Security Rabbits

Today's report

Source: Security Rabbits

🐰The Rabbit's Foot (TLDR)

🥕 JCPenney Data Breach Exposes 368k Employees: A ShinyHunters extortion campaign exploited a zero-day in Oracle PeopleSoft, leaking SSNs, DOBs, and addresses. If you're a current or former JCPenney employee, freeze your credit and monitor for identity theft immediately.

🥕 Critical pgAdmin 4 Flaws Enable RCE and Data Theft: Multiple CVEs (CVE-2026-12045, 12046, 12048) in pgAdmin 4 allow unauthenticated SQL injection, remote code execution, and stored XSS. Upgrade to version 9.16+ and ensure the AI Assistant feature is disabled if not needed.

🥕 CISA Warns of Active Exploitation: Patch Splunk Enterprise & FortiGate Now: A critical Splunk Enterprise flaw (CVE-2026-XXXX) is under active attack, with a Sunday patch deadline for U.S. agencies. Additionally, 86,644 FortiGate devices are targeted by the "FortiBleed" campaign. Apply vendor patches immediately and restrict internet exposure.

🥕 WordPress Sites Under Siege: SocGholish Takedown & Gravity SMTP Exploit: Global law enforcement cleaned 14,971 WordPress sites spreading fake-update malware

Source: CVE Trend

🐰Trending vulnerability

CRITICAL CVE‑2026‑20045
Published: 2026-01-21 Updated: 2026-06-17

🥕⚪⚪⚪⚪⚪⚪⚪⚪⚪ (12%)A vulnerability in Cisco Unified Communications Manager (Unified CM), Cisco Unified Communications Manager Session Management Edition (Unified CM SME), Cisco Unified Communications Manager IM & Presence Service (Unified CM IM&P), Cisco Unity Connection, and Cisco Webex ..

Source: Have I been pwned?

🐰Have I been pwnd

JCPenney (jcpenny.com)
Published: 2026-06-12 Updated: 2026-06-20
Count: 368418

In June 2026, retailer JCPenney and associated brands were targeted in a ShinyHunters "pay or leak" extortion campaign. Data allegedly obtained from JCPenney through the exploitation of a critical zero-day vulnerability in Oracle PeopleSoft was later published publicly. The exposed records indicated they primarily related to internal HR systems and impacted current and former employees. The data included 368k corporate and personal email addresses, names, dates of birth, Social Security numbers, phone numbers and home addresses.

Source: NIST

🐰NIST CVE

🥕 CVE-2026-11551   Branda WordPress Plugin
Critical unauthenticated privilege escalation via password takeover affecting all versions up to 3.4.29. Attackers can change any user's password, including admins, without validation. Update the plugin immediately.

🥕 CVE-2026-48908   SP Page Builder for Joomla
Critical unauthenticated arbitrary file upload leading to PHP code execution. This is a direct path to full server compromise. Apply the vendor patch without delay.

🥕 CVE-2026-48909   SP LMS for Joomla
Critical unauthenticated remote code execution via insecure deserialization of cookie data in versions below 4.1.4. No authentication required for full server takeover. Upgrade to 4.1.4 or later.

🥕 CVE-2026-48939   iCagenda Joomla Extension
Critical unauthenticated arbitrary file upload vulnerability in the file attachment feature, enabling PHP code execution. Attackers can gain full control of the site. Update iCagenda immediately.

🥕 CVE-2024-58351   Flowise
Critical unauthenticated remote code execution via the overrideConfig option, enabled by default in versions before 2.1.4. Attackers can achieve sandbox escape, SSRF, and data exfiltration. Upgrade to 2.1.4 or restrict overrideConfig access.

🥕 CVE-2026-5366   Prefect
Critical remote code execution in Prefect 3.6.23 via git flag injection in the GitRepository storage class. Any user with deployment creation permissions can execute arbitrary commands on worker machines. Update Prefect and restrict deployment permissions.

🥕 CVE-2022-50972   WooCommerce
Critical unauthenticated remote code execution in WooCommerce 7.1.0 via shell command injection in the product-type parameter. Attackers can write malicious PHP files to the web root. Update WooCommerce immediately.

