Cyber Security News
ShinyHunters Turns an Oracle PeopleSoft Zero-Day Into the Year's Worst Breach Campaign
ShinyHunters exploited CVE-2026-35273, a pre-authentication PeopleSoft flaw reachable with a single unauthenticated HTTP request, to claim compromise of more than 300 HR and finance instances across 100 plus organizations in roughly two weeks. The same crew is simultaneously running parallel extortion against American Tower (216,601 records published), the NAIC insurance regulator (3.1TB claimed), and Instructure's Canvas LMS, which reportedly paid. A wormable, unauthenticated RCE in a back-office backbone gives one actor mass-scale reach across every internet-exposed instance.
Why it matters: A single pre-auth zero-day in a ubiquitous enterprise platform converts perimeter exposure into compromise until proven otherwise, and ShinyHunters is industrializing that leverage across multiple verticals at once.
Sources: tech-insider.org | TechRadar
One OAuth Token, a Hundred Security Firms: The Klue Salesforce Cascade
Attackers operating as Icarus used a forgotten legacy credential to breach competitive-intelligence platform Klue on June 11 to 12, harvested OAuth tokens for customers' Salesforce integrations, and bulk-exfiltrated CRM data from LastPass, HackerOne, Snyk, Huntress, Recorded Future, BeyondTrust and others in roughly 15 minutes. Salesforce disabled the Klue integration June 17; LastPass confirmed exposed support-case data while stressing vaults were untouched. In a twist, the stolen dataset was then stolen from Icarus by a second crew now extorting victims directly. Why it matters: OAuth tokens are skeleton keys that bypass MFA and password resets, and the second-crew resale proves "pay to delete" is meaningless once data circulates; SaaS-to-SaaS trust is now the supply chain's single most dangerous point of failure.
Sources: SecurityWeek | The Next Web
Tata Electronics Breach Leaks Apple and Tesla Trade Secrets via the Supplier
World Leaks published over 200,000 files (more than 630GB) allegedly stolen from Tata Electronics, the Indian contract manufacturer that assembles roughly a third of India's iPhones, reportedly including iPhone circuit-board inspection standards and Tesla Model 3 design drawings. Tata confirmed the incident, restricted remote access to purchase-order systems, and launched a forensic audit; Apple is reportedly investigating. File-index analysis indicates the trove is overwhelmingly an Apple dataset. Why it matters: Attackers reached two of the most hardened brands on earth without touching either network, confirming that tier-one contract manufacturers are the soft underbelly of the hardware supply chain.
Sources: BleepingComputer | Cybernews
Cisco Catalyst SD-WAN Zero-Day Held Root for Two Months Before Disclosure
Mandiant reconstructed an intrusion in which a threat actor used a single malicious CSV upload to gain root on Cisco Catalyst SD-WAN Manager via CVE-2026-20245, exploiting it nearly two months before Cisco's June 4 disclosure after first compromising an admin account at a communications service provider. Cisco is concurrently patching CVE-2026-20230, an unauthenticated SSRF in Unified Communications Manager now exploited to drop webshells. SD-WAN logged its seventh zero-day of 2026. Why it matters: Root on the SD-WAN management plane is a master key to routing, segmentation and traffic interception across every downstream site, and KEV listing is a trailing indicator when adversaries have already held the box for 60 days.
Sources: Google Cloud Blog | BleepingComputer
CISA Sets a Three-Day Patch Deadline on Check Point VPN Tied to Qilin
CISA issued an urgent directive mandating remediation of a Check Point Security Gateway VPN authentication bypass (CVE-2026-50751) within three days, with reporting linking active exploitation to Qilin ransomware staging. The IKEv1 flaw lets an unauthenticated attacker establish a remote-access VPN connection without a valid password, collapsing the perimeter the gateway is supposed to provide. Why it matters: A compressed federal deadline tied to a named ransomware operation confirms edge VPN appliances remain the ransomware ecosystem's preferred initial-access foothold, and patch speed is decisive.
