Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Latest News

Cyber Security: Six Cyber Threats to Look Out for in 2026

With industries being digitized, cybercrime is also advancing. This year, besides being opportunistic, threats have also become highly targe...

All the recent news you need to know
Unauthenticated Access
API Security Flaw Bug Bounty Disclosure Cloud Security Cyber Security Data Exposure ServiceNow Incident ServiceNow Security Update ServiceNow Vulnerability Unauthenticated Access

ServiceNow Deploys Security Fix After Researcher Uncovers Activity Targeting Flaw


 

Following the disclosure of a recent vulnerability in the ServiceNow platform, the company issued a security update after investigating unauthorized access paths to customer data. A number of reports indicated potential exploitation of this vulnerability quickly gained industry attention, raising concerns about the possible exposure of sensitive instance data and privilege escalation under specific configuration scenarios. 

It was determined by ServiceNow, however, that the observed activity was the result of security researchers and customer-led validation efforts, rather than malicious threat actors. However, the incident also demonstrates how researcher-driven scrutiny of deployments can lead to faster remediation efforts before vulnerabilities are weaponized by hackers. 

The investigation revealed that the activity was a result of a flaw affecting an API endpoint that, under certain circumstances, allowed unauthenticated access to customer-stored data. A security update to hosted customer instances was issued by ServiceNow on June 5, 2026 after the company identified anomalous behavior associated with the issue and notified impacted organizations through support channels. 

Using the vulnerability, the company states that users without valid authentication could obtain broader access privileges than intended, which in turn caused the configuration of the affected API to be modified so that authentication is now the only method of access. 

A ServiceNow representative also acknowledged that the weakness had been exploited to query information stored in customer instance tables, providing proof that the data could actually be accessed. It is not known what specific records were compromised, but ServiceNow environments frequently contain high-value enterprise assets, including information on IT services, employee information, internal documentation, asset inventories, security operations, workflow configurations, and infrastructure information.

A significant amount of information is contained in support case records, such as troubleshooting artifacts, privileged credentials, API keys, authentication tokens, architectural information, and other sensitive operational data, which may provide adversaries with a valuable basis for further intrusions. 

Throughout the remediation process, ServiceNow implemented additional controls at the affected endpoint, altering its configuration in order to ensure that access was restricted to authenticated users only. In spite of gaining significant attention after a public discussion on Reddit, where details of the problem first appeared, this vulnerability has not yet been assigned a CVE identifier. 

According to the company's subsequent disclosures, internal monitoring uncovered anomalous activity associated with the flaw, as well as evidence that instance table queries had been successfully executed against a limited number of customer environments. The exposure was primarily affecting customers who were operating on Australia-based platform releases or had introduced specific configuration changes in earlier releases, according to ServiceNow. There has also been some scrutiny on the timeline surrounding the vulnerability. 

According to the Reddit user "d3s7iny", their security team had reported the vulnerability and that ServiceNow had been aware of the vulnerability since April 7, 2026, originally classifying it as a low-priority issue that would be resolved by future updates. 

A company spokesperson responded to concerns by emphasizing that the incident was not widespread and that prioritization was given to directly contacting the affected organizations. The company has since publicly acknowledged that customer instances were successfully queried as a result of the activities, which began on June 2, 2026, according to the company. 

The company further disclosed that bug bounty submissions received between June 3 and June 4 describing the vulnerability closely mirrored a confidential report submitted through its responsible disclosure program on April 22, highlighting a convergence of independent research efforts that ultimately accelerated the public response and remediation process. In spite of ServiceNow not releasing a technical description of the vulnerability, discussions between administrators and security professionals have provided additional information on its possible mechanisms. 

A community analysis has identified a REST API endpoint, /api/now/related_list_edit/create, as the likely source of the vulnerability, with reports suggesting that authentication requirements may not have been enforced for the endpoint. Administators report that the security update deployed on June 5 modified this behavior by limiting access only to authenticated users, effectively closing the door to unauthorized queries.

Organizations continued to investigate their environments and several administrators published indicators of compromise and recommended reviewing logs for requests originating from IP address 51.159.98.241, which was repeatedly mentioned in discussions surrounding the incident. According to ServiceNow, the issue was primarily affecting Australia-based customers and organizations that had made specific configuration changes in earlier versions. 

