Global IoT Botnet Disruption: Major DDoS Threat Mitigated — Krebs on Security

Authorities in the U.S., Canada, and Germany have dismantled the infrastructure of IoT botnets responsible for record-breaking 31.4 Tbps DDoS attacks. These botnets, comprising millions of infected devices, posed significant risks to internet infrastructure and services. Security teams should review IoT device configurations and apply network segmentation to mitigate such threats.

Emergency Patch for Oracle Identity Manager RCE Flaw — BleepingComputer

Oracle has issued an emergency update to address a critical remote code execution vulnerability in Oracle Identity Manager (CVE-2026-33017). This unauthenticated flaw allows attackers to execute arbitrary code on affected systems. Organizations using Oracle's Fusion Middleware should prioritize applying the patch to protect against potential exploitation.

• FBI links Signal phishing attacks to Russian intelligence services [BleepingComputer]
• Widely used Trivy scanner compromised in ongoing supply-chain attack [Ars Technica Security]
• Trivy Security Scanner GitHub Actions Breached, 75 Tags Hijacked to Steal CI/CD Secrets [The Hacker News]
• Magento PolyShell Flaw Enables Unauthenticated Uploads, RCE and Account Takeover [The Hacker News]
• Microsoft: March Windows updates break Teams, OneDrive sign-ins [BleepingComputer]