Sources: pacificice.org | IndexFire
FortiBleed Exposes a 430,000-Firewall Access-Broker Operation
SOCRadar attributed the FortiBleed campaign to a financially motivated Russian initial access broker harvesting credentials from more than 430,000 FortiGate firewalls and over 110 million credentials since at least February 2026, using a custom Golang tool, FortigateSniffer, that turns compromised firewalls into password collectors. Researchers confirmed exfiltration from a NATO-aligned defense contractor; the operation is now assessed as multi-vendor, with a separate exposed server functioning as a "product catalog" of valid logins. Why it matters: Pre-validated firewall logins at this scale collapse the initial-access phase for any ransomware affiliate or espionage actor who buys them, making edge-credential compromise a wholesale commodity.
Sources: SecurityWeek | Security Affairs
North Korea Weaponizes the AI Developer Supply Chain on npm
DPRK's Sapphire Sleet compromised the npm maintainer account "ehindero" and poisoned 141 packages in the @mastra AI-agent framework (≈8M weekly downloads) within 45 minutes, injecting a dayjs typosquat with a malicious postinstall hook that targeted browser histories and 166 crypto-wallet extensions. In the same window, Microsoft's "Miasma" report detailed a self-propagating npm worm poisoning 20 plus package versions across the Leo Platform and RStreams ecosystems, harvesting developer secrets to pivot to the next maintainer. Why it matters: Two well-resourced actors converged on npm in one week, and poisoning AI-agent frameworks backdoors everything built downstream, turning every CI/CD pipeline running npm install into a distribution node.
Sources: SecurityWeek | The Register
ShinyHunters Breached Madison Square Garden With a Single Phone Call
On June 5 (the day the Knicks won their first title in 53 years), ShinyHunters vished a low-level MSG employee, then exfiltrated more than 45GB of data, later posting roughly 26 million records including facial-recognition dossiers and Knicks "talent" data. 404 Media's review corroborated that the intrusion began with one phone call, no CVE required. Why it matters: Human-targeted vishing remains the cheapest, most reliable initial access, and the leak of non-revocable biometric records pushes extortion stakes beyond financial fraud into permanent identity exposure.
Sources: 404 Media | The CyberSec Guru
Logitech Confirms Clop Extortion Tied to Zero-Day Exploitation
Swiss peripherals maker Logitech confirmed a significant data breach after the Clop gang attempted extortion, with the incident again tied to Clop's signature mass-exploitation of an enterprise-software zero-day rather than affiliate intrusion. Clop steals and threatens to leak rather than encrypt. Why it matters: A Clop attribution is a signal to hunt for an underlying mass-exploited CVE across edge software, because Logitech is almost certainly one name in a broader exploitation wave, not an isolated target.
Sources: terryscotttaylor.com
Carnival Notifies Nearly 6 Million After Breach
Carnival Corporation began notifying close to 6 million consumers that a breach exposed their personal information, one of the larger consumer-data exposures of the week by raw victim count. Early notifications surfaced no clear initial-access vector. Why it matters: A six million record PII pool is durable raw material for downstream phishing, account takeover and identity fraud, and the open question for peers is whether a shared third-party processor is involved.
Sources: TMC Insight | sherlocked.org
Velvet Ant Owned an "Air-Gapped" Network for a Decade
Sygnia's "Operation Highland" investigation details how China-nexus group Velvet Ant (UNC3886) maintained access to a critical-infrastructure network from 2016 through 2026 without ever crossing the air gap directly. Instead it compromised the mechanism that validates legitimate crossings and operated from inside undetected for roughly ten years. Why it matters: Owning the validation layer is functionally equivalent to crossing the gap and far stealthier; any IR scoping that assumes a recent intrusion window starts from a false premise.
