All posts tagged: exploited

Oracle Warns PeopleSoft Customers After Critical Zero-Day Exploited

Oracle Warns PeopleSoft Customers After Critical Zero-Day Exploited

Published by Webster

A critical Oracle PeopleSoft flaw is already being exploited, putting more than 100 organizations on alert. Oracle issued an emergency advisory for CVE-2026-35273, a vulnerability affecting PeopleSoft versions 8.61 and 8.62 that can allow unauthenticated remote code execution. Google Threat Intelligence Group and Mandiant researchers said the campaign targeted internet-exposed systems used by universities, businesses, and other large institutions. The suspected link to ShinyHunters raises the stakes. For organizations running PeopleSoft, this is not just a patching issue. It is an incident-response clock already ticking. Breakdown of the vulnerability Researchers from both the Google Threat Intelligence Group and Mandiant say the campaign was observed between May 27 and June 9. Because this vulnerability was actively exploited for days before it was discovered, it is regarded as a zero-day vulnerability. The campaign targeted Oracle PeopleSoft, an enterprise resource planning (ERP) tool used by organizations to manage activities such as payroll and HR. Attackers exploited the vulnerability on versions 8.61 and 8.62 of the Oracle PeopleSoft tool. According to Oracle, successfully exploiting this vulnerability can lead to remote code …

CISA Flags 2-Year-Old Oracle WebLogic Vulnerability as Actively Exploited

CISA Flags 2-Year-Old Oracle WebLogic Vulnerability as Actively Exploited

Published by Webster

A patch that should have retired an Oracle WebLogic vulnerability two years ago is now the reason CISA is sounding an emergency alarm. After confirming active exploitation of a previously patched vulnerability, CVE-2024-21182, the Cybersecurity and Infrastructure Security Agency (CISA) has added it to its Known Exploited Vulnerabilities (KEV) catalog. By making this designation, CISA has signaled that the vulnerability has moved from a potential risk to an active threat requiring immediate attention. According to Oracle, the vulnerability affects Oracle WebLogic servers running on two specific versions and allows any unauthenticated attacker to gain remote access through exposed T3 and IIOP protocols. Upon successfully exploiting this vulnerability, attackers can gain full access to all data accessible through the server. Although Oracle issued a patch for it in July 2024, several systems remain unpatched, creating an entry point for the recently observed exploitation of this flaw. CISA’s KEV listing places it among high-priority threats with urgent remediation requirements for all federal agencies, and as a broader call for the private sector to patch their vulnerable, unpatched servers. Unpacking the WebLogic …

‘Mehmood made and ruined my career’: Why Aruna Irani believes she was ‘openly exploited’ by the star, never honoured promise to marry her | Bollywood News

‘Mehmood made and ruined my career’: Why Aruna Irani believes she was ‘openly exploited’ by the star, never honoured promise to marry her | Bollywood News

Published by Parlour News

Veteran actor Aruna Irani has opened up about her past relationship with late actor-comedian Mehmood, which began at a time when he was already married. In a recent interaction, Aruna Irani opened up on how the relationship took shape, how it eventually ended, and also spoke about the exploitation she faced while working in the Hindi film industry in her early years. In a conversation with Zoom, the actor spoke about her initial struggles and challenges. “There were difficulties at every step. Even stepping out to look for work was a challenge. In those days, especially in the film industry, people were ready to exploit you – you just had to be prepared for it,” she said. She revealed that she adopted a strategy to avoid being exploited. “I used to pretend that I was very innocent, as if I didn’t understand anything. The person in front of me couldn’t figure out whether I was foolish or what,” she recalled. Aruna explained how she would politely refuse social invitations. “If someone asked me out for …

