Cyber Threat Brief

2026-06-16: Cisco patches its eighth SD-WAN zero-day of the year

SHOW NOTES - 2026-06-16 STORIES COVERED * June 16, 2026 * Today: * Cisco Catalyst SD-WAN Manager Arbitrary File Write (CVE-2026-20262) [https://thehackernews.com/2026/06/cisco-releases-security-updates-for.html] [Critical Alerts] * Google Chrome V8 Zero-Day (CVE-2026-11645) [https://thehackernews.com/2026/06/weekly-recap-chrome-0-day-unifi.html] [Critical Alerts] * Oracle PeopleSoft Zero-Day Exploited by ShinyHunters (CVE-2026-35273) [https://thehackernews.com/2026/06/weekly-recap-chrome-0-day-unifi.html] [Critical Alerts] * LiteSpeed cPanel Plugin Privilege Escalation (CVE-2026-54420) [https://thehackernews.com/2026/06/cisa-flags-litespeed-cpanel-plugin-flaw.html] [Critical Alerts] * Mackay Sugar Ransomware Attack Shuts Down Mills [https://www.securityweek.com/ransomware-attack-shuts-down-mills-of-australias-second-largest-sugar-producer/] [Ransomware & Extortion] * FulcrumSec Leaks Novo Nordisk Data After $25M Demand Goes Unpaid [https://databreaches.net/2026/06/15/scoop-fulcrumsec-leaks-novo-nordisk-data-after-25m-demand-goes-unpaid/] [Ransomware & Extortion] * Conti Ransomware Developer Pleads Guilty [https://www.securityweek.com/ukrainian-man-pleads-guilty-in-us-to-conti-ransomware-charges/] [Ransomware & Extortion] * Microsoft 365 Copilot SearchLeak Vulnerability (CVE-2026-42824) [https://thehackernews.com/2026/06/one-click-microsoft-365-copilot-flaw.html] [General Security News] * 1,500+ Arch Linux Packages Compromised With Malware [https://thehackernews.com/2026/06/weekly-recap-chrome-0-day-unifi.html] [General Security News] * FBI Takes Down Outsider PhaaS Enterprise [https://thehackernews.com/2026/06/weekly-recap-chrome-0-day-unifi.html] [General Security News] * ShinyHunters Claims Council of Europe Hack [https://www.bleepingcomputer.com/news/security/council-of-europe-investigates-shinyhunters-data-breach-claims/] [General Security News] * North Korean Hackers Target Developers With Malicious Tools [https://thehackernews.com/2026/06/north-korean-hackers-are-turning.html] [General Security News] * Chinese APT UNC6508 Targets US Medical and Academic Research [https://cloud.google.com/blog/topics/threat-intelligence/prc-targets-us-medical-research/] [General Security News] * Jaguar Land Rover Ordered 30,000 Staff Password Resets After Cyberattack [https://databreaches.net/2026/06/15/jlr-ordered-30000-staff-to-reset-passwords-in-person-after-cyberattack/] [General Security News] * VHDX File Delivers Remcos RAT [https://isc.sans.edu/diary/rss/33080] [Vulnerability Disclosures] * Linux-PAM Timing Attack (CVE-2026-54411) [https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-54411] [Vulnerability Disclosures] * Microsoft Edge Chromium CVE Batch [https://msrc.microsoft.com/update-guide/] [Vulnerability Disclosures] CVES REFERENCED CVE-2026-11640, CVE-2026-11645, CVE-2026-11662, CVE-2026-11668, CVE-2026-11677, CVE-2026-11684, CVE-2026-11685, CVE-2026-11688, CVE-2026-11693, CVE-2026-12010, CVE-2026-12012, CVE-2026-12016, CVE-2026-12019, CVE-2026-20262, CVE-2026-2441, CVE-2026-35273, CVE-2026-3909, CVE-2026-3910, CVE-2026-42824, CVE-2026-5281, CVE-2026-54411, CVE-2026-54420 INDICATORS OF COMPROMISE IP Addresses: 20.9.9.2, 20.12.7.2, 20.15.4.5, 20.15.5.3, 20.18.3.1, 26.1.1.2, 5.3.2.0 Read the full brief [https://carolinacleartech.com/brief/2026-06-16/]

2026-06-15: Palo Alto GlobalProtect VPN suffers active exploitation with CISA KEV deadline passed

