Cybersecurity Radar — 2026-06-30

🔴 Critical Alerts

Oracle E-Business Suite RCE Exploited in the Wild (CVE-2026-46817) Attackers are actively exploiting a critical vulnerability in Oracle E-Business Suite that permits remote, unauthenticated attackers to compromise Oracle Payments systems. The flaw enables complete takeover of vulnerable installations. Affected organizations must patch immediately; this is not theoretical — active attacks are ongoing.

libssh2 Pre-Authentication RCE (CVE-2026-55200) A public proof-of-concept exploit for libssh2 CVE-2026-55200 is now available, enabling pre-authentication remote code execution via crafted SSH packets. Organizations using libssh2 in production systems should assume compromise is possible and patch urgently.

Threat Landscape

The Gentlemen Ransomware: 483 Victims, Then Hacked (2026) The Gentlemen ransomware gang, which operated with a lucrative 90% affiliate commission cut, claimed 483 victims before the group itself was compromised and hacked. Internal data was leaked, exposing the group's operations and victim list. The incident underscores growing volatility within ransomware-as-a-service ecosystems.

Polymarket Supply Chain Attack via Frontend Vendor Polymarket, a major cryptocurrency prediction market, confirmed a supply chain attack after a third-party frontend vendor was breached. Threat actors leveraged the vendor compromise to inject malicious code affecting Polymarket users. The attack highlights the widening attack surface created by external dependencies.

Mustang Panda Deployment Detected Threat intelligence reports indicate Mustang Panda APT activity associated with recent exploit deployments targeting SSH infrastructure globally.

1 sources

tech-insider.org

tech-insider.org

Vulnerabilities & Patches

Microsoft June 2026 Patch Tuesday: 206 Flaws, 6 Zero-Days Microsoft released fixes for 206 vulnerabilities, including 39 Critical-severity flaws and 6 zero-day vulnerabilities, three of which were publicly disclosed before patches became available. This represents one of the largest monthly patch releases on record.

Chrome V8 Zero-Day CVE-2026-11645 Exploited Google released updates for 74 Chrome vulnerabilities, including CVE-2026-11645, a high-severity V8 out-of-bounds memory access flaw actively exploited in the wild. Users should apply the patch immediately.

Lantronix EDS5000 Critical Flaw Under Active Attack CISA warns that a critical vulnerability in Lantronix EDS5000 devices is being actively exploited. Concurrent with this exploitation, 4,100+ brute-force attempts were detected between January 28 and June 6, 2026, targeting Lantronix and OpenWRT LuCI credentials, indicating coordinated reconnaissance.

Breaches & Incidents

Aflac Japan Data Breach Confirmed (June 25 Incident) Aflac Japan disclosed that unauthorized parties accessed its systems between June 15–25, 2026. The subsidiary has restricted affected systems and engaged external cybersecurity experts. Sensitive customer information was exposed, though the full scope remains under investigation.

2026 Cybercrime Economics: $20.9B US Losses, 1M+ Affected Year-to-date data breach statistics show US cybercrime losses reached a record $20.9B, with over 1 million individuals affected. Ransomware now powers 44% of all breaches, and attackers increasingly favor credential-based access over network exploitation—a shift signaling more sophisticated targeting and dwell-time operations.

Industry & Policy

Anonymous Researcher Releases Zero-Day Exploitarium Repository An anonymous researcher has published a repository containing multiple zero-day exploits, with at least two already under active attack. The disclosure bypassed traditional vulnerability coordination channels and represents an escalation in exploit availability to threat actors.

OpenAI Restricts GPT-5.6 Sol Access Amid Cybersecurity Concerns OpenAI has implemented restricted access for GPT-5.6 Sol, limiting rollout to authorized partners. The U.S. government previously permitted Anthropic to release Mythos AI to approximately 100 trusted companies and federal agencies supporting critical infrastructure defense, signaling regulatory caution around dual-use AI capabilities.

What to Watch

• Oracle EBS patch deployment window closes: Organizations still running unpatched Oracle E-Business Suite installations are under active attack; assume compromise if patching has not been completed.
• Credential-based compromise trend accelerating: With 44% of breaches now powered by stolen credentials rather than exploits, enterprise identity hygiene and MFA enforcement are becoming first-line defenses.
• Supply chain attack expansion: Third-party vendor compromises (Polymarket, Klue precedent) indicate attackers are systematically targeting SaaS and cloud service dependencies; vendor security assessments require urgent refresh.

Reader Action Items

1. Patch Oracle E-Business Suite CVE-2026-46817 immediately — this is under active exploitation with public PoCs available. Verify patch status across all instances within 48 hours.

2. Audit and enforce SSH security — libssh2 CVE-2026-55200 enables unauthenticated RCE; scan infrastructure for exposed SSH services, disable weak authentication methods, and review access logs for reconnaissance activity (brute-force attempts, port scanning).

3. Activate credential-focused monitoring — Given that 44% of 2026 breaches used stolen credentials, deploy MFA across all critical systems, monitor for anomalous login patterns, and review privileged access management (PAM) policies for compliance.