Cyber Threat Brief

2026-06-13: ShinyHunters exploited Oracle PeopleSoft zero-day CVE-2026-35273 for two weeks

SHOW NOTES - 2026-06-13 STORIES COVERED * Today: * Oracle PeopleSoft Zero-Day Exploited (CVE-2026-35273) [https://www.darkreading.com/vulnerabilities-threats/shinyhunters-oracle-zero-day-higher-ed] [Critical Alerts] * Conti Ransomware Member Pleads Guilty [https://www.bleepingcomputer.com/news/security/ukrainian-national-pleads-guilty-to-role-in-conti-ransomware-operation/] [Ransomware & Extortion] * Global Schools Foundation Ransomware Negotiation Failure [https://databreaches.net/2026/06/12/after-a-massive-hack-global-schools-groups-negotiator-acted-bizarrely-it-didnt-end-well-for-them/?pk_campaign=feed&pk_kwd=after-a-massive-hack-global-schools-groups-negotiator-acted-bizarrely-it-didnt-end-well-for-them] [Ransomware & Extortion] * China-Linked Group Backdoored Linux Login Systems for 9 Years [https://thehackernews.com/2026/06/china-linked-hackers-backdoored-linux.html] [Business & Infrastructure Threats] * Supply-Chain Attack Early Warning Signs on Dark Web [https://www.bleepingcomputer.com/news/security/early-warning-signs-of-supply-chain-attacks-live-in-the-dark-web/] [Business & Infrastructure Threats] * Insider Threat: Iowa School IT Worker Sentenced for Sabotage [https://databreaches.net/2026/06/12/former-saydel-schools-it-worker-sentenced-for-iowa-cyber-sabotage/?pk_campaign=feed&pk_kwd=former-saydel-schools-it-worker-sentenced-for-iowa-cyber-sabotage] [Business & Infrastructure Threats] * Maine Data Breach Portal Disabled After Fake Disclosures [https://www.bleepingcomputer.com/news/security/maine-disables-data-breach-notification-portal-after-fake-disclosures/] [Business & Infrastructure Threats] * KPMG AI Report Demonstrates AI Hallucinations [https://www.theregister.com/ai-and-ml/2026/06/12/kpmgs-ai-report-turns-into-a-demo-of-ai-hallucinations/5255029] [General Security News] * New macOS Tahoe 26 Forensic Artifact Discovered [https://unit42.paloaltonetworks.com/new-macos-artifact-discovered/] [General Security News] * LabCorp Settles AMCA Breach for $35 Million [https://databreaches.net/2026/06/12/labcorp-reaches-35m-settlement-over-american-medical-collection-agency-breach/?pk_campaign=feed&pk_kwd=labcorp-reaches-35m-settlement-over-american-medical-collection-agency-breach] [General Security News] * DOJ: COVID-19 Relief Fraud Arrests [https://www.justice.gov/usao-nv/pr/coordinated-law-enforcement-actions-results-arrests-seven-men-connection-fraudulent] [General Security News] * phpBB Authentication Bypass (10 Years Old) [https://www.bleepingcomputer.com/news/security/phpbb-forum-fixes-auth-bypass-bug-lurking-for-a-decade/] [Vulnerability Disclosures] * Microsoft Security Update Guide CVEs [https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-9076] [Vulnerability Disclosures] CVES REFERENCED CVE-2023-5678, CVE-2024-20399, CVE-2026-34180, CVE-2026-34181, CVE-2026-34182, CVE-2026-34183, CVE-2026-35273, CVE-2026-42764, CVE-2026-42766, CVE-2026-42767, CVE-2026-42768, CVE-2026-42769, CVE-2026-44705, CVE-2026-45445, CVE-2026-45446, CVE-2026-45447, CVE-2026-47162, CVE-2026-47167, CVE-2026-52859, CVE-2026-52860, CVE-2026-7383, CVE-2026-9076 Read the full brief [https://carolinacleartech.com/brief/2026-06-13/]

2026-06-12: CISA gives federal agencies until Sunday to patch an Ivanti Sentry vulnerability already exploited

