Tagged #lorem-ipsum

• June 18, 2026

  ShinyHunters Burns a PeopleSoft Zero-Day Through Higher Ed as Copilot "SearchLeak" Shows AI Is the New Exfil Channel

  A critical vulnerability blitz dominates this digest: Oracle PeopleSoft CVE-2026-35273, Splunk CVE-2026-20253, and an unpatched Microsoft Defender RoguePlanet zero-day are actively exploited, with ShinyHunters and other threat actors targeting higher education and enterprise networks. The AI/security layer has emerged as a major attack surface, exemplified by Microsoft 365 Copilot SearchLeak (one-click data exfiltration), Google Vertex AI cross-tenant RCE, and the Novo Nordisk breach that exposed proprietary AI model checkpoints and training infrastructure as ransomware extortion payload—underscoring that AI IP is now a strategic target.

• June 17, 2026

  Microsoft 365 Copilot 'SearchLeak' Enables One-Click Data Theft as Novo Nordisk Loses Internal AI Models to Extortionists

  A critical day for AI and enterprise security: Microsoft 365 Copilot was patched for the "SearchLeak" one-click exfiltration vulnerability (CVE-2026-42824), while Novo Nordisk confirmed a breach exposing trained AI models and proprietary training data to extortionists. Multiple actively-exploited flaws emerged in Fortinet FortiSandbox, Joomla JCE, Cisco Catalyst SD-WAN Manager, LiteSpeed cPanel, and Palo Alto GlobalProtect, alongside supply-chain compromises affecting Arch Linux AUR, JetBrains Marketplace, and npm packages. Major APTs including UNC6508, SprySOCKS (FishMonger), ScarCruft, and SideCopy expanded targeting of medical research, defense, and developer communities.