Originally reported by Security Affairs, The Record
TL;DR
Oracle released emergency patches for a critical unauthenticated RCE vulnerability in Identity Manager (CVE-2026-21992, CVSS 9.8). Meanwhile, a US soldier received sentencing for helping North Korean IT workers infiltrate companies using stolen identities, highlighting ongoing DPRK revenue generation tactics.
Oracle Identity Manager RCE vulnerability with CVSS 9.8 allowing unauthenticated remote code execution represents critical infrastructure risk requiring immediate patching.
Oracle released emergency security updates addressing CVE-2026-21992, a critical vulnerability with a CVSS score of 9.8 affecting Oracle Identity Manager and Web Services Manager. The flaw enables unauthenticated remote code execution over HTTP, allowing attackers to completely compromise affected systems without prior authentication.
The vulnerability represents a significant risk to enterprise identity management infrastructure, as Oracle Identity Manager is widely deployed for user provisioning, authentication, and access control across corporate environments. Organizations running affected versions should prioritize immediate patching given the unauthenticated nature of the exploit.
Oracle's advisory indicates the vulnerability affects multiple product versions, though specific version details were not provided in available reporting. The company has made patches available through standard support channels.
A US military servicemember received sentencing for facilitating North Korean IT workers' infiltration of American companies through identity theft schemes. The soldier pleaded guilty to allowing DPRK operatives to use his personal information, including identity documents, during job application processes that involved interviews, background checks, drug testing, and fingerprint verification.
This case illustrates the sophisticated methods North Korean state actors employ to generate revenue while evading sanctions. The scheme allowed DPRK IT workers to secure legitimate employment at US companies, potentially providing both financial resources and access to sensitive corporate systems and data.
The operation reflects broader patterns of North Korean state-sponsored activity focused on cryptocurrency theft, ransomware deployment, and sanctions evasion through various cyber and non-cyber methods. US authorities have repeatedly warned about DPRK IT worker infiltration attempts across multiple industry sectors.
International law enforcement conducted Operation Alice, dismantling what authorities describe as one of the largest dark web scam networks, comprising over 373,000 fraudulent sites. The operation targeted a network that created fake sites designed to deceive users seeking illegal child sexual abuse material.
The takedown represents a significant disruption to dark web criminal infrastructure, though the operation's classification as targeting "scam" sites suggests the primary criminal activity involved fraud rather than actual content distribution. Law enforcement agencies from multiple countries participated in the coordinated action.
While the operation removes a substantial criminal network from the dark web ecosystem, the scale of fake sites identified underscores the ongoing challenge of policing decentralized criminal infrastructure across international jurisdictions.
Originally reported by Security Affairs, The Record