The Canadian Centre for Cyber Security published a daily advisory digest on 2026-06-29 containing 8 security advisories covering Ubuntu, Red Hat, CISA ICS, Dell, IBM, Microsoft Edge, Oracle, and Apple products. The most critical item is Oracle CVE-2026-46817, which open-source reporting indicates is being actively exploited, affecting Oracle Database Server, E-Business Suite, Communications Unified Assurance, Hospitality OPERA 5, and REST Data Services. Organizations should prioritize patching Oracle products and review all applicable advisories for their environment.
AI Attacked and Abused While Perimeter Authentication Collapses
The month's defining shift was the emergence of AI as a two-sided battlefield: organizations deployed AI tools faster than they secured them, while attackers weaponized the same technology against defenders. Critical flaws in LangGraph allowed SQL injection chained to remote code execution, M365 Copilot could be turned into a one-click data exfiltration weapon via SearchLeak, and Langflow was exploited to deploy cryptominers. Meanwhile, the ongoing Shai-Hulud campaign injected prompts to blind AI malware scanners, macOS.Gaslight turned prompt injection against human analysts, and Russia's APT28 began experimenting with LLM-integrated malware. At the same time, perimeter authentication collapsed at scale: FortiBleed exposed credentials for over 73,000 FortiGate firewalls, CVE-2026-50751 let attackers bypass Check Point VPN authentication entirely, and ShinyHunters exploited an Oracle PeopleSoft zero-day across over 100 organizations.
Supply chain attackers followed developers to their new AI tools, compromising the ecosystems where code is written and built. The Shai-Hulud/Miasma worm expanded from npm into PyPI and injected persistent backdoors into AI coding assistant configurations, while North Korea's Sapphire Sleet compromised over 140 Mastra npm packages to steal cryptocurrency wallets, and the ongoing GlassWorm campaign pivoted to WebAssembly malware in VS Code extensions using the Solana blockchain as command-and-control. Social engineering also industrialized: the ErrTraffic framework turned ClickFix deception into a Malware-as-a-Service operation with blockchain dead drops, and EvilTokens hid phishing flows inside browser-side encryption to defeat network scanners while hijacking Microsoft device-code authentication.
Organizations should treat AI deployments as untrusted perimeter assets—restrict their network access, audit third-party skills and extensions, and assume prompt-injection attacks will target both automated scanners and human analysts. Every internet-facing VPN, firewall, and edge appliance should be patched immediately, with credentials rotated and phishing-resistant MFA enforced, because perimeter authentication failures now cascade directly into internal network compromise.
The Canadian Centre for Cyber Security released a daily digest highlighting critical security updates from Oracle, JetBrains, and Microsoft. The advisories cover Oracle's June 2026 quarterly rollup affecting numerous enterprise products, a vulnerability in JetBrains GoLand, and an Elevation of Privilege flaw in the Microsoft Malware Protection Engine (CVE-2026-50656).
The Canadian Centre for Cyber Security issued a daily digest highlighting two critical security advisories. Notably, Oracle PeopleSoft Enterprise PeopleTools is affected by CVE-2026-35273, a critical vulnerability currently being exploited in the wild, while GitLab has released patches for multiple versions of its Community and Enterprise Editions.
The Canadian Centre for Cyber Security issued a daily digest highlighting recent security updates from Microsoft and Oracle. The advisories cover vulnerabilities in Microsoft Edge and critical flaws across several Oracle enterprise products, urging administrators to apply the latest patches to prevent potential exploitation.
Oracle has disclosed a critical, unauthenticated remote code execution vulnerability (CVE-2026-21992, CVSS 9.8) affecting Oracle Identity Manager and Oracle Web Services Manager. The flaw allows attackers to gain network access via HTTP due to a lack of network-level authentication, though no active exploitation has been observed yet.
The Canadian Centre for Cyber Security issued an advisory regarding a critical vulnerability (CVE-2026-21992) affecting Oracle Identity Manager and Oracle Web Services Manager. Organizations utilizing these products are advised to review Oracle's security alerts and apply necessary patches or mitigations.