Last week in cybersecurity (8.6 - 14.6): 100+ Oracle breaches, 20 million leaked records, and Meta AI hijacked

In last week in cybersecurity, the global digital landscape suffered catastrophic blows driven by unpatched systems and AI manipulation.

Over 100 organizations were breached via a critical Oracle zero-day, while a 15-year-old hacker stole 20 million records in Vietnam. Simultaneously, threat actors exploited 5 OpenClaw zero-days affecting Microsoft Scout and hijacked high-profile accounts using Meta's AI chatbot, exposing severe vulnerabilities in enterprise infrastructures.

How are domestic networks defending against 20 million data leaks and OceanLotus espionage?

Organizations and individuals in Vietnam are becoming highly lucrative targets for advanced persistent threats (APTs) and opportunistic data brokers, demanding an immediate shift toward rigorous data governance and proactive supply chain defense.

20 million vaccination records stolen by a 15-year-old

A 10th-grade student in Nghe An Province successfully exploited security vulnerabilities in the national immunization information system, harvesting and selling approximately 20 million personal data records. Generating over VND100 million in illicit profits, this massive breach creates a highly dangerous foundation for nationwide phishing and financial fraud campaigns, highlighting the critical need for continuous vulnerability patching in government databases.

OceanLotus targets stock investors

The notorious Vietnam-aligned APT group OceanLotus (APT32) orchestrated a sophisticated supply chain attack by compromising the update system of FireAnt MetaKit, a popular financial tracking platform. By bypassing inadequate authentication mechanisms, the attackers distributed the SPECTRALVIPER backdoor to a select group of stock investors, allowing them to extract sensitive intelligence and establish persistent remote control.

"Cybersecurity wall"

To combat the rising tide of high-tech crimes, Ho Chi Minh City launched the interactive "Cybersecurity Wall" exhibition at Nguyen Hue pedestrian street. This initiative aims to educate the public on identifying online threats and protecting personal data, which is especially crucial as loose online habits could soon violate the strict new data protection regulations taking effect on July 1, 2026.

What global crises are emerging from 100+ Oracle breaches, 400+ malicious packages, and AI hacks?

The massive exploitation of core network zero-days combined with the weaponization of artificial intelligence has drastically undermined enterprise defenses, leaving hundreds of global organizations and open-source repositories compromised.

100+ universities breached via Oracle Zero-Day

The ShinyHunters extortion group weaponized an unpatched zero-day vulnerability (CVE-2026-35273, CVSS 9.8) in Oracle PeopleSoft. By targeting the Environment Management Hub, the attackers bypassed all authentication to execute arbitrary code, successfully breaching over 100 organizations—predominantly US higher education institutions—and leaking hundreds of thousands of highly sensitive student records on the dark web.

Root escalation in Cisco Catalyst SD-WAN

Core networking equipment remains highly vulnerable. Cisco issued an urgent warning regarding an actively exploited zero-day flaw (CVE-2026-20245) in the Catalyst SD-WAN Manager. Attackers with low privileges can upload crafted files to perform command injection, escalating to root access and gaining full control over enterprise network traffic.

Meta AI Chatbot manipulated to hijack accounts

Meta’s automated AI support system was trivially bypassed by hackers using VPNs to impersonate account owners. The AI assistant blindly accepted requests to reset recovery emails without verifying the historical link to the account, allowing cybercriminals to seize control of highly valuable, original-handle (OG) Instagram accounts—including an archive account from the Obama administration.

Google sues Gemini-Powered smishing network

Google has initiated legal action against a Chinese cybercrime network operating the "Outsider" Phishing-as-a-Service (PhaaS) platform. The group weaponized the Gemini AI to automatically generate fraudulent HTML code, distributing massive SMS phishing (smishing) campaigns that defrauded over 100,000 victims of an estimated $1.9 billion.

5 Zero-Days in Microsoft’s OpenClaw AI Gateway

 Just as Microsoft announced the integration of the OpenClaw gateway for its Microsoft Scout AI agent, researchers uncovered five zero-day flaws within the open-source platform. These vulnerabilities allow attackers to manipulate mutable display names on platforms like Slack, Discord, and Teams to impersonate trusted users, effectively hijacking the AI agent to execute malicious shell commands and access internal files.

400+ Arch Linux packages poisoned

The open-source community faced a massive supply chain attack when a threat actor hijacked over 400 packages in the Arch User Repository (AUR). The compromised packages distributed the "atomic-lockfile" npm malware, deploying a Linux eBPF rootkit designed to steal GitHub credentials, SSH artifacts, and Docker tokens from developer workstations.

AI Risks in Supply Chain Management

The growing adoption of AI in supply chain management is facing an alarmingly high failure rate, even at the pilot stage, primarily due to the lack of robust foundational systems. When input data from ERP or WMS platforms is fragmented, inconsistent, or inaccurate ("garbage in"), AI algorithms learn from this poor-quality data and can automatically generate incorrect demand forecasts and inventory decisions at scale, disrupting the entire supply chain.

The intensity of zero-day attacks and the growing risks posed by AI-powered tools over the past week clearly demonstrate that traditional security boundaries have been breached.

To remain resilient in this evolving threat landscape, organizations must move beyond reactive security models and adopt 24/7 monitoring, continuous threat detection, and proactive incident response capabilities. This shift is no longer optional—it is a critical strategy for maintaining control of the digital environment and safeguarding valuable data assets against increasingly sophisticated cyber threats.