SHOW NOTES - 2026-06-12 STORIES COVERED * June 12, 2026 * Today: * CISA Orders Ivanti Sentry Patching by June 14 (CVE-2026-10520) [https://www.bleepingcomputer.com/news/security/cisa-gives-feds-3-days-to-patch-ivanti-flaw-exploited-in-attacks/] [Critical Alerts] * ShinyHunters Exploits Oracle PeopleSoft Zero-Day (CVE-2026-35273) [https://thehackernews.com/2026/06/shinyhunters-exploits-oracle-peoplesoft.html] [Critical Alerts] * The Gentlemen Ransomware Claims 478 Victims Since March 2025 [https://thehackernews.com/2026/06/the-gentlemen-ransomware-claims-478.html] [Ransomware & Extortion] * Europol Dismantles AudiA6 Crypto Laundering Service [https://thehackernews.com/2026/06/europol-disrupts-audia6-crypto.html] [Ransomware & Extortion] * AI-Driven Threats Exposing Limits of MSP Security Stacks [https://www.bleepingcomputer.com/news/security/why-ai-driven-threats-are-exposing-the-limits-of-msp-security-stacks/] [Business & Infrastructure Threats] * Hackers Exploit Langflow Vulnerability for Remote Code Execution (CVE-2026-5027) [https://www.securityweek.com/hackers-exploit-langflow-vulnerability-for-remote-code-execution/] [Business & Infrastructure Threats] * LangGraph Flaw Chain Exposes Self-Hosted AI Agents to RCE [https://thehackernews.com/2026/06/langgraph-flaw-chain-exposes-self.html] [Business & Infrastructure Threats] * AI Agent Supply Chains Lack Integrity Verification [https://unit42.paloaltonetworks.com/ai-agent-supply-chain-risks/] [Business & Infrastructure Threats] * OpenClaw AI Agent Vulnerable to Hidden Command Injection and Phishing [https://thehackernews.com/2026/06/new-attacks-trick-openclaw-ai-agent.html] [Business & Infrastructure Threats] * French Government Tchap Messenger Breach Affects 73,000 Employees [https://www.bleepingcomputer.com/news/security/french-govt-says-tchap-breach-affected-over-73-000-accounts/] [Business & Infrastructure Threats] * GreatXML Exploit Bypasses BitLocker via Recovery Partition XML Files (CVE-2026-45585) [https://thehackernews.com/2026/06/new-greatxml-exploit-bypasses-windows.html] [Windows / AD Security] * CISA Issues New Binding Operational Directive 26-04 [https://news.risky.biz/risky-bulletin-in-the-age-of-ai-cisa-changes-federal-patching-rules/] [General Security News] * Alert Fatigue Becoming a Security Threat of Its Own [https://www.securityweek.com/alert-fatigue-is-becoming-a-security-threat-of-its-own/] [General Security News] * OceanLotus Shifts Focus to Domestic Espionage in Vietnam [https://thehackernews.com/2026/06/oceanlotus-hits-vietnam-investors-with.html] [General Security News] * North Korean Famous Chollima Accounts for 47% of Tech Sector Intrusions [https://thehackernews.com/2026/06/threatsday-bulletin-worm-code-leaked-ai.html] [General Security News] * IoT Platform Vulnerabilities Across Multiple Vendors [https://www.cisa.gov/news-events/ics-advisories/icsa-26-162-02] [Vulnerability Disclosures] * Siemens Desigo CC Patch Files Flagged as Malware by Security Engines [https://www.securityweek.com/siemens-says-desigo-cc-files-flagged-as-malware-by-security-engines/] [Vulnerability Disclosures] CVES REFERENCED CVE-2025-67644, CVE-2026-10520, CVE-2026-10557, CVE-2026-27022, CVE-2026-28277, CVE-2026-28742, CVE-2026-35273, CVE-2026-42947, CVE-2026-45585, CVE-2026-50005, CVE-2026-50101, CVE-2026-50108, CVE-2026-50245, CVE-2026-5027, CVE-2026-7368 INDICATORS OF COMPROMISE IP Addresses: 176.120.22.24, 3.2.3.5 Read the full brief [https://carolinacleartech.com/brief/2026-06-12/]

2026-06-11: A new Windows zero-day exploit bypassing Microsoft Defender was released hours after Patch Tuesday

