Threat Digest: Morning Briefing
-
Oracle CVE-2026-21992: Critical remote code execution flaw in Oracle identity systems allows unauthenticated internet access to execute arbitrary code, compromising login infrastructure.
-
Firmware Malware in Budget Android Devices: Low-cost Android phones ship from factories pre-infected with firmware-level malware, enabling supply chain attacks on millions of devices.
-
GenAI Adoption in Government: 82% of state/territorial CIOs report daily employee use of generative AI tools (up from 53% last year); prompt injection vulnerabilities now prevalent in workflows.
-
EngageLab SDK Vulnerability: Flaw in push notification SDK exposes 50M Android devices, including 30M crypto wallets, to unauthorized access by malicious apps (Microsoft analysis).
-
Shadow AI Risks: Unauthorized AI tool usage by employees leaks sensitive data (e.g., contracts) to external clouds, bypassing IT oversight in enterprises.
-
Exposed Gemini API Keys: Hardcoded Google Gemini keys in popular Android apps risk data access for 500M users, escalating from deprecated Maps key exposures.
-
Iranian Targeting of US ICS: Attackers have enumerated 3,900 US PLCs controlling critical infrastructure (pumps, substations, wastewater), accessible via Verizon/AT&T networks.
-
Adobe Reader Zero-Day: Undetected exploit in PDFs enables data exfiltration and system takeover; active for months, confirmed by independent researcher.
(248 words)