Abhijeet Sawant claims singers are exploited amid Arijit Singh`s retirement

Abhijeet Sawant claims singers are exploited amid Arijit Singh`s retirement

Published by Webster

Arijit Singh on 27th January announced his decision to retire from playback singing. His decision has sent shockwaves across the film and music industry, with composers, filmmakers, and fans expressing disbelief. Amid this, Abhijeet Sawant has opened up about the harsh realities of the Indian music industry, highlighting how playback singers are often underpaid and exploited. Abhijeet Sawant on exploitation in music industry Appearing on Pentarise Studios’ YouTube channel, Abhijeet addressed, “People don’t want the singers to become bigger than the film itself. That’s why they are paid a certain amount. Musicians still don’t receive royalties for film music. So Biddu, who worked on Lafzon Mein, also did a couple of songs in the West, and he gets so much royalty payment from those two songs that he can survive his whole life on that money. We don’t even get enough money to sustain our livelihood.” The Indian Idol contestant also candidly spoke about how singers often compromise for fame, revealing the exploitation prevalent in the music industry. “They have created a system like that. …

Amid Arijit Singh’s retirement, singer Abhijeet Sawant makes EXPLOSIVE allegations about Bollywood: ‘We get exploited…’

Amid Arijit Singh’s retirement, singer Abhijeet Sawant makes EXPLOSIVE allegations about Bollywood: ‘We get exploited…’

Published by Parlour News

Amid Arijit Singh’s retirement, singer Abhijeet Sawant makes EXPLOSIVE allegations about Bollywood: ‘We get exploited…’ Home News and Gossip Amid Arijit Singh’s retirement, singer Abhijeet Sawant makes EXPLOSIVE allegations about Bollywood… Arijit Singh has been mesmerizing the whole country with his voice, but he has decided to stay away from film singing. Now, Abhijeet Sawant makes shocking claims about Bollywood. For the last 15 years, Arijit Singh has been mesmerizing the whole country with his voice. His emotional and heart-touching singing has made a special place in the hearts of people of all ages. But now Arijit has decided to stay away from film singing. His retirement note seems very emotional. With this, the discussion has once again started on the condition of singers in Bollywood and the treatment given to them. Abhijeet Sawant’s explosive statement about Bollywood Abhijeet Sawant, the first winner of Indian Idol, has said many shocking things on this issue. During a conversation on a …

Aishwarya Rajesh recalls how she was almost exploited by photographer when young: ‘Wear lingerie, want to see your body’

Aishwarya Rajesh recalls how she was almost exploited by photographer when young: ‘Wear lingerie, want to see your body’

Published by Parlour News

Actor Aishwarya Rajesh recalled a harrowing experience she had with a photographer before she became a known face in the Telugu and Tamil film industries. On a podcast with Nikhil Vijayendra Simha, the actor spoke of when she was almost exploited and asked to wear lingerie during a photoshoot despite her young age. Aishwarya Rajesh said that she was so young when it happened that it left her confused. Aishwarya Rajesh recalls almost being exploited by photographer Aishwarya said that this was from a time when she was ‘very young’ and before she had ventured into films. “I was called for a photoshoot, and I went with my brother. I will never forget this incident. He asked my brother to sit outside. Then, he gave me sexy lingerie and said, wear this, I want to see your body. I was so young it confused me,” said the actor. She admitted that when the photographer and a few others present there tried to convince me, the actor almost thought this was something she needed to do. …

96% of Phishing Attacks in 2024 Exploited Trusted Domains

96% of Phishing Attacks in 2024 Exploited Trusted Domains

Published by Webster

Threat actors are increasingly targeting trusted business platforms such as Dropbox, SharePoint, and QuickBooks in their phishing email campaigns and leveraging legitimate domains to bypass security measures, a new report released today has found. By embedding sender addresses or payload links within legitimate domains, attackers evade traditional detection methods and deceive unsuspecting users. According to Darktrace’s Annual Threat Report 2024, the authors detected more than 30.4 million phishing emails, reinforcing phishing as the preferred attack technique. Legitimate enterprise services hijacked for most phishing campaigns in 2024 Darktrace noted cybercriminals are exploiting third-party enterprise services, including Zoom Docs, HelloSign, Adobe, and Microsoft SharePoint. In 2024, 96% of phishing emails utilised existing domains rather than registering new ones, making them hard to detect. Attackers were observed using redirects via legitimate services, such as Google, to deliver malicious payloads. In the case of the Dropbox attack, the email contained a link leading to a Dropbox-hosted PDF with an embedded malicious URL. SEE: How business email compromise attacks emulate legitimate web services to lure clicks Alternatively, threat actors abused hijacked …