SHOW NOTES - 2026-06-11 STORIES COVERED * Today: * New Windows Zero-Day Exploit 'RoguePlanet' Released [https://www.securityweek.com/new-windows-zero-day-exploit-rogueplanet-released/] [Critical Alerts] * 'GreatXML' Zero-Day Exploit Bypasses BitLocker [https://www.securityweek.com/greatxml-zero-day-exploit-bypasses-bitlocker/] [Critical Alerts] * Microsoft Patches Exchange Server Zero-Day Exploited in Attacks (CVE-2026-42897) [https://www.bleepingcomputer.com/news/microsoft/microsoft-patches-exchange-server-zero-day-exploited-in-attacks/] [Critical Alerts] * CISA Adds Cisco, Chrome, and Arista Flaws to KEV Catalog [https://thehackernews.com/2026/06/cisa-adds-cisco-chrome-and-arista-flaws.html] [Critical Alerts] * Path Traversal Flaw in AI Dev Platform Langflow Exploited in Attacks (CVE-2026-5027) [https://www.bleepingcomputer.com/news/security/path-traversal-flaw-in-ai-dev-platform-langflow-exploited-in-attacks/] [Critical Alerts] * Microsoft Patches Record 206 Flaws, Including Three Zero-Days and Critical RCE Bugs [https://thehackernews.com/2026/06/microsoft-patches-record-206-flaws.html] [Vulnerability Disclosures] * Ivanti, Fortinet, and SAP Release Patches for Multiple Critical Vulnerabilities [https://thehackernews.com/2026/06/ivanti-fortinet-and-sap-release-patches.html] [Vulnerability Disclosures] * Who Runs the Ransomware Group 'The Gentlemen?' [https://krebsonsecurity.com/2026/06/who-runs-the-ransomware-group-the-gentlemen/] [Ransomware & Extortion] * WA: Chelan County Enters Third Week of Disruptions with No Recovery Timeline [https://databreaches.net/2026/06/10/wa-chelan-county-enters-third-week-of-disruptions-with-no-recovery-timeline/?pk_campaign=feed&pk_kwd=wa-chelan-county-enters-third-week-of-disruptions-with-no-recovery-timeline] [Ransomware & Extortion] * Infostealers Turn Millions of Devices Into Credential Theft Machines [https://www.securityweek.com/infostealers-turn-millions-of-devices-into-credential-theft-machines/] [Business & Infrastructure Threats] * Deceptive Installers: How Fake Apps Target macOS [https://www.huntress.com/blog/deceptive-installers-macos-infostealers] [Business & Infrastructure Threats] * GitHub to Disable npm Install Scripts by Default to Stop Supply Chain Attacks [https://thehackernews.com/2026/06/github-to-disable-npm-install-scripts.html] [General Security News] * Microsoft Fixes BitLocker Recovery Bug on Windows Server 2025 [https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-bitlocker-recovery-bug-on-windows-server-2025/] [General Security News] * Microsoft: Some Windows PCs Fail to Install Latest Monthly Updates [https://www.bleepingcomputer.com/news/microsoft/microsoft-some-upgraded-windows-pcs-fail-to-install-monthly-updates/] [General Security News] CVES REFERENCED CVE-2026-10520, CVE-2026-10523, CVE-2026-11645, CVE-2026-20245, CVE-2026-22732, CVE-2026-25089, CVE-2026-27671, CVE-2026-33017, CVE-2026-40128, CVE-2026-42897, CVE-2026-44748, CVE-2026-44815, CVE-2026-45586, CVE-2026-45657, CVE-2026-47291, CVE-2026-49160, CVE-2026-5027, CVE-2026-50507, CVE-2026-7473 Read the full brief [https://carolinacleartech.com/brief/2026-06-11/]

2026-06-10: Microsoft patches 206 vulnerabilities in the largest Patch Tuesday on record