SHOW NOTES - 2026-06-15 STORIES COVERED * Today: [June 15, 2026] * Palo Alto PAN-OS GlobalProtect VPN Authentication Bypass (CVE-2026-0257) [https://thehackernews.com/2026/06/palo-alto-warns-of-active-exploitation.html] [Critical Alerts] * Arch Linux Supply Chain Attack Hijacks 1,900+ AUR Packages [https://news.risky.biz/risky-bulletin-arch-linux-supply-chain-attack-spreads-to-1-900-aur-packages/] [Critical Alerts] * FBI Dismantles Chinese Phishing-as-a-Service Platform (Outsider Enterprise) [https://www.bleepingcomputer.com/news/security/fbi-disrupts-massive-ai-powered-phishing-service-using-a-million-urls/] [Business & Infrastructure Threats] * WordPress Plugin Supply Chain Attack (Awesome Motive) [https://news.risky.biz/risky-bulletin-arch-linux-supply-chain-attack-spreads-to-1-900-aur-packages/] [Business & Infrastructure Threats] * Maine Attorney General Disables Data Breach Portal Due to Fake Submissions [https://news.risky.biz/risky-bulletin-arch-linux-supply-chain-attack-spreads-to-1-900-aur-packages/] [Business & Infrastructure Threats] * Sniper Dz Phishing-as-a-Service Platform Targets MENA Region [https://thehackernews.com/2026/06/sniper-dz-scams-target-mena-users-via.html] [General Security News] * Hotel Chain Data Breach (BWH Hotels) [https://databreaches.net/2026/06/14/uk-hotel-guests-issued-urgent-check-alert-as-personal-details-stolen-from-major-chain/?pk_campaign=feed&pk_kwd=uk-hotel-guests-issued-urgent-check-alert-as-personal-details-stolen-from-major-chain] [General Security News] * Novo Nordisk Clinical Trial Patient Data Breach [https://databreaches.net/2026/06/14/novo-nordisk-reports-data-breach-tells-clinical-trial-patients-to-remain-vigilant/?pk_campaign=feed&pk_kwd=novo-nordisk-reports-data-breach-tells-clinical-trial-patients-to-remain-vigilant] [General Security News] * ShinyHunters Lists New Victims [https://news.risky.biz/risky-bulletin-arch-linux-supply-chain-attack-spreads-to-1-900-aur-packages/] [General Security News] * CVE-2026-11526 (Perl GD Library Command Injection) [https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11526] [Vulnerability Disclosures] CVES REFERENCED CVE-2026-0257, CVE-2026-11526 INDICATORS OF COMPROMISE IP Addresses: 23.128.228.6, 104.207.144.154, 146.19.216.119, 146.19.216.120, 146.19.216.125, 179.43.172.213, 185.195.232.139, 198.12.106.60, 202.144.192.47 Read the full brief [https://carolinacleartech.com/brief/2026-06-15/]

2026-06-14: Anthropic disabled its two most advanced AI models after a US government export control order over

SHOW NOTES - 2026-06-14 STORIES COVERED * Today: * Microsoft patches failed to fix on-prem SharePoint, which is now under zero-day attack [https://www.theregister.com/Security/Microsoft-patches-failed-to-fix-on-prem-SharePoint-which-is-now-under-zero-day-attack] [Critical Alerts] * Critical Splunk Enterprise Flaw Lets Attackers Run Code Without Authentication (CVE-2026-20253) [https://thehackernews.com/2026/06/critical-splunk-enterprise-flaw-lets.html] [Business & Infrastructure Threats] * Chinese hackers hijack auth flow, spy on isolated network for a decade [https://www.bleepingcomputer.com/news/security/chinese-hackers-hijack-auth-flow-spy-on-isolated-network-for-a-decade/] [Business & Infrastructure Threats] * Ex-school district employee jailed for hacks on former employer [https://www.bleepingcomputer.com/news/security/ex-school-district-employee-jailed-for-hacks-on-former-employer/] [Business & Infrastructure Threats] * NPM 12 Will Change Script Execution Behavior to Prevent Supply Chain Attacks [https://www.securityweek.com/npm-12-will-change-script-execution-behavior-to-prevent-supply-chain-attacks/] [Business & Infrastructure Threats] * US Gov asks Anthropic to ban 'foreign national' access to Fable, Mythos [https://www.bleepingcomputer.com/news/security/us-gov-asks-anthropic-to-ban-foreign-national-access-to-fable-mythos/] [General Security News] * Russians are posing as Signal support to launch phishing attacks [https://www.theregister.com/Security/Russians-are-posing-as-Signal-support-to-launch-phishing-attacks] [General Security News] * Google fires sueball at alleged Chinese phishers over AI-powered fraud ops [https://www.theregister.com/security/Google-fires-sueball-at-alleged-Chinese-phishers-over-AI-powered-fraud-ops] [General Security News] * DEF CON Franklin project enlists hackers to harden critical infrastructure [https://www.theregister.com/Black-Hat-and-DEF-CON/DEF-CON-Franklin-project-enlists-hackers-to-harden-critical-infrastructure] [General Security News] * Ten years since the first corp ransomware, Mikko Hyppönen sees no end in sight [https://www.theregister.com/Malware-Month/Ten-years-since-the-first-corp-ransomware-Mikko-Hyppönen-sees-no-end-in-sight] [General Security News] * EQT buys majority share in Swiss cybersecurity biz Acronis [https://www.theregister.com/Security/EQT-buys-majority-share-in-Swiss-cybersecurity-biz-Acronis] [General Security News] * South Korea Hands Coupang a Record-Breaking $409 Million Data Privacy Fine [https://databreaches.net/2026/06/13/south-korea-hands-coupang-a-record-breaking-409-million-data-privacy-fine/] [General Security News] CVES REFERENCED CVE-2026-20253 Read the full brief [https://carolinacleartech.com/brief/2026-06-14/]

