Today’s Briefing
CVE-2026-35273 in Oracle PeopleSoft Enterprise PeopleTools entered the CISA KEV catalogue yesterday following active exploitation by the ShinyHunters actor targeting the education sector. The vulnerability is a missing authentication flaw in versions 8.61 and 8.62 that permits unauthenticated takeover of PeopleTools instances; Oracle published an out-of-band security alert on 10 June. Separately, Iran-linked Handala compromised California Water Service via an exposed GPS tool, exfiltrating 5GB of billing data covering two million customers and posting proof on 11 June.
Top Stories
Full brief available to subscribers
The complete operator brief — action items with patch deadlines, the vulnerability appendix and named actor activity — goes out by email each morning. Subscribe free to receive it.
Get the brief at 07:00, every weekday.
The day's UK security intelligence, read and ranked so you start informed: the stories that matter, the IOCs your SIEM needs, and the actions worth taking first.