Week in review: SimpleHelp vulnerability exploited, Oracle EBS Payments flaw under attack

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:

Week in review

Companies keep bolting AI onto their products, and the security bill is coming due
Companies keep bolting AI and LLM features onto their products, and the security results are starting to show a pattern. The vulnerabilities those features create get rated high risk far more often than anything else, and they get fixed slower than anything else. The figures come from Cobalt’s AI and Pentesting Pulse Report 2026, built on five years of penetration testing data and a survey of 455 security leaders and practitioners.

DarkMoon: Open-source AI pentesting platform
Penetration testing relies on skilled specialists who spend days probing networks and web applications by hand. Engagements often take weeks, cost thousands of dollars per day, and produce results that vary by tester. AI-driven automation aims to streamline the process. DarkMoon, an open-source platform, uses AI agents to plan and execute security assessments from start to finish, delivering an evidence-backed report at the end.

AirDrop and Quick Share vulnerabilities affect protocols on five billion devices as fixes begin
Phones and laptops include built-in wireless file-sharing features such as Apple’s AirDrop and Google and Samsung’s Quick Share. These services automatically communicate with nearby devices, even if they have never connected before, and are used on more than five billion devices worldwide. Researchers at the CISPA Helmholtz Center for Information Security identified six vulnerabilities affecting AirDrop and Quick Share across macOS, iOS, Android, and Windows.

AI-generated code risks reach security, legal, and compliance teams
Most engineering organizations write code with AI, and a good number of them keep that code away from customers. A Flux survey of engineering leaders and practitioners found that nearly half run AI-generated code in production. Almost every company in the sample uses AI somewhere in development, with under 5% reporting no plans to adopt it within a year.

Nika: Open-source code analysis tool
Many web application vulnerabilities span multiple files, making them difficult for scanners that analyze one file at a time to detect. Nika, an open-source tool from PhonePe, works on that problem by performing cross-file taint analysis in Java microservices, tracing untrusted input across application layers to identify security-sensitive operations.

The endpoint recovery gap many teams discover during an incident
In this interview with Help Net Security, IGEL CTO Matthias Haas explains why backups alone do not equal recovery. He makes the case that endpoint recovery is often overlooked, leaving organizations exposed when thousands of devices go down at once.

Mozilla warns of indirect prompt injection risk in AI coding agents
A malicious GitHub repository can silently compromise a developer’s machine without containing a single line of malicious code, security researchers at Mozilla’s Zero Day Investigative Network (0DIN) warned. The proof-of-concept attack targets AI-powered coding agents such as Claude Code, and uses indirect prompt injection to manipulate an AI agent into taking harmful actions the developer never explicitly authorized.

JSP webshells being dropped on unpatched PTC Windchill instances
The US Cybersecurity and Infrastructure Security Agency (CISA) added a vulnerability (CVE-2026-12569) in Windchill and FlexPLM, two product lifecycle management software platforms developed by PTC, to its Known Exploited Vulnerabilities (KEV) catalog.

SimpleHelp vulnerability exploited to deliver mighty Djinn Stealer (CVE-2026-48558)
Attackers are exploiting CVE-2026-48558, a recently patched authentication bypass vulnerability in SimpleHelp RMM, to drop the novel Djinn Stealer malware on victim computers. The malware is capable of targeting Windows, macOS, and Linux systems, and “collects credentials associated with cloud platforms, source control, package registries, infrastructure tooling, AI development assistants, browsers, SSH, and cryptocurrency wallets,” BlackPoint Cyber’s researchers discovered.

Oracle E-Business Suite Payments flaw under attack (CVE-2026-46817)
Exploitation attempts targeting a critical vulnerability (CVE-2026-46817) in Oracle Payments, the payment-processing module within Oracle’s E-Business Suite (EBS), have been spotted over the weekend, threat intelligence company Defused warned on Monday.

What a financial planner taught me about cybersecurity
When Brian Honan spoke at a recent cybersecurity awareness event for financial planners and tax advisors, the audience was highly engaged with the subject. As happens at conferences around the world, people often approach speakers to ask follow-up questions or share their feedback on the presentation. This time, what struck Honan was how many attendees said they had been scared by what they heard during his talk.