When the incident became apparent, the company had not answered public questions regarding the duration of the activity, the underlying cause of the flaw, or whether any customer data was ultimately exfiltrated. Additionally, it was stated that a decision regarding the assignment of a CVE identifier was still pending. 

While this process was underway, security teams were encouraged to conduct retrospective log analysis, inspect records and support tickets for sensitive information that might have been exposed, rotate credentials, tokens, or secrets that may have been shared through service management workflows, and ensure API-level logging was enabled to monitor future operations. 

Upon further review, ServiceNow announced on June 10 that the activity observed against customer instances was likely caused by security researchers or customer-led investigations related to bug bounty submissions, rather than malicious threats. Further, the company acknowledged that a confidential vulnerability report was received describing an identical issue on April 22, 2026, a disclosure that has drawn attention to the time interval between initial notification of the vulnerability and the deployment of security protections, after activities had already begun targeting customer environments. 

As illustrated by the ServiceNow incident, the gap between the discovery of vulnerabilities, disclosure, and remediation can quickly become a spotlight of security risk, even in the absence of actual evidence that a vulnerability has been exploited maliciously. There is more to this case than just technical details of a single flaw. 

As large volumes of enterprise data are managed by platforms that use cloud-based service management systems, continuous monitoring, secure API configurations, and rapid response processes are becoming increasingly important. Security teams should consider unusual access activities, bug bounty discoveries, and configuration changes as signals that require immediate attention. 

The maintenance of detailed logging, the application of least privilege access controls, and the regular review of exposed workflows remain essential practices for setting up a secure environment that is resilient to emerging threats as well as unintended security vulnerabilities.
Read more »
technology
AI AI Systems Nvidia software spacex supply chain technology

Nvidia Introduces AI-Focused PC Chip as Industry Pushes Toward Local AI Processing

 Nvidia has announced a new processor designed to run artificial intelligence applications directly on personal computers, signaling the company's latest effort to expand beyond the data center market and into everyday computing devices.

The announcement was made by Nvidia Chief Executive Officer Jensen Huang during a keynote presentation in Taipei ahead of Computex, one of the world's largest technology trade shows. The new chip, called RTX Spark, was developed as part of a long-running collaboration between Nvidia and Microsoft aimed at adapting personal computers for increasingly complex AI workloads.

Unlike many current AI services that rely on cloud infrastructure to process requests, the RTX Spark platform is designed to execute AI tasks locally on laptops and desktop systems. This allows certain AI functions to operate directly on the device rather than sending data to remote servers for processing. Industry observers believe this approach could improve response times, reduce dependence on internet connectivity, and give users greater control over sensitive information.

Nvidia said the processor was developed in partnership with Taiwanese semiconductor company MediaTek. Systems powered by the chip are expected to become available later this year through several major computer manufacturers, including Dell, HP, Lenovo, ASUS, MSI, and Microsoft's Surface product line. Additional products from Acer and GIGABYTE are also expected to follow.

The launch places Nvidia in more direct competition with companies such as AMD, Intel, Apple, and Qualcomm, all of which are pursuing their own strategies for bringing artificial intelligence capabilities to personal computers. While Nvidia has established a dominant position in hardware used to train large AI models, the company is now increasingly focused on technologies that run AI applications after those models have already been developed.

A major objective behind the RTX Spark platform is support for so-called AI agents. Unlike conventional chatbots that simply answer user questions, AI agents are designed to perform sequences of tasks with limited human intervention. Potential applications include managing schedules, conducting research, organizing information, generating content, and carrying out routine administrative work.

According to Nvidia, future personal computers will need significantly more processing capability to support these systems because AI agents are expected to operate continuously in the background rather than responding only when a user initiates an action.

The company's emphasis on local AI processing reflects a broader trend emerging across the technology sector. Many firms are exploring ways to move AI workloads closer to users instead of relying entirely on cloud-based infrastructure. Supporters of this approach argue that local processing can improve performance while reducing network delays and operational costs.

The commercial success of AI-powered PCs, however, remains uncertain. Although several manufacturers have promoted AI-enabled devices as the next phase of personal computing, adoption has been uneven. Some vendors have reported positive contributions to sales, while others have indicated that demand has not reached the levels initially anticipated when the category was introduced.

