Article Read Time

Top 5 Cyber Security News Stories
1. ShinyHunters Exploit Oracle PeopleSoft Flaw, Hit 100+ Organizations Including Nissan
The ShinyHunters group ran a sweeping campaign this week exploiting a vulnerability in Oracle PeopleSoft to break into HR and payroll systems at more than 100 organizations. Nissan was among the most prominent victims, with attackers exfiltrating sensitive employee data before the intrusions were detected. The campaign is a sharp reminder that enterprise resource-planning platforms, the systems holding an organization’s most sensitive workforce data, are now squarely in the crosshairs of financially motivated crews.
Source: eSecurity Planet URL: https://www.esecurityplanet.com/threats/ai-driven-threats-global-breaches-and-compliance-shifts-define-the-week-in-cybersecurity-for-july-2026/
2. Aflac Breach Exposes Personal and Bank Data of 4.38 Million Customers
Insurance giant Aflac disclosed a breach originating from its Japan subsidiary that exposed personal information and bank account details for roughly 4.38 million customers. The incident underscores a recurring theme in 2026: attackers increasingly reach large, well-defended organizations by targeting subsidiaries, third parties, and regional units where security maturity may lag behind that at headquarters. For a financial services firm, exposure of bank account data raises the stakes considerably for downstream fraud.
Source: SharkStriker / TechCrunch URL: https://techcrunch.com/2026/07/07/the-worst-hacks-and-breaches-of-2026-so-far/
3. SharePoint RCE (CVE-2026-45659) Added to CISA KEV After Active Exploitation
CISA added a high-severity flaw in Microsoft SharePoint Server, CVE-2026-45659, to its Known Exploited Vulnerabilities catalog after confirming active exploitation in the wild. The bug is a remote code execution vulnerability stemming from the deserialization of untrusted data, with a CVSS score of 8.8. Notably, Microsoft shipped a patch during the May cycle but did not publish the security bulletin until May 21, leaving defenders unaware of the risk for weeks while the fix sat quietly in place. Organizations running on-prem SharePoint should patch and hunt for compromise immediately.
Source: The Hacker News URL: https://thehackernews.com/2026/07/sharepoint-rce-cve-2026-45659-added-to.html
4. ESET Threat Report: AI Sharpens Attacker Efficiency, First GenAI-Powered Android Malware Surfaces
ESET’s latest threat report details how artificial intelligence is measurably accelerating the attacker’s playbook. Researchers analyzed nearly 900,000 “AI skills,” the small functional components used by AI agents, and flagged tens of thousands as suspicious and thousands as outright malicious. The report also names PromptSpy, the first known Android malware to weave generative AI directly into its execution flow, alongside a new AI-enhanced fraud platform, Kitana, built for real-time credential and payment theft. The through-line: time-to-exploit is shrinking from days to hours.
Source: ESET / GlobeNewswire URL: https://www.globenewswire.com/news-release/2026/07/08/3323874/0/en/ESET-Threat-Report-AI-boosts-cyber-attackers-efficiency.html
5. Citrix Discloses Six NetScaler Flaws; “CitrixBleed”-Style Bug Draws Active Scanning
Citrix disclosed six vulnerabilities across its NetScaler ADC and Gateway appliances, with CVE-2026-8451 (CVSS 8.8) drawing the most concern for its resemblance to the infamous CitrixBleed flaw. The vulnerability allows a remote attacker to trigger a memory overread, leaking sensitive data from devices configured as SAML identity providers. Exploit code was published quickly, and scanning activity was observed within 24 hours of disclosure, a familiar and dangerous pattern for internet-facing gateway appliances that sit at the front door of enterprise networks.
Source: eSecurity Planet URL: https://www.esecurityplanet.com/threats/ai-driven-threats-global-breaches-and-compliance-shifts-define-the-week-in-cybersecurity-for-july-2026/