Geopolitical cyber threats are turning HR into a security front line
In this Help Net Security video, Roman Sannikov, Global Research Coordinator at iCOUNTER, explains why geopolitics belongs in every security team’s threat model. With open and simmering conflicts around the world, attacks can come from actors that would never have targeted your company before.

Getting boards to fund ERM means speaking their currency
In this Help Net Security video, Greg Young, VP Cybersecurity and Corporate Development at TrendAI, explains how to build Enterprise Risk Management that a board will pay for.

Sycophantic chatbots and the harms that build over many chats
People use AI chatbots for company, advice, and emotional support, and these systems respond in ways designed to hold their attention. Researchers describe the resulting risks as affective safety, harms that arise because humans are emotional beings and AI engages directly with those emotions. The damage can occur during normal use, as systems optimize for the goals set by their developers.

Half the defense base still builds security around compliance
CMMC requirements are appearing in defense contracts and moving down through supplier networks to thousands of companies new to this kind of compliance work. Many run on limited budgets with lean security teams. The picture comes from nearly 900 defense contractors, C3PAOs, federal suppliers, and cybersecurity professionals who attended the 2026 Secureframe National Cybersecurity Summit.

WSL containers now build and run Linux workloads on Windows
Containers power many cloud-native applications, AI workloads, and testing and deployment pipelines. Windows developers have long relied on third-party software to build and run them. WSL containers make that step optional. Introduced at Microsoft Build 2026, the feature is now available in public preview with Windows Subsystem for Linux version 2.9.3. Users can install it with wsl --update --pre-release or by downloading the pre-release build from GitHub.

Kali Linux 2026.2 trims VM boot times, refreshes its desktops
Penetration testers who run Kali Linux inside virtual machines boot their systems faster after the 2026.2 release. The change comes from a decision about graphics firmware, the code that drives NVIDIA, AMD, and Intel GPUs. That firmware has grown large enough to slow the early stages of startup, and few virtual machines need it.

This supercomputer encrypts your data even while it’s running it
Sensitive data is typically encrypted when stored and transmitted, but not while it is being processed in memory, leaving it exposed to anyone with sufficient system access. Researchers at the University of Cologne developed a supercomputer called RAMSES that closes this gap by keeping data encrypted even during processing.

The ARToken phishing panel targets Microsoft 365 accounts
U.S. companies are being targeted with phishing emails that impersonate trusted vendors and appear to be routine invoice inquiries. According to Cisco Talos, the campaign is linked to EvilTokens, a phishing-as-a-service platform that earlier this year operated across hundreds of Cloudflare Workers domains.

What the AI patch gap means for enterprise security
Open-source maintainers are receiving more vulnerability reports than they can act on, and a rising share now comes from an AI system working at machine speed. Over roughly two months this spring, Anthropic’s Claude Mythos Preview combed through more than 23,000 open-source code paths and routed verified findings to the projects that own them. Tuskira studied what happens to those findings once they reach human hands.

Catching ransomware on the wire before it locks the file server
Corporate networks store sensitive data on shared servers accessed through mapped drives, making them prime ransomware targets. A compromised workstation can encrypt remote files over Server Message Block (SMB) traffic, while endpoint security tools often see only part of the attack. Researchers at La Trobe University developed a network-based framework that detects ransomware by analyzing SMB traffic patterns.

Non-interactive SSH attacks dominate after login
Anyone who runs a server with SSH exposed to the internet sees the same pattern in the logs. The usual assumption is that an attacker eventually breaks in, opens a shell, and starts running commands. Data collected from 11 research honeypots suggests a very different reality.

Most teams accept higher risk for faster AI database work
Database professionals are using AI for everyday work like writing queries, building schemas, and reviewing code, and a growing share rely on autonomous tools that act on the database itself. The use of AI in database management has almost tripled in a year, climbing from 15% to 44% of organizations, according to Redgate’s 2026 State of the Database Landscape report.