Sources: Duggan USA
Lazarus Fields a Memory-Only RAT and Hits Bitrefill
North Korea's Lazarus group deployed RemotePE, a fileless, human-operated RAT delivered via a three-stage DPAPILoader/RemotePELoader chain that abuses the Windows Data Protection API to unpack later stages and leave little on disk. The same actor is suspected behind a breach at crypto-payments firm Bitrefill exposing roughly 18,500 purchase records. Why it matters: A memory-resident implant defeats disk-based forensics and file-scanning AV, signaling Lazarus pairing financial missions with tradecraft engineered specifically to evade post-incident analysis.
Salt Typhoon Infiltrated US Congressional Email
China-linked operators in the Salt Typhoon campaign reportedly infiltrated email systems used by US House congressional staff, compromising communications of powerful committees, per a Financial Times report characterizing the activity as an extensive Chinese state intelligence operation. Why it matters: Targeting committee communications is high-value strategic collection at the heart of US legislative bodies, consistent with Salt Typhoon's pattern of penetrating US government and telecom infrastructure.
Sources: nygospelministries.org
Operation Endgame Dismantles the StealC and Amadey Assembly Line
A coordinated international action, described as the largest operation against ransomware infrastructure, dismantled the StealC and Amadey networks and shut down 200 plus C2 servers, with Microsoft's Digital Crimes Unit pairing AI analysis with a racketeering suit to link the two operations. The malware families serve as initial-access and loader infrastructure feeding downstream ransomware. Why it matters: Striking the loader/stealer layer rather than the payload targets the access-broker supply line that feeds multiple gangs at once, though disrupted actors typically re-tool and migrate within weeks.
Sources: The Record | Ars Technica
AI News
OpenAI Ships the GPT-5.6 Family Behind a Government Access Gate
OpenAI previewed GPT-5.6 on June 26, split into Sol (flagship), Terra (a mid-tier reportedly matching GPT-5.5 at half the cost) and Luna (fast, low-cost), with Sol priced at $5/$30 per million tokens and adding Max and Ultra reasoning modes. For the first time, a major American frontier model launched not publicly but to roughly 20 organizations individually vetted by federal officials, with broader access promised "in the coming weeks." Why it matters: Day-one government gating of a commercial model is unprecedented in the US and inverts the administration's prior hands-off posture, decoupling a model's existence from its distribution.
Sources: Axios | The Economic Times
Washington Suspends, Then Partially Restores, Anthropic's Mythos 5
Two weeks after the Commerce Department suspended Anthropic's strongest cybersecurity-capable models over fears they could reach adversary military-intelligence users, the Trump administration approved a limited release of Claude Mythos 5 to more than 100 trusted US organizations, with reporting indicating Fable 5 is close to restoration. The reversal landed the same day OpenAI gated GPT-5.6 to ~20 vetted orgs. Why it matters: The federal government is now suspending and selectively reinstating specific frontier models with named officials deciding access, and Anthropic's ~5x larger allowance hints at a discretionary, case-by-case regime rather than a uniform standard.
Federal Cybersecurity Review Becomes the New Release Bottleneck
Two federal offices asked OpenAI to approve customers one by one before broad release, citing cyber and safety concerns under a Trump administration executive order. Analysts including Dean Ball argue the nominally "voluntary" order has become a de facto involuntary licensing regime, turning ad-hoc government requests into a repeatable pre-clearance gate. Why it matters: Access to top-tier models is now a function of organizational vetting status rather than budget or API signup, and the US is effectively handling frontier cyber capability with export control style oversight.
Sources: BankInfoSecurity | Hyperdimensional
Google Throttles Meta's Gemini Access Over Compute Scarcity
Google limited Meta's use of Gemini models after Meta sought more capacity than Alphabet could supply, telling Meta around March it could not meet the full request, a shortfall that disrupted some Meta AI projects; other Google clients were reportedly affected too. Why it matters: This is a rare concrete signal that compute supply, not model quality, is the binding constraint at the frontier even for a company Meta's size, and that hyperscalers prioritize internal workloads when capacity tightens.
