SimpleHelp, Oracle EBS flaws exploited in active attacks

▼ Summary
– Companies adding AI features to products are seeing these vulnerabilities rated high risk more often and fixed slower than other issues, per Cobalt’s report.
– Researchers at CISPA found six vulnerabilities in Apple’s AirDrop and Google/Samsung’s Quick Share, affecting over five billion devices.
– A Flux survey revealed nearly half of engineering organizations run AI-generated code in production, with almost all using AI in development.
– Mozilla’s 0DIN warned of indirect prompt injection attacks that can compromise developer machines via malicious GitHub repos targeting AI coding agents.
– Attackers are exploiting a patched vulnerability in SimpleHelp RMM (CVE-2026-48558) to deploy Djinn Stealer malware on Windows, macOS, and Linux systems.
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos:
Companies keep bolting AI onto their products, and the security bill is coming due. The vulnerabilities those features create get rated high risk far more often than anything else, and they get fixed slower than anything else. The figures come from Cobalt’s AI and Pentesting Pulse Report 2026, built on five years of penetration testing data and a survey of 455 security leaders and practitioners.
DarkMoon: Open-source AI pentesting platform relies on skilled specialists who spend days probing networks and web applications by hand. Engagements often take weeks, cost thousands of dollars per day, and produce results that vary by tester. AI-driven automation aims to streamline the process. DarkMoon, an open-source platform, uses AI agents to plan and execute security assessments from start to finish, delivering an evidence-backed report at the end.
Phones and laptops include built-in wireless file-sharing features such as Apple’s AirDrop and Google and Samsung’s Quick Share. These services automatically communicate with nearby devices, even if they have never connected before, and are used on more than five billion devices worldwide. Researchers at the CISPA Helmholtz Center for Information Security identified six vulnerabilities affecting AirDrop and Quick Share across macOS, iOS, Android, and Windows.
Most engineering organizations write code with AI, and a good number of them keep that code away from customers. A Flux survey of engineering leaders and practitioners found that nearly half run AI-generated code in production. Almost every company in the sample uses AI somewhere in development, with under 5% reporting no plans to adopt it within a year.
Nika: Open-source code analysis tool works on the problem of web application vulnerabilities that span multiple files. These are difficult for scanners that analyze one file at a time to detect. Nika, an open-source tool from PhonePe, performs cross-file taint analysis in Java microservices, tracing untrusted input across application layers to identify security-sensitive operations.
In this interview with Help Net Security, IGEL CTO Matthias Haas explains why backups alone do not equal recovery. He makes the case that endpoint recovery is often overlooked, leaving organizations exposed when thousands of devices go down at once.
A malicious GitHub repository can silently compromise a developer’s machine without containing a single line of malicious code, security researchers at Mozilla’s Zero Day Investigative Network (0DIN) warned. The proof-of-concept attack targets AI-powered coding agents such as Claude Code, and uses indirect prompt injection to manipulate an AI agent into taking harmful actions the developer never explicitly authorized.
The US Cybersecurity and Infrastructure Security Agency (CISA) added a vulnerability (CVE-2026-12569) in Windchill and FlexPLM, two product lifecycle management software platforms developed by PTC, to its Known Exploited Vulnerabilities (KEV) catalog. JSP webshells are being dropped on unpatched instances.
Attackers are exploiting CVE-2026-48558, a recently patched authentication bypass vulnerability in SimpleHelp RMM, to drop the novel Djinn Stealer malware on victim computers. The malware is capable of targeting Windows, macOS, and Linux systems, and “collects credentials associated with cloud platforms, source control, package registries, infrastructure tooling, AI development assistants, browsers, SSH, and cryptocurrency wallets,” BlackPoint Cyber’s researchers discovered.
Exploitation attempts targeting a critical vulnerability (CVE-2026-46817) in Oracle Payments, the payment-processing module within Oracle’s E-Business Suite (EBS), have been spotted over the weekend, threat intelligence company Defused warned on Monday.
When Brian Honan spoke at a recent cybersecurity awareness event for financial planners and tax advisors, the audience was highly engaged with the subject. As happens at conferences around the world, people often approach speakers to ask follow-up questions or share their feedback on the presentation. This time, what struck Honan was how many attendees said they had been scared by what they heard during his talk.
In this Help Net Security video, Roman Sannikov, Global Research Coordinator at iCOUNTER, explains why geopolitics belongs in every security team’s threat model. With open and simmering conflicts around the world, attacks can come from actors that would never have targeted your company before.
In this Help Net Security video, Greg Young, VP Cybersecurity and Corporate Development at TrendAI, explains how to build Enterprise Risk Management that a board will pay for.
People use AI chatbots for company, advice, and emotional support, and these systems respond in ways designed to hold their attention. Researchers describe the resulting risks as affective safety, harms that arise because humans are emotional beings and AI engages directly with those emotions. The damage can occur during normal use, as systems optimize for the goals set by their developers.
CMMC requirements are appearing in defense contracts and moving down through supplier networks to thousands of companies new to this kind of compliance work. Many run on limited budgets with lean security teams. The picture comes from nearly 900 defense contractors, C3PAOs, federal suppliers, and cybersecurity professionals who attended the 2026 Secureframe National Cybersecurity Summit.
Containers power many cloud-native applications, AI workloads, and testing and deployment pipelines. Windows developers have long relied on third-party software to build and run them. WSL containers make that step optional. Introduced at Microsoft Build 2026, the feature is now available in public preview with Windows Subsystem for Linux version 2.9.3. Users can install it with wsl –update –pre-release or by downloading the pre-release build from GitHub.