GPT-5.6 gets better at cybersecurity
OpenAI has started rolling out the GPT-5.6 series models in limited preview to a small group of trusted partners through the API and Codex. The series includes Sol as the flagship model, Terra as a balanced option, and Luna as the fastest and most cost-efficient model. The rollout is being coordinated with the U.S. government before expanding to ChatGPT, Codex, and API users in the coming weeks.

Hottest cybersecurity open-source tools of the month: June 2026
Presented here is a curated selection of noteworthy open-source cybersecurity solutions that have drawn recognition for their ability to enhance security postures across diverse settings.

Vulnerability reports are arriving faster than GitHub can review them
Across the open source world, people are reporting software flaws in record numbers, and the systems built to verify those reports are straining under the weight. The GitHub Advisory Database, which feeds automated security alerts to millions of projects, has reached a point where some new advisories take weeks to publish.

Product showcase: Scam calls, phishing, and data breaches? Meet AVG Mobile Security
AVG Mobile Security for iOS helps protect users against online threats with features including Web Guard, VPN, Scam Guardian Pro, Hack Alerts, and Photo Vault. It also identifies suspicious calls and scam text messages and helps keep personal information private while using Wi-Fi networks with its VPN. The app is available for Windows, macOS, Android, and iOS.

OpenClaw for iOS: The viral open-source AI agent comes to iPhone and iPad
OpenClaw, a self-hosted personal AI assistant that connects to existing chat apps, is now available on iPhone, iPad and Apple Watch. The release brings chat, real-time voice conversations, approvals, device capabilities, and private automations to iOS.

Proton’s pitch for Lumo 2.0: Frontier AI without the data grab
Proton has unveiled Lumo 2.0, a major upgrade to its zero-access encrypted AI assistant. Built on a new architecture, the release brings the assistant closer to frontier AI models with new AI models, multimodal capabilities, Memory, improved web search, and enterprise features.

Microsoft wants to stop unwanted bots from entering Teams meetings
A new Microsoft Teams admin policy, Manage external bots and their access to meetings, gives organizations greater visibility and control over external bots in meetings. The policy identifies bots and applies safeguards before they are admitted. Microsoft will begin retiring the existing Require verification by participants (CAPTCHA) meeting policy.

Claude Sonnet 5 includes safeguards against dangerous cyber use
Anthropic has introduced Claude Sonnet 5, the latest version of its general-purpose AI model, with improved reasoning, coding, tool use, and knowledge work capabilities. The model can make plans, use tools such as browsers and terminals, and complete tasks autonomously.

GitHub’s new tool helps prevent costly open-source license violations
GitHub’s Open Source Program Office (OSPO) uses the new GitHub License Compliance feature, now in public preview, to manage thousands of open-source dependencies and identify dependencies whose licenses require review.

Review: CTRL+ALT+PWN
Hacking gear that once sat in well-funded labs now ships to anyone with a credit card and a video tutorial. Frank Riccardi builds his consumer guide, CTRL+ALT+PWN: The Hacker’s Playbook (And How to Beat It), on that one condition.

Cloudflare changes AI crawler access rules
Cloudflare introduced new controls that let website owners manage AI traffic across three categories: Search, Agent, and Training. The feature is available to all Cloudflare customers, including those on the Free plan, and gives website owners more control over how different types of AI crawlers access their content.

Scattered Spider suspect extradited over $8 million ransom scheme
A suspected Scattered Spider member has been extradited to the United States to face charges linked to cyberattacks against U.S. companies, including the breach of a luxury jewelry retailer that led to an $8 million cryptocurrency ransom demand after attackers stole company data.

Organizations struggle to prioritize known cyber risks
Organizations collect more cyber risk data than ever, with many still struggling to build a unified view of their exposure. The latest State of Threat Management report from Filigran found that security teams continue to work across disconnected tools, leaving important context spread across multiple systems.

Cybersecurity jobs available right now: June 30, 2026
We’ve scoured the market to bring you a selection of roles that span various skill levels within the cybersecurity field. Check out this weekly selection of cybersecurity jobs available right now.

New infosec products of the week: July 3, 2026
Here’s a look at the most interesting products from the past week, featuring releases from Digi International, iboss, Jamf, and Netzilo.

More about

Don't miss