SHOW NOTES - 2026-06-10 STORIES COVERED * Today: * Veeam Backup & Replication RCE (CVE-2026-44963) [https://www.bleepingcomputer.com/news/security/new-veeam-vulnerability-exposes-backup-servers-to-rce-attacks/] [Critical Alerts] * Cisco SD-WAN Zero-Day (CVE-2026-20245) [https://cyberscoop.com/cisco-sdwan-zero-day-vulnerability-exploited-cve202620245/] [Critical Alerts] * Check Point VPN RCE (CVE-2026-50751) [https://databreaches.net/2026/06/09/cisa-gives-feds-3-days-to-patch-check-point-vpn-bug-exploited-as-zero-day/] [Critical Alerts] * Chrome V8 Zero-Day (CVE-2026-11645) [https://thehackernews.com/2026/06/chrome-v8-zero-day-cve-2026-11645.html] [Critical Alerts] * Microsoft June 2026 Patch Tuesday (206 Vulnerabilities) [https://www.bleepingcomputer.com/news/microsoft/microsoft-june-2026-patch-tuesday-fixes-3-zero-day-200-flaws/] [Windows / AD Security] * Microsoft Defender RoguePlanet Zero-Day [https://www.bleepingcomputer.com/news/microsoft/microsoft-defender-rogueplanet-zero-day-grants-system-privileges/] [Windows / AD Security] * Microsoft Exchange Ghost-Sender Spoofing [https://www.darkreading.com/vulnerabilities-threats/exchange-flaw-attackers-spoof-email-address] [Windows / AD Security] * Windows 10 KB5094127 Extended Security Update [https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-windows-10-kb5094127-extended-security-update/] [Windows / AD Security] * Windows 11 KB5094126 & KB5093998 Updates [https://www.bleepingcomputer.com/news/microsoft/windows-11-kb5094126-and-kb5093998-cumulative-updates-released/] [Windows / AD Security] * Microsoft AI Activity Investigation Playbook [https://www.microsoft.com/en-us/security/blog/2026/06/09/reconstructing-ai-activity-investigations/] [Windows / AD Security] * WinRAR Exploitation in Ukraine [https://thehackernews.com/2026/06/winrar-flaw-exploited-by-russia-aligned.html] [Business & Infrastructure Threats] * GitHub/Microsoft Repository Compromise (Miasma/Shai-Hulud) [https://www.bleepingcomputer.com/news/security/github-disables-microsoft-repos-pushing-password-stealing-malware/] [Business & Infrastructure Threats] * Hades PyPI Attack (37 Malicious Packages) [https://thehackernews.com/2026/06/hades-pypi-attack-19-packages-poisoned.html] [Business & Infrastructure Threats] * CISA KEV Additions (June 9) [https://www.cisa.gov/news-events/alerts/2026/06/09/cisa-adds-three-known-exploited-vulnerabilities-catalog] [Vulnerability Disclosures] * ICS Patch Tuesday [https://www.securityweek.com/ics-patch-tuesday-vulnerabilities-fixed-by-siemens-schneider-phoenix-contact/] [Vulnerability Disclosures] CVES REFERENCED CVE-2025-15467, CVE-2025-40946, CVE-2025-8088, CVE-2026-11645, CVE-2026-20127, CVE-2026-20182, CVE-2026-20245, CVE-2026-2441, CVE-2026-26142, CVE-2026-32193, CVE-2026-3909, CVE-2026-3910, CVE-2026-41108, CVE-2026-41125, CVE-2026-42985, CVE-2026-42987, CVE-2026-44803, CVE-2026-44812, CVE-2026-44815, CVE-2026-44963, CVE-2026-45467, CVE-2026-45469, CVE-2026-45485, CVE-2026-45586, CVE-2026-45602, CVE-2026-45607, CVE-2026-45641, CVE-2026-45648, CVE-2026-45657, CVE-2026-47288, CVE-2026-47291, CVE-2026-47292, CVE-2026-47652, CVE-2026-48574, CVE-2026-49160, CVE-2026-50507, CVE-2026-50508, CVE-2026-50751, CVE-2026-5281, CVE-2026-7473 Read the full brief [https://carolinacleartech.com/brief/2026-06-10/]

