Skip to main content
VIISeven Vector
LOCAL--:--
CT--:--
PT--:--
UTC--:--
Back to dashboard
VIISEVEN VECTORVol. 2026 · No. 164 · 2026-06-13
Saturday, June 13, 2026 · UTCsevenvector.com — Executive Cybersecurity Intelligence

Recommended action for the day

Prioritize the audit of Linux authentication logs and Oracle ERP instances to detect long-term persistence and active zero-day exploitation.

State mandates and sophisticated supply chain exploits demand urgent infrastructure defense.

Risk Posture

Medium

Sustained activity. Monitor closely.

On KEV · 7d

7

Critical · 24h

0

Threats · 24h

5

Advisories · 7d

20

Why this matters

  1. Actively exploited. The ShinyHunters threat group is currently exploiting an unpatched Oracle ERP zero-day vulnerability to exfiltrate sensitive student and institutional data from U.S. higher education institutions.
  2. Supply chain attack. Over 400 Arch Linux User Repository (AUR) packages were hijacked to deploy credential stealers and eBPF rootkits, specifically targeting developer environments via malicious build scripts.
  3. Nation-state persistence. The China-linked actor Velvet Ant has been identified using a backdoor in Linux authentication software to maintain undetected access and bypass login protocols on enterprise servers for nearly a dec…

Needs eyes now

  1. CVE-2026-35273 — Oracle PeopleSoft Enterprise PeopleTools: Oracle PeopleSoft Enterprise PeopleTools Missing…

    CISA KEV · CVE-2026-35273 · KEV · CRITICAL

    Unauthenticated attackers can fully take over PeopleSoft Enterprise PeopleTools systems due to missing authentication; no active exploitati…

  2. CVE-2026-10520 — Ivanti Sentry: Ivanti Sentry OS Command Injection Vulnerability

    CISA KEV · CVE-2026-10520 · KEV · CRITICAL

    Unauthenticated remote attackers can gain root-level code execution on unmanaged Ivanti Sentry appliances; no active exploitation is curren…

  3. CVE-2026-11645 — Google Chromium V8: Google Chromium V8 Out-of-Bounds Read and Write Vulnerability

    CISA KEV · CVE-2026-11645 · KEV · CRITICAL

    Remote attackers can execute arbitrary code on devices running Chrome, Edge, or Opera via malicious web pages; active exploitation status i…

Also on the wire

  • Ex-school district employee jailed for hacks on former employer BleepingComputer
  • Chinese hackers hijack auth flow, spy on isolated network for a decade BleepingComputer
  • Critical Splunk Enterprise Flaw Lets Attackers Run Code Without Authentication The Hacker News · CVE-2026-20253
  • US Gov asks Anthropic to ban 'foreign national' access to Fable, Mythos BleepingComputer
  • U.S. Orders Anthropic to Suspend Fable 5 and Mythos 5 Access for Foreign Nationals The Hacker News
  • ShinyHunters Uses Oracle Zero-Day to Rampage Higher Ed Dark Reading
SEVENVECTOR.COMDaily Executive Briefing · 2026-06-13Generated 2026-06-13