Sources: AOL/Reuters
Claude Code Reportedly Triples Anthropic's Engineering Output
Anthropic told its growth team to hire more product managers, not fewer, after Claude Code reportedly turned its engineering org into a team shipping at roughly three times its headcount, moving the constraint from writing code to deciding what to build. Why it matters: Sourced from a lab's own org decisions rather than a benchmark, it suggests the scarce skill becomes specification and prioritization, a concrete preview of how agentic tools reshape org charts.
Sources: VentureBeat
Anthropic Accuses Alibaba of 28.8 Million Fraudulent Exchanges Against Claude
Anthropic formally accused Alibaba of running 28.8 million fraudulent exchanges against Claude, framing a deliberate, industrial-scale adversarial campaign against a deployed frontier model by a rival lab's parent, though the intent (benchmark gaming, distillation or capability probing) was not detailed. Why it matters: When labs report being attacked tens of millions of times, the competitive frontier now includes active extraction and manipulation at scale, and the case for gated releases gets easier to make.
Sources: Build Fast with AI
Google DeepMind Bleeds Senior Researchers to Anthropic and OpenAI
A wave of senior departures hit Google, including Gemini co-lead and "Attention Is All You Need" co-author Noam Shazeer to OpenAI and AlphaFold lead John Jumper to Anthropic, with reporting counting multiple Gemini-team exits in a single week as Google delayed Gemini 3.5 Pro to July. Why it matters: Talent flow is a leading indicator of where frontier capability concentrates, and researchers flowing toward Anthropic and OpenAI reinforces two-pole gravity even as the product surface looks multi-polar.
Sources: TechCrunch | Search Engine Journal
OpenAI and Broadcom Tape Out "Jalapeño," a Custom Inference Chip
OpenAI and Broadcom unveiled Jalapeño, OpenAI's first custom inference processor built for LLM serving, taken from design to tape-out in nine months, with early samples running GPT-5.3-Codex-Spark showing substantially better performance per watt than current state of the art. Why it matters: Owning inference silicon attacks the recurring cost of serving models at scale and reduces Nvidia dependence, the watts per token math that determines whether high-context agentic workloads are affordable.
Google Bakes Computer Use Natively Into Gemini 3.5 Flash
Google integrated "Computer Use" directly into Gemini 3.5 Flash, its fastest and cheapest tier, letting the model see and operate browsers, mobile and desktop screens, posting a 78.4% OSWorld score at Flash-tier pricing. Why it matters: Folding agentic control into the commodity tier rather than a premium model changes the unit economics of automation and pressures the ~$35B RPA industry, contrasting sharply with rivals gating their most capable agents.
Sources: The Decoder
Anthropic Turns @Claude Into an Always-On Slack Teammate
Anthropic launched Claude Tag, replacing its older Slack app with a persistent agent that joins an org's workspace as a team member, listens to and learns from granted channels, and can be delegated multi-step work or jump in proactively. Anthropic says it already writes 65% of the code on the team building it. Why it matters: This is a shift from chatbot you invoke to coworker that persists, landing precisely in the collaboration surfaces where companies have the least monitoring of what an autonomous agent does.
Sources: VentureBeat | The Register
AI Becomes Offensive Tooling: APT45's AI-Written Zero-Day and an EDR-Bypass Toolkit
Google's GTIG confirmed the first documented case of a nation-state actor, North Korea's APT45, using AI to author a working zero-day (a 2FA bypass in a widely deployed open-source web app) and deploy it in a live intrusion. Separately, Sophos X-Ops documented a lab using Claude Opus 4.5 to generate a ransomware toolkit that evaded every tested EDR and automated Active Directory discovery. Why it matters: AI-assisted exploit generation has crossed from theory to in-the-wild operations, lowering the skill floor for EDR-evasive malware and compressing the window between code publication and exploitation.
