Now Playing
PeopleSoft CVE-2026-35273 Exploited, Healthcare Costs Hit $11M & Ransomware at 44%
Audio is available on Spreaker — see link below.
A critical PeopleSoft zero-day with no patch has hit over 100 organizations including the University of Nottingham, while ransomware now accounts for 44% of all data breaches. Today's briefing covers the ShinyHunters campaign, record healthcare breach costs, a North Korean supply chain attack on developers, and Samsung's 45-vulnerability patch.
Audio is available on Spreaker — see link below.
A critical vulnerability in Oracle PeopleSoft has been actively exploited across more than one hundred organizations for two full weeks, and there's still no permanent patch available. That's where we start today.
The University of Nottingham has publicly confirmed it's among the victims. Four hundred fifty-four thousand six hundred student records were taken, spanning personal data, academic records, billing information, and financial aid details.
The healthcare sector is absorbing breach costs at a scale no other industry matches. The average breach now costs eleven point two million dollars in healthcare.
Ransomware is now present in forty-four percent of all data breaches, up from thirty-two percent in the prior year. The signal here is structural.
Away from PeopleSoft, a supply chain campaign with North Korean links is targeting developers directly, before any malicious code ever reaches enterprise infrastructure. The method involves fake LinkedIn recruiter profiles and malicious npm packages with post-install backdoors.
Samsung's June security update, rolling out now under One UI eight point five, patches forty-five vulnerabilities across Galaxy devices. Several involve local privilege escalation exploitable by malicious apps or physical device access.
Two things to track closely from here. First, Oracle's patch timeline for CVE-2026-35273.
Chapter summary auto-generated from the verified script. Listen to the full episode for the complete content.