Learning Resource Platform of Higher Education Publishing House, which can be exploited by an attacker to obtain...

DMARC Adoption Spikes, Higher Ed Remains Behind

Adoption of the email security protocol DMARC has continued to tick upwards, with the number of domains deploying DMARC records surpassing 1 million in the last two years — a 2.5 times greater total than in 2018. That’s according to Valimail’s Email Fraud Landscape 2020 report, which also found...