Patch Tuesday: Microsoft Patches Two Actively Exploited Zero-Day Flaws

Patch Tuesday: Microsoft Patches Two Actively Exploited Zero-Day Flaws

Published by Webster

The monthly report is relatively lightweight, with some mobile updates or fixes that have already been performed server-side and shouldn’t be a concern to admins, said Tyler Reguly, associate director of security R&D at global cybersecurity software and services provider Fortra. Another vulnerability impacts only Microsoft Surface hardware. February update patches two exploited vulnerabilities The two exploited vulnerabilities are: CVE-2025-21391, a Windows storage flaw that could let a threat actor delete files. CVE-2025-21418, an opening for privilege escalation beginning in Windows Ancillary Function Driver for WinSock. “While both vulnerabilities are rated Important by Microsoft and have CVSS scores in the 7.x range, I would treat the Windows AFD for WinSock vulnerability as critical when it comes to patching, given that it has seen active exploitation,” Reguly said in an email to TechRepublic. Vulnerabilities have been found in the Windows Ancillary Function Driver for WinSock nine times since 2022, including instances attributed to a North Korea-sponsored advanced persistent threat group, Tenable senior staff research engineer Satnam Narang pointed out in a comment to KrebsonSecurity. “The root …

Microsoft’s January 2025 Security Update Patches Exploited Elevation of Privilege Attacks

Microsoft’s January 2025 Security Update Patches Exploited Elevation of Privilege Attacks

Published by Webster

Microsoft’s latest batch of security patches includes an expanded blacklist for certain Windows Kernel Vulnerable Drivers and fixes for several elevations of privilege vulnerabilities. The January 2025 Security Update addressed 159 vulnerabilities. Security patches should be applied to keep software up-to-date. However, early versions of patches may be unreliable and should be cautiously approached and deployed in test environments first. Microsoft updates the Vulnerable Driver Blacklist The January 2025 security update for Windows 11, version 24H2 expands the list of vulnerable drivers that could be used in Bring Your Own Vulnerable Driver attacks. BYOVD Vulnerabilities in kernel drivers could allow threat actors to sneak malware into the kernel. “The vulnerable driver blocklist is designed to help harden systems against non-Microsoft-developed drivers across the Windows ecosystem,” according to Microsoft’s recommended driver block rules. Vulnerability in Windows Hyper-V NT Kernel Integration VSP issue patched Microsoft released patches for three Windows Hyper-V NT Kernel Integration VSP Elevation of Privilege Vulnerabilities that have already been exploited: CVE-2025-21333, CVE-2025-21334, and CVE-2025-21335. Successfully exploiting any of them could have granted an …

Rahul Gandhi exploited Manmohan Singh’s death for his expedient politics: BJP

Rahul Gandhi exploited Manmohan Singh’s death for his expedient politics: BJP

Published by Parlour News

Rahul Gandhi. File | Photo Credit: Reuters Launching a scathing attack on the Congress, the Bharatiya Janata Party (BJP) on Monday (December 30, 2024) alleged that Rahul Gandhi “exploited” former Prime Minister Dr. Manmohan Singh’s death for his “expedient politics” and flew to Vietnam to ring in the New Year while the country is mourning his demise. The Congress hit back and asked when will the “Sanghis stop this ‘take diversion’ politics”. “While the country is mourning [former] Prime Minister Dr. Manmohan Singh’s demise, Rahul Gandhi has flown to Vietnam to ring in the new year,” BJP’s IT cell head Amit Malviya said in a post on X. “Mr. Gandhi politicised and exploited Dr. Singh’s death for his expedient politics but his contempt for him is unmissable,” he charged. “The Gandhis and the Congress hate Sikhs. Never forget that Indira Gandhi desecrated the Darbar Sahib,” Mr. Malviya added. Reacting sharply, Congress leader Manickam Tagore wrote in a post on X, “When will the Sanghis stop this ‘take diversion’ politics?” He alleged that the way Prime …