TECHZONE™

Critical Splunk Enterprise Flaw Lets Attackers Run Code Without Authentication https://thehackernews.com/2026/06/critical-splunk-enterprise-flaw-lets.html Splunk has released security updates to address a critical security flaw in Splunk Enterprise that could be exploited to conduct unauthenticated file operations and even remote code execution. The vulnerability, tracked as CVE-2026-20253, is rated 9.8 on the CVSS scoring system. "In Splunk Enterprise versions below 10.2.4 and 10.0.7, an unauthenticated user could create or truncate arbitrary

U.S. Orders Anthropic to Suspend Fable 5 and Mythos 5 Access for Foreign Nationals https://thehackernews.com/2026/06/us-orders-anthropic-to-suspend-fable-5.html Anthropic said on Friday it will "abruptly disable" its most advanced artificial intelligence (AI) models, Claude Fable 5 and Mythos 5, for all users after the U.S. government ordered it to suspend access to the models for foreign nationals, whether inside or outside the U.S., citing national security concerns. The AI company said it received an order at 5:21 p.m. ET, instructing it to suspend

Over 400 Arch Linux AUR Packages Hijacked to Deploy Infostealer and eBPF Rootkit https://thehackernews.com/2026/06/over-400-arch-linux-aur-packages.html Attackers took over more than 400 packages in the Arch User Repository (AUR) this week and rewrote their build scripts to install a credential stealer on any machine that built them. The malware is a Rust binary built to harvest developer secrets. When it lands with root, it can also load an eBPF rootkit to hide itself. The AUR is Arch Linux's community package collection, and it is separate

Google Sues Chinese Smishing Network Accused of Using Gemini AI in Phishing https://thehackernews.com/2026/06/google-sues-chinese-smishing-network.html Google on Friday said it's pursuing legal action against a Chinese cybercrime network, accusing it of using its Gemini artificial intelligence (AI) agent to send phishing text messages targeting Americans. The network is said to be behind the development and management of a phishing-as-a-service (PhaaS) software kit called Outsider, per the tech giant. "The operation weaponized Gemini to help

China-Linked Hackers Backdoored Linux Login Software to Hide for Nearly a Decade https://thehackernews.com/2026/06/china-linked-hackers-backdoored-linux.html Instead of hiding on the laptops and servers defenders watch most closely, a China-nexus group spent close to a decade hidden inside the Linux login system itself. Sygnia, which tracks the group as Velvet Ant, says it backdoored the PAM and OpenSSH components that decide who is allowed to sign in, planting its access where ordinary cleanup could not reach it. The network it targeted had no

Agentjacking Attack Tricks AI Coding Agents Into Running Malicious Code https://thehackernews.com/2026/06/agentjacking-attack-tricks-ai-coding.html Cybersecurity researchers have described what they say is a new class of attack that can trick artificial intelligence (AI) coding agents into running arbitrary code on developer machines. Called Agentjacking by Tenet Security, the attack can be triggered by means of a fake error report crafted using Sentry, an open-source error-tracking and performance-monitoring platform. "The attack

Rethinking MDR as Attackers and Defenders Embrace AI https://thehackernews.com/2026/06/rethinking-mdr-as-attackers-and.html For most of the past decade, managed detection and response was the answer to a real problem. Security teams couldn't staff around the clock, couldn't hire enough analysts, and needed someone else to handle the alert queue. MDR stepped in. It worked well enough. Until now. The threat landscape has changed faster than the MDR model can adapt. Attackers are using AI to move faster, generate more

LangGraph Flaw Chain Exposes Self-Hosted AI Agents to Remote Code Execution https://thehackernews.com/2026/06/langgraph-flaw-chain-exposes-self.html Cybersecurity researchers have disclosed details of three now-patched security flaws impacting LangGraph, including a critical vulnerability chain that could result in remote code execution. LangGraph is an open-source framework created by LangChain to build complex, stateful, and multi-agent artificial intelligence (AI) agentic applications. "An SQL injection in LangGraph's function could

