Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Counter Threat Unit (CTU) researchers continue to investigate trends in Contagious Interview campaign activity conducted by NICKEL ALLEY, a threat group operating on behalf of the North Korean government. The group notoriously targets professionals in the technology sector by advertising fake job opportunities, deceiving prospective candidates through a fake job interview process, and ultimately delivering malware.

On March 20, 2026, Oracle disclosed a critical (CVSS score of 9.8) vulnerability (CVE-2026-21992) impacting two Oracle Fusion Middleware components: Oracle Identity Manager and Oracle Web Services Manager. An unauthenticated attacker could exploit the vulnerability to obtain network access via HTTP and remotely execute code. Critical functions of the products are exposed due to the lack of network-level authentication. As of this publication, there are no reports of active exploitation.