Technology analysts nevertheless view the market as an area with long-term growth potential. Neil Shah, co-founder of Counterpoint Research, said the shift from application-centered computing toward AI-assisted systems could fundamentally change how users interact with their devices. He suggested that personal AI agents operating on local hardware may become increasingly common as the technology matures.

During his presentation, Huang also highlighted Nvidia's Vera central processing unit, which he previously described as providing access to a market opportunity worth approximately $200 billion. Nvidia stated that organizations including OpenAI, Anthropic, and SpaceX are among the early adopters evaluating the technology.

The Computex presentation also featured discussion about the future direction of artificial intelligence across the computing industry. Qualcomm Chief Executive Officer Cristiano Amon, speaking separately ahead of the event, argued that the industry is moving beyond AI systems that simply generate responses to prompts and toward software capable of carrying out tasks independently. He described 2026 as a potential turning point for agent-based AI, adding that existing device architectures were largely designed around actions initiated by users rather than autonomous software systems.

Huang also addressed concerns that advances in artificial intelligence could reduce employment opportunities for software developers. Rejecting that view, he argued that AI tools are increasing productivity and enabling organizations to undertake larger software projects, which in turn could create additional demand for engineering talent.

The announcements come as Nvidia continues to expand its presence across multiple segments of the AI market. After becoming one of the leading suppliers of hardware for AI model training, the company is now seeking a larger role in personal computing, inference processing, and AI applications designed to run directly on consumer devices.

The developments were unveiled in Taiwan, a location Huang described as central to the global AI supply chain. The Nvidia chief, who was born in the southern Taiwanese city of Tainan, has repeatedly emphasized the island's importance to the future development and production of advanced computing technologies.

Read more »
Sugar Mill
Cloud Cyber Security Data Breach Harvesting Internet Sugar Mill

Hackers Attack Sugar Mill, Force Operations and Harvesting Shutdown


Australia’s second-biggest sugar producer, Mackay Sugar, is looking into a cyberattack that impacted parts of its operations and temporarily stopped sugarcane harvesting. 

The incident caused the stoppage of milling activities at two of the firm’s facilities while authorities and experts tried to assess the disruption of the attack.

In a recent statement, Mackay Sugar acknowledged the cyberattacks and disruption impacting few of its operations. 

The immediate priorities are ensuring staff safety, continuing business operations safely, and safeguarding operational systems. “Our immediate focus is the safety of our people, protecting operational systems, and maintaining business continuity,” it said. 

About risk assessment

Mackey Sugar is also working with authorities to inspect the incident and recover impacted systems safety.

The incident directly impacted production operations. Local media reports have hinted that the company was compelled to close down its Racecourse and Farleigh sugar mills, two key facilities based in Queensland’s Mackay area. This caused the growers to stop harvesting sugarcane until notified. 

The impact on production

The group also verified that the Farleigh and Racecourse mills' cane hauling and sugar milling operations had been halted. Shortly after both facilities started their yearly sugarcane crushing season, there was an interruption. 

Although many growers in the area have been impacted by the closure, producers in the Marian district have not been immediately impacted. The district's third mill for Mackay Sugar is not expected to start up until next week, according to a report from Australia's ABC News. 

While recovery efforts continue, the sugar producer said it has put in place temporary measures and interim procedures to support critical business operations and minimize operational impact.

Mitigation processes

According to the company, "interim procedures are in place to support critical business functions and minimize disruption where possible." 

Additionally, the company stressed that throughout the event, it is staying in touch with growers, staff, and business partners. 

"We will continue to provide updates as more information becomes available and are in direct communication with our employees, growers, and key partners," Mackay Sugar stated. 

About recovery

Mackay Sugar acknowledged the anxiety brought on by the disruption and reaffirmed that company takes cybersecurity duties seriously. 

"We take extremely seriously our obligation to safeguard our information, operations, and systems. We will give timely updates as we complete our inquiry, and we apologize for any inconvenience or uncertainty this incident may have caused," the business stated. 

