New Cybersecurity Threats Target BitLocker, Ivanti, Oracle, and Mac Systems

On June 12, 2026, the SANS Internet Storm Center reported a new attack by the threat actor 'Nightmare Eclipse' targeting BitLocker encryption on Windows systems. The attack exploits Windows Defender’s unattended virus scan feature, which unlocks BitLocker partitions during a reboot into the Windows Recovery Environment if a malicious XML file is placed on the root partition. Ivanti released patches for two critical vulnerabilities in Ivanti Sentry, including an unauthenticated OS command injection flaw (CVSS 10) actively exploited in the wild, and an authentication bypass (CVSS 9.9), with CISA recommending mutual TLS as a mitigation. Oracle issued an emergency security alert for a remote code execution vulnerability in PeopleSoft PeopleTools and Enterprise applications, already exploited by the ShinyHunters group. Huntress published findings on Mac malware trends, noting attackers frequently distribute malicious DMG files that install malware alongside benign applications, with basic countermeasures including disabling automatic DMG mounting. The video also referenced upcoming SANS training events, including a July 2026 session in Washington, D.C.