Enterprise Security

Vulnerabilities and Exploits

Oracle PeopleSoft Zero-Day Vulnerability Exploitation (CVE-2026-35273)

by
Oracle PeopleSoft Zero-Day Vulnerability Exploitation (CVE-2026-35273)

Introduction Enterprise Resource Planning (ERP) systems store an organization’s most sensitive financial, operational, and personal data, making them prime targets for sophisticated cyber threat actors looking to maximize their leverage. On June 10, 2026, Oracle released an urgent, out-of-band security alert addressing CVE-2026-35273—a critical remote code execution (RCE) vulnerability actively exploited as a zero-day within the Oracle PeopleSoft PeopleTools component. Attributed to the advanced persistent threat group UNC6240 (which has

Continue Reading →
Vulnerabilities and Exploits

CVE-2026-20230: Unauthenticated Critical SSRF and Root Privilege Escalation on Cisco

by

Introduction Enterprise voice and video communication infrastructures rely heavily on Cisco Unified Communications Manager (Unified CM / CUCM) as a core asset within modern corporate network architectures. Because these unified communications platforms handle sensitive proprietary data, orchestrate internal routing, and connect disparate branch offices, they represent highly attractive targets for sophisticated threat actors looking to establish a persistent foothold. Disclosed by Cisco PSIRT in

Continue Reading →
Active Directory Security / Red Team

What is Active Directory Security: A Comprehensive Guide

by
What is active directory security

Introduction Active Directory (AD) is a directory service developed by Microsoft for Windows environments, playing a crucial role in managing users, computers, and network resources. Since its launch with Windows 2000, AD has become essential for organizations of all sizes, providing functionalities such as authentication, authorization, and centralized management of access and policies. One of the key benefits of Active Directory is its ability to streamline

Continue Reading →