Read more »
User Security
Cyber Fraud Cyberabad Police eSim Scam Sim Swapping User Security

Cyberabad Police Busts eSIM Banking Fraud Gang in Hyderabad

 

Cyberabad police have exposed an inter-state cyber fraud racket that used eSIM manipulation, SIM swapping tactics, and OTP diversion to steal money from bank customers. The case underlines how criminals are mixing telecom fraud with banking deception to bypass normal security checks and move money fast. 

Investigators said the accused impersonated staff from a bank’s premium credit card division and contacted victims under the guise of DoT verification. They persuaded targets to convert eSIMs into physical SIM cards, then sent preloaded mobile devices carrying malicious apps, which helped redirect OTPs and banking alerts to the fraudsters. 

Once the OTPs were diverted, the gang could access bank accounts, authorize transfers, and siphon off funds before the victims understood what had happened. Police said six people were arrested in the case: Selim Mondal, Abdul Alim SK alias Mittu, Saiyad Hasim Reza alias Tippu, Mijanur Rahaman Shaik, Bansidhar, and Mehebub Alam Ansary alias Suraj. The fraud amount was put at Rs 77.75 lakh, and police recovered Rs 15 lakh in cash during searches at the accused persons’ homes. 

The bigger concern is that this type of scam is highly scalable. It does not depend on hacking a bank’s servers; instead, it exploits human trust, weak verification habits, and the phone number as a security key. If a criminal gets control of your SIM or eSIM flow, they may also gain access to banking apps, password resets, and other sensitive services that rely on SMS verification.

Mitigation tips 

To stay safe from this type of eSIM banking fraud, never share OTPs, PINs, card details, or recovery codes with anyone over call, SMS, or WhatsApp, even if the caller claims to be from a bank or telecom company; verify any eSIM or SIM change request only through your operator’s official app, website, or helpline; avoid clicking suspicious links or scanning unknown QR codes.

Additionally, do not insert a SIM into any courier-delivered or unfamiliar device; enable banking alerts, use strong passwords and authenticator apps instead of SMS-based verification where possible; and if your phone suddenly loses signal or you suspect a SIM hijack, immediately contact your mobile provider, freeze transactions with your bank, and report the issue through India’s cybercrime helpline 1930 or the official cybercrime portal.
Read more »
Enterprise Security Risks
CVE CVE vulnerability Cyber Attacks Cybersecurity Threats Data Breaches enterprise cybersecurity Enterprise Security Risks

ShinyHunters Exploits Oracle PeopleSoft Zero-Day to Breach Universities and Enterprise Systems

 

A breach tied to the hacking collective ShinyHunters emerged during a wave of intrusions leveraging an undisclosed weakness in Oracle PeopleSoft platforms. Unauthorized entry occurred because security gaps went unpatched - access followed swiftly after initial compromise. Data theft unfolded across multiple campuses and research-focused entities throughout May into June's first days. Evidence gathered by Google Cloud Mandiant analysts pointed directly toward systemic exploitation prior to any public alert from Oracle. Control over affected servers enabled extraction of confidential information before patches were available. 

One security team links these actions to a hacking cluster known internally as UNC6240. Exploiting a weakness labeled CVE-2026-35273, they triggered unauthorized code on Oracle PeopleSoft systems. This issue sits near the top of risk scales - rated 9.8/10 - given how easily it can be abused. With nothing more than an open HTTP connection, intruders bypass login checks entirely. Access unfolds remotely; no clicks or credentials required by victims. 

Within the PeopleSoft platform, the weakness lies specifically in the Environment Management Hub. Though Oracle officially acknowledged issues in PeopleTools 8.61 and 8.62, earlier versions - no longer supported - could still face risks. Because exploitation began prior to Oracle's public notice, the vulnerability acted like a real zero-day during the entire attack period. Hidden weaknesses emerged when hackers mistakenly left key systems visible on the web. 

A closer look revealed open servers storing malware frameworks, communication hubs, admin utilities masked as legitimate cloud documents, along with automation codes designed to navigate internal corporate environments. Spread through connected devices began once access was gained, followed by bundling sensitive material before sending it toward platforms tied to ShinyHunters’ operations. Mandiant found over 100 groups facing possible system exposure, alerting each to the danger. Higher education made up close to 68% of these cases, primarily within the U.S. 