Sources: AI Security Wire | Decryption Digest
macOS.Gaslight Turns Prompt Injection on the Analyst
SentinelLabs detailed macOS.Gaslight, a DPRK-linked Rust implant that embeds 38 fabricated "system messages" designed to trick LLM-based malware triage into aborting analysis, while running a gated Python credential/crypto stealer with Telegram C2 beneath the deception layer. Why it matters: Rather than evading the sandbox, the malware attacks the analyst's AI tooling itself, an early example of adversaries weaponizing the LLM triage pipelines SOCs increasingly depend on.
Governance Gates Tighten While the EU Loosens
EO 14319 ("Preventing Woke AI in the Federal Government") takes effect July 1, directing agencies to avoid ideologically biased AI, opening a second federal screen alongside the security-driven access reviews. Meanwhile the EU's Digital Omnibus delayed high-risk AI Act obligations to December 2027, even as Article 50 transparency rules still bind August 2, 2026 with fines up to €15M or 3% of global revenue. Why it matters: Vendors selling into government now face simultaneous security and ideological screens at home, while the transatlantic divergence forces multinationals to build to the EU's stricter, dated standard regardless of headquarters.
Sources: AI Governance Institute | Bruno Digital
Enterprises Deploy Agents Far Faster Than They Govern Them
Industry data finds 72% of Global 2000 companies now run AI agent systems beyond experimental testing, while only 14% have governance frameworks for autonomous AI, against an agentic market projected at $139B by 2034. Tooling matured in parallel, with Vercel shipping AI SDK 7 (durable WorkflowAgents, unified telemetry) at 16M weekly downloads. Why it matters: A roughly five to one gap between adoption and oversight means autonomous agents are entering production faster than the controls to supervise them, mirroring the capability-governance gap visible at the federal level.
Sources: iSYNCSO | AI Insiders
Active Exploitation Watchlist + Notable CVEs
| CVE | Product | Severity | Status | Action |
|---|---|---|---|---|
| CVE-2026-34908 | Ubiquiti UniFi OS (access control) | CVSS 10.0 Critical | Actively Exploited | Patch Now |
| CVE-2026-20253 | Splunk Enterprise / Cloud (auth bypass) | CVSS 9.8 Critical | Actively Exploited | Patch Now |
| CVE-2026-45247 | Magento Mirasvit Cache Warmer | CVSS 9.8 Critical | Actively Exploited | Patch Now |
| CVE-2026-12569 | PTC Windchill PDMLink / FlexPLM | CVSS 9.3 Critical | Actively Exploited | Patch Now |
| CVE-2026-35273 | Oracle PeopleSoft PeopleTools | N/A Critical (unauth takeover) | Actively Exploited | Patch Now |
| CVE-2026-42271 | BerriAI LiteLLM AI gateway | N/A Critical (unauth RCE) | Actively Exploited | Patch Now |
| CVE-2026-50751 | Check Point Security Gateway VPN | N/A Critical (auth bypass) | Actively Exploited | Patch Now |
| CVE-2026-10520 | Ivanti Sentry | N/A Critical (unauth root RCE) | Actively Exploited | Patch Now |
| CVE-2025-34291 | Langflow AI workflow framework | N/A Critical | Actively Exploited | Patch Now |
| CVE-2025-67038 | Lantronix EDS5000 (OT serial gateway) | N/A Critical (code injection) | Actively Exploited | Patch Now |
| CVE-2026-48907 | Joomla Content Editor (Widget Factory) | N/A Critical (unauth PHP exec) | Actively Exploited | Patch Now |
| CVE-2024-21182 | Oracle WebLogic (T3/IIOP) | N/A Critical (unauth) | Actively Exploited | Patch Now |
| CVE-2026-0257 | Palo Alto GlobalProtect | CVSS 7.8 High (auth bypass) | Actively Exploited | Patch Now |
| CVE-2026-20245 | Cisco Catalyst SD-WAN Manager | N/A High (root priv esc) | Actively Exploited | Patch Now |
| CVE-2026-20230 | Cisco Unified CM / SME | N/A High (unauth SSRF) | Actively Exploited | Patch Now |
| CVE-2026-34926 | Trend Micro Apex One | N/A High (directory traversal) | Actively Exploited | Patch Now |