Penetration testers who run Kali Linux inside virtual machines boot their systems faster after the 2026.2 release. The change comes from a decision about graphics firmware, the code that drives NVIDIA, AMD, and Intel GPUs. That firmware has grown large enough to slow the early stages of startup, and few virtual machines need it.
Sensitive data is typically encrypted when stored and transmitted, but not while it is being processed in memory, leaving it exposed to anyone with sufficient system access. Researchers at the University of Cologne developed a supercomputer called RAMSES that closes this gap by keeping data encrypted even during processing.
U. S. companies are being targeted with phishing emails that impersonate trusted vendors and appear to be routine invoice inquiries. According to Cisco Talos, the campaign is linked to EvilTokens, a phishing-as-a-service platform that earlier this year operated across hundreds of Cloudflare Workers domains.
Open-source maintainers are receiving more vulnerability reports than they can act on, and a rising share now comes from an AI system working at machine speed. Over roughly two months this spring, Anthropic’s Claude Mythos Preview combed through more than 23,000 open-source code paths and routed verified findings to the projects that own them. Tuskira studied what happens to those findings once they reach human hands.
Corporate networks store sensitive data on shared servers accessed through mapped drives, making them prime ransomware targets. A compromised workstation can encrypt remote files over Server Message Block (SMB) traffic, while endpoint security tools often see only part of the attack. Researchers at La Trobe University developed a network-based framework that detects ransomware by analyzing SMB traffic patterns.
Anyone who runs a server with SSH exposed to the internet sees the same pattern in the logs. The usual assumption is that an attacker eventually breaks in, opens a shell, and starts running commands. Data collected from 11 research honeypots suggests a very different reality. Non-interactive SSH attacks dominate after login.
Database professionals are using AI for everyday work like writing queries, building schemas, and reviewing code, and a growing share rely on autonomous tools that act on the database itself. The use of AI in database management has almost tripled in a year, climbing from 15% to 44% of organizations, according to Redgate’s 2026 State of the Database Landscape report.
OpenAI has started rolling out the GPT-5.6 series models in limited preview to a small group of trusted partners through the API and Codex. The series includes Sol as the flagship model, Terra as a balanced option, and Luna as the fastest and most cost-efficient model. The rollout is being coordinated with the U. S. government before expanding to ChatGPT, Codex, and API users in the coming weeks.
Presented here is a curated selection of noteworthy open-source cybersecurity solutions that have drawn recognition for their ability to enhance security postures across diverse settings.
Across the open source world, people are reporting software flaws in record numbers, and the systems built to verify those reports are straining under the weight. The GitHub Advisory Database, which feeds automated security alerts to millions of projects, has reached a point where some new advisories take weeks to publish.
AVG Mobile Security for iOS helps protect users against online threats with features including Web Guard, VPN, Scam Guardian Pro, Hack Alerts, and Photo Vault. It also identifies suspicious calls and scam text messages and helps keep personal information private while using Wi-Fi networks with its VPN. The app is available for Windows, macOS, Android, and iOS.
OpenClaw, a self-hosted personal AI assistant that connects to existing chat apps, is now available on iPhone, iPad and Apple Watch. The release brings chat, real-time voice conversations, approvals, device capabilities, and private automations to iOS.
Proton has unveiled Lumo 2.0, a major upgrade to its zero-access encrypted AI assistant. Built on a new architecture, the release brings the assistant closer to frontier AI models with new AI models, multimodal capabilities, Memory, improved web search, and enterprise features.
A new Microsoft Teams admin policy, Manage external bots and their access to meetings, gives organizations greater visibility and control over external bots in meetings. The policy identifies bots and applies safeguards before they are admitted. Microsoft will begin retiring the existing Require verification by participants (CAPTCHA) meeting policy.
Anthropic has introduced Claude Sonnet 5, the latest version of its general-purpose AI model, with improved reasoning, coding, tool use, and knowledge work capabilities. The model can make plans, use tools such as browsers and terminals, and complete tasks autonomously.
GitHub’s Open Source Program Office (OSPO) uses the new GitHub License Compliance feature, now in public preview, to manage thousands of open-source dependencies and identify dependencies whose licenses require review.
Hacking gear that once sat in well-funded labs now ships to anyone with a credit card and a video tutorial. Frank Riccardi builds his consumer guide, CTRL+ALT+PWN: The Hacker’s Playbook (And How to Beat It), on that one condition.
Cloudflare introduced new controls that let website owners manage AI traffic across three categories: Search, Agent, and Training. The feature is available to all Cloudflare customers, including those on the Free plan, and gives website owners more control over how different types of AI crawlers access their content.
A suspected Scattered Spider member has been extradited to the United States to face charges linked to cyberattacks against U. S. companies, including the breach of a luxury jewelry retailer that led to an $8 million cryptocurrency ransom demand after attackers stole company data.
Organizations collect more cyber risk data than ever, with many still struggling to build a unified view of their exposure. The latest State of Threat Management report from Filigran found that security teams continue to work across disconnected tools, leaving important context spread across multiple systems.
We’ve scoured the market to bring you a selection of roles that span various skill levels within the cybersecurity field. Check out this weekly selection of cybersecurity jobs available right now.
Here’s a look at the most interesting products from the past week, featuring releases from Digi International, iboss, Jamf, and Netzilo.
(Source: Help Net Security)