While certain schools stopped threats in time, several faced verified intrusions alongside leaked information. Among the earliest cases made public stood the University of Nottingham. Reports tracking data leaks indicate the exposed records include around 455,000 distinct email addresses, followed by private details such as full names, residential locations, telephone numbers, passport identifiers, ethnic background, and data tied to disabilities. Confirmation of the event came directly from the institution itself. 

Turning off the Environment Management Hub service is a step Oracle suggests when feasible, while limiting outside connections to vulnerable endpoints. Experts in cybersecurity point out that checking system logs matters, along with hunting down odd-looking files. Uncommon patterns in data leaving the network should catch attention. Applying fixes from Oracle promptly stands as another measure worth taking. 

Surprisingly, ShinyHunters once stuck to phishing, compromised logins, or manipulating people through psychological tricks. Now, though - using a previously unknown flaw in server software suggests their methods have taken a sharper turn. This shift hints at ERP platforms being eyed more closely going forward, even if nothing is certain yet.
Read more »
red hat
Cybersecurity Digital Supply Chain Risk GitHub malware red hat

Red Hat Investigates npm Package Compromise After Malware Found in Official Repository

 



Security researchers have identified malicious code in dozens of packages distributed through Red Hat's official @redhat-cloud-services namespace on npm after attackers gained unauthorized access to the repository.

The incident was first reported by researchers at Aikido Security, who found that software packages published through the trusted Red Hat namespace had been modified to include malware capable of collecting credentials from developer environments. Because the affected namespace is used for legitimate Red Hat cloud-related packages, developers may have installed the compromised versions without suspecting unauthorized changes.

According to researchers, more than 30 package versions were affected. Several remained available for download when the activity was initially disclosed, creating a risk for organizations that automatically pull dependencies into development workflows.

Technical analysis showed that the malicious code was designed to run during package installation. This means exposure could occur as soon as a package is installed, even if the software itself is never executed inside an application.

Researchers found that the malware searched infected systems for authentication data commonly used by developers and cloud administrators. The targeted information reportedly included GitHub Actions secrets, npm access tokens, Kubernetes credentials, Vault secrets, and other cloud-service authentication material that could provide access to source code repositories, deployment environments, and internal infrastructure.

The malware also contained mechanisms intended to expand the compromise beyond the initial victim. If credentials with sufficient privileges were discovered, the malicious code could attempt to publish altered packages through repositories or accounts available to the infected environment. This behavior could allow attackers to use one compromised system as a stepping stone into additional software projects.

Investigators further observed that stolen information was encrypted before being transmitted from infected systems. Reports indicate that the malware included backup methods for data exfiltration, including the ability to use compromised GitHub repositories if its primary communication channel became unavailable.

Researchers noted signs that the incident may have involved CI/CD infrastructure. Continuous Integration and Continuous Delivery systems automate software building, testing, and deployment, making them attractive targets because a compromise can provide access to multiple projects simultaneously. Evidence reviewed by researchers suggested that GitHub Actions OpenID Connect workflows may have been involved in publishing the affected packages.

The exact method used to gain access to the Red Hat namespace remains under investigation. Researchers have not publicly attributed the initial compromise to a specific technique, although they believe unauthorized access to publishing credentials likely played a role.

Security firms examining the incident linked the malware to a variant of "Shai-Hulud," a credential-stealing program that has appeared in recent software supply-chain investigations. Researchers noted that code associated with the malware has circulated publicly, increasing the likelihood that similar attacks could be adopted by multiple threat actors.

Following notification of the issue, Red Hat removed the affected packages and began an internal investigation. In a public statement, the company said the compromised packages were intended for internal development purposes and were not distributed to customers through Red Hat production services. The company also stated that it had not identified evidence of impact to customer environments, partner systems, or production infrastructure at the time of its investigation.

Security experts recommend that any organization or developer who installed affected package versions review their systems immediately. Response measures should include rotating credentials, examining CI/CD environments for unauthorized activity, reviewing repository permissions, and checking software dependencies for indicators associated with the compromise.

The incident illustrates a recurring challenge in modern software development: trust placed in widely used package repositories can become a point of failure when an attacker gains access to a legitimate publishing channel. When that occurs, malicious code can reach downstream users through routine software updates rather than through traditional intrusion methods. 

Read more »
Subscribe to: Posts (Atom)

Featured