🔴 Breaking
CVE-2026-35273 Oracle PeopleSoft — ShinyHunters 14-day zero-day, 300 installations, 100+ orgs, 68% universities, 500K student records  •  Patch Tuesday RECORD: 200 CVEs, wormable CVSS 9.8, RoguePlanet drops unpatched  •  $1,000 AI agent finds 21 FFmpeg zero-days — one from 2003  •  FIFA World Cup fraud: 19,000 fake domains, banking malware, FBI warning  •  CVE-2026-0257 Palo Alto PAN-OS CISA KEV — deadline June 19  •  CISA Nx Console KEV — deadline June 10    CVE-2026-35273 Oracle PeopleSoft — ShinyHunters 14-day zero-day, 300 installations, 100+ orgs, 68% universities, 500K student records  •  Patch Tuesday RECORD: 200 CVEs, wormable CVSS 9.8, RoguePlanet drops unpatched  •  $1,000 AI agent finds 21 FFmpeg zero-days — one from 2003  •  FIFA World Cup fraud: 19,000 fake domains, banking malware, FBI warning  •  CVE-2026-0257 Palo Alto PAN-OS CISA KEV — deadline June 19  •  CISA Nx Console KEV — deadline June 10   
Threat Briefs
27
Active Threats
12
CISA KEV Listed
9
No Patch Yet
3
Latest

Threats & Attacks

ERP Security · CVSS 9.8 · Zero-Day
CVE-2026-35273: Oracle PeopleSoft Zero-Day — ShinyHunters, 14 Days, 300 Installations, Universities Hardest Hit

No credentials. No user interaction. ShinyHunters compromised ~300 PeopleSoft installations across 100+ organizations for 14 days before Oracle said a word. 68% universities. 500,000 student records from University of Nottingham. Data published before the advisory.

June 12, 2026
 Patch Tuesday · Record 200 CVEs
Microsoft June 2026 Patch Tuesday: Record 200 CVEs, Wormable CVSS 9.8 — RoguePlanet Drops Unpatched Hours Later

Largest Patch Tuesday in history. Wormable HTTP.sys CVSS 9.8. MiniPlasma patched. 83 RCE flaws. Then RoguePlanet — new unpatched Windows Defender SYSTEM zero-day with working public PoC. Secure Boot expires June 26.

June 10, 2026
 AI Security · Autonomous Discovery
$1,000 AI Agent Finds 21 Zero-Days in FFmpeg — Some Undetected for 23 Years, One RCE Primitive

Depthfirst’s autonomous agent scanned 1.5M lines of C. 21 confirmed zero-days each with reproducible PoC. One bug from 2003. FFmpeg is in your browser, streaming apps, and media pipeline. All fixed upstream — your embedded copies are not.

June 10, 2026
 Fraud & Social Engineering · FBI Warning
FIFA World Cup 2026: 19,000 Fake Domains, Banking Malware, $474M Fraud — What Every Fan Needs to Know

GHOST STADIUM phishing operation. Banking trojans in fake streaming apps. Rogue Wi-Fi at match venues. FBI, Group-IB, Kaspersky, Bitdefender all warning. Every attack vector explained.

June 8, 2026
 AI Security · CI/CD · Patched
Claude Code Prompt Injection: Hidden HTML Comment Stole CI/CD Secrets and Bypassed Claude’s Safety Filters

Microsoft documented how a hidden GitHub issue comment tricked Claude into reading /proc/self/environ and exfiltrating all CI/CD runner secrets. Patched in v2.1.128. The “Comment and Control” class affects all major AI agents.

June 8, 2026
 Network Infrastructure · No Patch
CVE-2026-20245: Cisco’s 7th SD-WAN Zero-Day — Unpatched Root Escalation, No Fix in Sight

Command injection in SD-WAN Manager CLI. Root via crafted file upload. No patch, no timeline. Chains after CVSS 10.0 auth bypass. Mandiant found it during active exploitation.

June 5, 2026
Analysis

Intelligence & Deep Dive

01
AI Risk
AI-Powered Cyberattacks: How Generative AI & Autonomous Threats Are Reshaping Enterprise Security
Feb 18, 2026  ·  Investigation
02
Supply Chain Risk
Third-Party & Supply-Chain Cyber Risk: The Enterprise Blind Spot Behind “Surprise” Breaches
Jan 7, 2026  ·  Intelligence
03
Application Security
ASPM Is the Cybersecurity Blind Spot Behind Today’s Biggest Enterprise Breaches
Jan 23, 2026  ·  Analysis
04
APT Strategy
From Perimeter Defense to Continuous Trust: Enterprise Strategies for Managing APT Risk
Feb 25, 2026  ·  Deep Dive
More

Further Coverage

Network Security · CISA KEV
CVE-2026-0257: Palo Alto PAN-OS Auth Bypass — Forged Cookies, No Password, Two Attack Waves

Unauthenticated attackers forge GlobalProtect cookies, bypass MFA, establish VPN sessions. CVSS 9.1. Rapid7 confirmed exploitation. Federal deadline June 19.

June 2, 2026
 🚨 CISA Advisory
CISA: Nx Console / GitHub Supply Chain — Megalodon Confirmed, Two CVEs on KEV

Nx Console breach + Megalodon GitHub Actions campaign. TeamPCP open-sourced its framework. Copycat groups active. Full forensic checklist inside.

May 29, 2026
 Intelligence Report
Verizon DBIR 2026: Exploitation Is the #1 Breach Vector — Only 26% of CISA KEV Flaws Were Patched

22,052 incidents. Ransomware in 44%. Supply chain attacks doubled. Median exploit timeline 5 days vs 43-day patch time.

May 26, 2026
 Endpoint Security · CISA KEV
CVE-2026-34926: Trend Micro Apex One Zero-Day — Attackers Push Malware to Every Endpoint

Also discovered during active exploitation — the security tool becomes the attack vector. CISA KEV. June 4 deadline.

May 26, 2026
 Network Infrastructure · CISA ED
CVE-2026-20182: CVSS 10.0 Cisco SD-WAN Auth Bypass — 11 Threat Clusters Inside Enterprise Networks

Four DTLS packets. No credentials. Full admin. Nation-state-linked UAT-8616. CISA Emergency Directive 26-03.

May 16, 2026
 AI Policy & Security
White House AI EO: Classified Benchmark, 30-Day Pre-Release Window — AI Is Now a Formal Cyber Weapon

NSA and CISA have 60 days to build a classified AI cyber benchmark. Triggered by Anthropic Mythos autonomous vulnerability discovery. DOJ to prioritize AI-enabled attack prosecution.

June 4, 2026

The DataWater Intelligence Brief

Weekly CISO-level threat analysis — breaking vulnerabilities, technical depth, zero noise. Trusted by enterprise and government security leaders.