2026-06-13: ShinyHunters exploited Oracle PeopleSoft zero-day CVE-2026-35273 for two weeks

SHOW NOTES - 2026-06-13 STORIES COVERED * Today: * Oracle PeopleSoft Zero-Day Exploited (CVE-2026-35273) [https://www.darkreading.com/vulnerabilities-threats/shinyhunters-oracle-zero-day-higher-ed] [Critical Alerts] * Conti Ransomware Member Pleads Guilty [https://www.bleepingcomputer.com/news/security/ukrainian-national-pleads-guilty-to-role-in-conti-ransomware-operation/] [Ransomware & Extortion] * Global Schools Foundation Ransomware Negotiation Failure [https://databreaches.net/2026/06/12/after-a-massive-hack-global-schools-groups-negotiator-acted-bizarrely-it-didnt-end-well-for-them/?pk_campaign=feed&pk_kwd=after-a-massive-hack-global-schools-groups-negotiator-acted-bizarrely-it-didnt-end-well-for-them] [Ransomware & Extortion] * China-Linked Group Backdoored Linux Login Systems for 9 Years [https://thehackernews.com/2026/06/china-linked-hackers-backdoored-linux.html] [Business & Infrastructure Threats] * Supply-Chain Attack Early Warning Signs on Dark Web [https://www.bleepingcomputer.com/news/security/early-warning-signs-of-supply-chain-attacks-live-in-the-dark-web/] [Business & Infrastructure Threats] * Insider Threat: Iowa School IT Worker Sentenced for Sabotage [https://databreaches.net/2026/06/12/former-saydel-schools-it-worker-sentenced-for-iowa-cyber-sabotage/?pk_campaign=feed&pk_kwd=former-saydel-schools-it-worker-sentenced-for-iowa-cyber-sabotage] [Business & Infrastructure Threats] * Maine Data Breach Portal Disabled After Fake Disclosures [https://www.bleepingcomputer.com/news/security/maine-disables-data-breach-notification-portal-after-fake-disclosures/] [Business & Infrastructure Threats] * KPMG AI Report Demonstrates AI Hallucinations [https://www.theregister.com/ai-and-ml/2026/06/12/kpmgs-ai-report-turns-into-a-demo-of-ai-hallucinations/5255029] [General Security News] * New macOS Tahoe 26 Forensic Artifact Discovered [https://unit42.paloaltonetworks.com/new-macos-artifact-discovered/] [General Security News] * LabCorp Settles AMCA Breach for $35 Million [https://databreaches.net/2026/06/12/labcorp-reaches-35m-settlement-over-american-medical-collection-agency-breach/?pk_campaign=feed&pk_kwd=labcorp-reaches-35m-settlement-over-american-medical-collection-agency-breach] [General Security News] * DOJ: COVID-19 Relief Fraud Arrests [https://www.justice.gov/usao-nv/pr/coordinated-law-enforcement-actions-results-arrests-seven-men-connection-fraudulent] [General Security News] * phpBB Authentication Bypass (10 Years Old) [https://www.bleepingcomputer.com/news/security/phpbb-forum-fixes-auth-bypass-bug-lurking-for-a-decade/] [Vulnerability Disclosures] * Microsoft Security Update Guide CVEs [https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-9076] [Vulnerability Disclosures] CVES REFERENCED CVE-2023-5678, CVE-2024-20399, CVE-2026-34180, CVE-2026-34181, CVE-2026-34182, CVE-2026-34183, CVE-2026-35273, CVE-2026-42764, CVE-2026-42766, CVE-2026-42767, CVE-2026-42768, CVE-2026-42769, CVE-2026-44705, CVE-2026-45445, CVE-2026-45446, CVE-2026-45447, CVE-2026-47162, CVE-2026-47167, CVE-2026-52859, CVE-2026-52860, CVE-2026-7383, CVE-2026-9076 Read the full brief [https://carolinacleartech.com/brief/2026-06-13/]