2026-06-09: Check Point VPN users have three days to patch CVE-2026-50751

SHOW NOTES - 2026-06-09 STORIES COVERED * June 9, 2026 * Today: * Check Point VPN Zero-Day Exploited by Qilin Ransomware (CVE-2026-50751) [https://www.bleepingcomputer.com/news/security/cisa-orders-feds-to-patch-check-point-flaw-exploited-by-ransomware-gangs/] [Critical Alerts] * Gogs RCE Zero-Day Affects Default Configurations [https://www.bleepingcomputer.com/news/security/gogs-patches-critical-zero-day-enabling-remote-code-execution/] [Critical Alerts] * Google Patches Fifth Chrome Zero-Day of 2026 (CVE-2026-11645) [https://www.bleepingcomputer.com/news/security/google-patches-fifth-chrome-zero-day-bug-exploited-in-attacks-this-year/] [Critical Alerts] * LiteLLM RCE Exploited in the Wild (CVE-2026-42271) [https://thehackernews.com/2026/06/litellm-flaw-cve-2026-42271-exploited.html] [Critical Alerts] * TeamPCP Supply Chain Campaign Continues with Hades PyPI Variant [https://isc.sans.edu/diary/rss/33060] [Critical Alerts] * Silent Ransom Group Uses DNS Fast Flux in Attacks [https://www.securityweek.com/silent-ransom-group-uses-dns-fast-flux-in-attacks/] [Ransomware & Extortion] * Ransomware Closes Illinois High Schools [https://www.theregister.com/cyber-crime/2026/06/08/ransomware-attack-shuts-illinois-high-school-until-wednesday/5252322] [Ransomware & Extortion] * Qilin NHS Breach Tally Grows [https://www.theregister.com/cyber-crime/2026/06/09/qilin-nhs-breach-tally-grows-as-essex-trust-confirms-stolen-records/5252663] [Ransomware & Extortion] * Microsoft Teams Phishing Campaigns Bypass Email Defenses [https://unit42.paloaltonetworks.com/microsoft-teams-phishing/] [Business & Infrastructure Threats] * AI Brands Used as Social Engineering Lures [https://www.microsoft.com/en-us/security/blog/2026/06/08/ai-brands-as-bait-how-threat-actors-are-using-the-ai-hype-in-social-engineering/] [Business & Infrastructure Threats] * NSO Group Spyware Campaigns Defy Court Injunction [https://www.bleepingcomputer.com/news/security/whatsapp-says-it-disrupted-new-nso-spyware-phishing-attacks/] [Business & Infrastructure Threats] * Linux Kernel One-Character Flaw Enables Local Root (CVE-2026-23111) [https://thehackernews.com/2026/06/one-character-linux-kernel-flaw-enables.html] [Vulnerability Disclosures] * Android Framework Privilege Escalation Under Exploitation (CVE-2025-48595) [https://thehackernews.com/2026/06/weekly-recap-instagram-account-hacks.html] [Vulnerability Disclosures] * Multiple MSRC CVE Publications [https://msrc.microsoft.com/update-guide/] [Vulnerability Disclosures] * Instagram Recovery Tool Bug Exposed 20,225 Accounts [https://databreaches.net/2026/06/08/instagram-recovery-tool-bug-exposed-20225-accounts-to-password-reset-abuse/?pk_campaign=feed&pk_kwd=instagram-recovery-tool-bug-exposed-20225-accounts-to-password-reset-abuse] [Vulnerability Disclosures] * Apple Announces AI-Powered Automatic Password Fixer [https://www.bleepingcomputer.com/news/apple/new-apple-feature-automatically-changes-your-compromised-passwords/] [General Security News] CVES REFERENCED CVE-2024-39930, CVE-2024-39932, CVE-2024-39933, CVE-2025-48595, CVE-2025-8110, CVE-2026-10879, CVE-2026-11463, CVE-2026-11645, CVE-2026-23111, CVE-2026-2441, CVE-2026-26194, CVE-2026-35429, CVE-2026-3909, CVE-2026-3910, CVE-2026-40930, CVE-2026-42208, CVE-2026-42271, CVE-2026-45321, CVE-2026-46250, CVE-2026-46272, CVE-2026-48027, CVE-2026-48710, CVE-2026-49975, CVE-2026-50031, CVE-2026-50256, CVE-2026-50260, CVE-2026-50262, CVE-2026-50292, CVE-2026-50751, CVE-2026-50752, CVE-2026-5281 INDICATORS OF COMPROMISE Domains: ep6pheij[.]com, business-data-leaks[.]com., business-data-leaks[.]com, grupoconstat[.]bitrix24, com[.]br, ikhwancast[.]com, ghazacast[.]com, fr24cast[.]com., fr24cast[.]com Read the full brief [https://carolinacleartech.com/brief/2026-06-09/]