The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent alert regarding the active exploitation of a critical vulnerability in Oracle PeopleSoft Enterprise PeopleTools, identified as CVE-2026-35273. This vulnerability, categorized as CWE-306 (Missing Authentication for Critical Function), allows unauthenticated attackers to gain full control of vulnerable PeopleSoft environments. According to CISA, this flaw […]

The post CISA Issues Alert on Oracle PeopleSoft Vulnerability Exploited by Ransomware Groups appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Fortra has reported a critical command injection vulnerability in its Core Privileged Access Manager (BoKS) platform, which could allow remote attackers to execute arbitrary commands with elevated privileges. This could potentially lead to a full system compromise. Tracked as CVE-2026-9862 and assigned a CVSS v3.1 score of 9.8, the flaw exists in the boks_autoregisterd service, […]

The post Fortra Access Manager Security Flaw Exposes Systems to Command Injection appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

A critical security vulnerability tracked as CVE-2026-49468 has been disclosed in the LiteLLM framework, exposing deployments to authentication bypass attacks via Host header injection. The issue, published in the GitHub Advisory Database and classified under GHSA-4xpc-pv4p-pm3w, affects all LiteLLM versions before 1.84.0 and has been assigned a critical severity rating due to its potential impact […]

The post Critical LiteLLM Flaw Allows Authentication Bypass via Host Header Injection appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.