| CVE-2026-34909 | Ubiquiti UniFi OS (path traversal) | N/A High | Actively Exploited | Patch Now |
| CVE-2026-34910 | Ubiquiti UniFi OS (input validation) | N/A High | Actively Exploited | Patch Now |
| CVE-2026-54420 | cPanel / LiteSpeed plugin | N/A High (root priv esc) | Actively Exploited | Patch Now |
| CVE-2026-11645 | Google Chrome V8 | N/A High | Actively Exploited | Patch Now |
| CVE-2026-7473 | Arista EOS | N/A High | Actively Exploited | Patch Now |
| CVE-2025-38352 | Android / Linux kernel ("Chronomaly" UAF) | N/A High | Actively Exploited | Patch Now |
| CVE-2025-48595 | Android Framework (integer overflow) | N/A High (priv esc) | Actively Exploited | Patch Now |
| CVE-2022-0492 | Linux kernel cgroups v1 release_agent | N/A High (container escape) | Actively Exploited | Mitigate |
| CVE-2026-31431 | B&R industrial controllers ("Copy Fail") | N/A High (local priv esc) | Actively Exploited | Patch Now |
| CVE-2026-9082 | Drupal Core (SQL injection) | CVSS 6.5 Medium | Actively Exploited | Patch Now |
| CVE-2026-28318 | SolarWinds Serv-U (DoS) | N/A Medium | Actively Exploited | Monitor |
The Edge
Look at what the U.S. government chose to control this week, and what it could not. It suspended and re-licensed model weights (Mythos 5, Fable 5, GPT-5.6) as if frontier capability were enriched uranium, deciding org by org who gets Sol and who waits until July. Meanwhile, every breach that actually landed walked in through plumbing nobody is licensing: an OAuth token from a forgotten Klue integration that emptied a hundred security firms' Salesforce tenants; a poisoned npm maintainer account that backdoored 141 AI-framework packages in 45 minutes; a contract manufacturer in Tamil Nadu that handed over Apple and Tesla trade secrets; 430,000 FortiGate firewalls turned into a wholesale credential catalog. The state is guarding the model. Attackers are taking the token.
The uncomfortable part is that the gate is already irrelevant to the threat it was built for. GTIG confirmed APT45 used AI to write and deploy a working zero-day, and Sophos watched a commodity Claude model spin up an EDR-evasive ransomware toolkit. Offensive AI capability did not wait for a Commerce Department license: it was operational before the licensing regime existed. Citizenship-gated weights slow lawful enterprise access and sovereign-AI ambitions abroad; they do nothing to a DPRK operator who needs an open-source model and a few hours. We are building export controls around the one input adversaries can most easily substitute.
If you defend a network, the watchlist tells you where the war is actually fought, and it is not the model layer. It is the SD-WAN controller that held root for two months before a CVE existed, the Splunk SIEM that an unauthenticated attacker can blind, the Check Point gateway with a three-day fuse, the Langflow and LiteLLM AI-infrastructure boxes now showing up in KEV next to Drupal and Joomla. The perimeter is the integration mesh: every dormant OAuth grant, every standing service credential, every vendor that aggregates your crown jewels. Inventory those before you inventory your model providers.
So watch the second half of 2026 for two diverging curves. Governance will keep escalating at the weights layer (more EOs, more case-by-case approvals, an EU transparency deadline in August, ideological screens stacked on security screens), producing a compliance apparatus that is legible, dated, and aimed at the wrong target. And the breaches will keep arriving through trust relationships that no one has to clear with anyone: the token, the package, the supplier, the edge appliance. The labs that win access fastest and the defenders who treat their integration surface as their real attack surface will be fine. Everyone optimizing for the gate is fighting the last threat model.