🥕 CVE-2026-56214   Capgo
🥕 CVE-2026-56215   Capgo
🥕 CVE-2026-56216   Capgo
🥕 CVE-2026-9843   Database for Contact Form 7, WPforms, Elementor forms WordPress Plugin
🥕 CVE-2026-11911   Simple File List WordPress Plugin
🥕 CVE-2026-11912   Simple File List WordPress Plugin
🥕 CVE-2019-25763   WordPress Ultimate Addons for Beaver Builder
🥕 CVE-2020-37255   WordPress Time Capsule Plugin
🥕 CVE-2026-56340   vLLM
🥕 CVE-2026-56341   AVideo
🥕 CVE-2026-56345   AVideo

🐰News

14,971 WordPress Sites Cleaned in Global SocGholish Takedown
Operation EndGame disrupted SocGholish, taking down 106 servers and cleaning 14,971 WordPress sites used to spread fake-update malware. On June 18, 2026, law enforcement agencies from the Netherlands, Canada, the United States, and Germany, [...] (Security Affairs)

AutoJack Attack Lets One Web Page Hijack AI Agent for Host Code Execution
Microsoft researchers have detailed an exploit chain, named AutoJack, that turns an AI browsing agent into a delivery vehicle for remote code execution. Steer the agent to load an attacker's web page, and that page's JavaScript can reach a [...] (The Hacker News)

Hackers exploit info disclosure bug in Gravity SMTP WordPress plugin
Threat actors are exploiting an unauthenticated information disclosure vulnerability in the WordPress plugin Gravity SMTP, active on 100,000 sites. [...] (BleepingComputer)

Apple's Hide My Email tweak leaves privacy fans fuming
Apple has long marketed itself as the privacy-first tech giant. So why is it making a change to Hide My Email that will make it easier for websites to block anonymous sign-ups - and harder for you to stay private online? Read more in my article on [...] (GRAHAM CLULEY)

Imposter scams cost Americans $3.5 billion in 2025 - and it's getting worse
Someone is pretending to be your bank, your government, or your local planning office. And according to the FTC, they're making billions doing it. Read more in my article on the Fortra blog. (GRAHAM CLULEY)

CISA Warns Fortinet Customers as FortiBleed Hits 86,644 FortiGate Devices
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday urged Fortinet customers with FortiGate appliances to take steps to secure against ongoing malicious activity aimed at thousands of internet-accessible devices. The [...] (The Hacker News)

CISA: Splunk Enterprise flaw actively exploited, patch by Sunday
CISA has urged U.S. federal agencies to secure their systems by Sunday against a critical Splunk Enterprise vulnerability that is being exploited in attacks. [...] (BleepingComputer)

Peter Thiel 's Secret Society Leak Creates a Perfect Target List for Espionage, Influence Operations, and Blackmail
A simple website flaw exposed members, political profiles, login tokens, and dating data from Peter Thiel 's secretive Dialog network. Dialog, a private invitation-only organization cofounded in 2006 by billionaire tech investor Peter Thiel, has [...] (Security Affairs)

U.S. CISA adds Splunk Enterprise flaw to its Known Exploited Vulnerabilities catalog and urges agencies to fix it by Sunday
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Splunk Enterprise flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a Splunk Enterprise flaw, tracked as [...] (Security Affairs)

Confidence Lacks in Threat Detection Across Non-Email Channels like Slack and Teams
Half of cybersecurity leaders lack confidence in detecting threats on Slack, Teams and other non-email platforms, despite growing attacker focus (Unsourced)

Source: Ransomware.live

🐰Ransomware attacks

👹 stormous

mlit.com.my UPDATE-FULL DATA DUMP 10GB

👻 qilin

Commune d'Eyguires, PJ Daly Contracting, Roth Industries, Sparkle Pools

🧨 pear

Optimum First Mortgage

🎯 nova

Desert Micro

🤖 krybit

aasa.ae, coemi.com.br, www.mupras.com