2026-06-12: CISA gives federal agencies until Sunday to patch an Ivanti Sentry vulnerability already exploited

SHOW NOTES - 2026-06-12 STORIES COVERED * June 12, 2026 * Today: * CISA Orders Ivanti Sentry Patching by June 14 (CVE-2026-10520) [https://www.bleepingcomputer.com/news/security/cisa-gives-feds-3-days-to-patch-ivanti-flaw-exploited-in-attacks/] [Critical Alerts] * ShinyHunters Exploits Oracle PeopleSoft Zero-Day (CVE-2026-35273) [https://thehackernews.com/2026/06/shinyhunters-exploits-oracle-peoplesoft.html] [Critical Alerts] * The Gentlemen Ransomware Claims 478 Victims Since March 2025 [https://thehackernews.com/2026/06/the-gentlemen-ransomware-claims-478.html] [Ransomware & Extortion] * Europol Dismantles AudiA6 Crypto Laundering Service [https://thehackernews.com/2026/06/europol-disrupts-audia6-crypto.html] [Ransomware & Extortion] * AI-Driven Threats Exposing Limits of MSP Security Stacks [https://www.bleepingcomputer.com/news/security/why-ai-driven-threats-are-exposing-the-limits-of-msp-security-stacks/] [Business & Infrastructure Threats] * Hackers Exploit Langflow Vulnerability for Remote Code Execution (CVE-2026-5027) [https://www.securityweek.com/hackers-exploit-langflow-vulnerability-for-remote-code-execution/] [Business & Infrastructure Threats] * LangGraph Flaw Chain Exposes Self-Hosted AI Agents to RCE [https://thehackernews.com/2026/06/langgraph-flaw-chain-exposes-self.html] [Business & Infrastructure Threats] * AI Agent Supply Chains Lack Integrity Verification [https://unit42.paloaltonetworks.com/ai-agent-supply-chain-risks/] [Business & Infrastructure Threats] * OpenClaw AI Agent Vulnerable to Hidden Command Injection and Phishing [https://thehackernews.com/2026/06/new-attacks-trick-openclaw-ai-agent.html] [Business & Infrastructure Threats] * French Government Tchap Messenger Breach Affects 73,000 Employees [https://www.bleepingcomputer.com/news/security/french-govt-says-tchap-breach-affected-over-73-000-accounts/] [Business & Infrastructure Threats] * GreatXML Exploit Bypasses BitLocker via Recovery Partition XML Files (CVE-2026-45585) [https://thehackernews.com/2026/06/new-greatxml-exploit-bypasses-windows.html] [Windows / AD Security] * CISA Issues New Binding Operational Directive 26-04 [https://news.risky.biz/risky-bulletin-in-the-age-of-ai-cisa-changes-federal-patching-rules/] [General Security News] * Alert Fatigue Becoming a Security Threat of Its Own [https://www.securityweek.com/alert-fatigue-is-becoming-a-security-threat-of-its-own/] [General Security News] * OceanLotus Shifts Focus to Domestic Espionage in Vietnam [https://thehackernews.com/2026/06/oceanlotus-hits-vietnam-investors-with.html] [General Security News] * North Korean Famous Chollima Accounts for 47% of Tech Sector Intrusions [https://thehackernews.com/2026/06/threatsday-bulletin-worm-code-leaked-ai.html] [General Security News] * IoT Platform Vulnerabilities Across Multiple Vendors [https://www.cisa.gov/news-events/ics-advisories/icsa-26-162-02] [Vulnerability Disclosures] * Siemens Desigo CC Patch Files Flagged as Malware by Security Engines [https://www.securityweek.com/siemens-says-desigo-cc-files-flagged-as-malware-by-security-engines/] [Vulnerability Disclosures] CVES REFERENCED CVE-2025-67644, CVE-2026-10520, CVE-2026-10557, CVE-2026-27022, CVE-2026-28277, CVE-2026-28742, CVE-2026-35273, CVE-2026-42947, CVE-2026-45585, CVE-2026-50005, CVE-2026-50101, CVE-2026-50108, CVE-2026-50245, CVE-2026-5027, CVE-2026-7368 INDICATORS OF COMPROMISE IP Addresses: 176.120.22.24, 3.2.3.5 Read the full brief [https://carolinacleartech.com/brief/2026-06-12/]