INTERPOL Operation Takes Down Sniper Dz Phishing Platform, Arrests Administrator https://thehackernews.com/2026/06/interpol-takes-down-sniper-dz-phishing.html An INTERPOL-led operation last month resulted in the disruption of Sniper Dz, a decade-long phishing-as-a-service (PhaaS) platform, Group-IB said Thursday. The effort, codenamed Operation Ramz, took place between October 2025 and February 2026, and saw authorities from 13 countries in the Middle East and North Africa (MENA) region making 201 arrests. Included among them was Guedz, the primary

Europol Disrupts AudiA6 Crypto Laundering Service Used by Ransomware Gangs https://thehackernews.com/2026/06/europol-disrupts-audia6-crypto.html Authorities in Europe have disrupted AudiA6, a cryptocurrency laundering service used by ransomware gangs and cybercriminal networks. Europol, in a statement issued Thursday, said the dismantling of AudiA6 cut off a "key financial pipeline used to wash hundreds of millions in illicit profits." The service is estimated to have been used to launder more than €336 million (~$389 million) since the

OceanLotus: From external espionage to domestic targeting https://www.welivesecurity.com/en/eset-research/oceanlotus-external-espionage-domestic-targeting/ A shift in operational pattern of the infamous Vietnam-aligned APT group

ShinyHunters Exploits Oracle PeopleSoft Zero-Day (CVE-2026-35273) to Breach Universities https://thehackernews.com/2026/06/shinyhunters-exploits-oracle-peoplesoft.html The ShinyHunters extortion crew exploited an unpatched flaw in Oracle PeopleSoft to break into enterprise systems, steal data, and demand payment to keep it private. The campaign hit universities hardest. Google's Mandiant attributes it to the group it tracks as UNC6240, and dates the activity between May 27 and June 9. Oracle did not publish its advisory until June 10, so the bug was a

AI Broke Vulnerability Management. That's Why CISOs Are Moving Budget to BAS. https://thehackernews.com/2026/06/ai-broke-vulnerability-management-thats.html For thirty years, vulnerability management ran on a buffer: the months between when a vulnerability was found and when someone could figure out how to weaponize it. The solution was straightforward enough; triage by severity, schedule the fix, validate, and move on. The buffer was what made that work. Today, that buffer is gone. AI didn't make your team slower. It changed the other side of the

OceanLotus Hits Vietnam Investors With SPECTRALVIPER in FireAnt Attack https://thehackernews.com/2026/06/oceanlotus-hits-vietnam-investors-with.html The Vietnam-aligned threat actor known as OceanLotus has been attributed to two distinct campaigns that targeted domestic entities and stock investors with a backdoor known as SPECTRALVIPER. The campaigns involve a prolonged cyber espionage operation aimed at a Vietnamese infrastructure and transport construction corporation between mid-2024 and February 2026, as well as a supply chain attack

GitHub to Disable npm Install Scripts by Default to Stop Supply Chain Attacks https://thehackernews.com/2026/06/github-to-disable-npm-install-scripts.html GitHub has announced what it said are "breaking changes" coming to npm version 12, one of which turns off install scripts by default to combat software supply chain threats. The changes aim to combat attack techniques that abuse the "npm install" command to trigger the execution of malicious code using npm lifecycle hooks. "Npm install" is used to download and install all the necessary

SMB cyber-readiness: What makes or breaks it https://www.welivesecurity.com/en/business-security/smb-cyber-readiness-what-makes-breaks-it/ A company that's expecting a cyberattack but hasn’t actively prepared for it risks making the hardest decisions at the worst possible moment

China-Linked JDY Botnet Expands to 1,500+ Devices for Cyber Reconnaissance https://thehackernews.com/2026/06/china-linked-jdy-botnet-expands-to-1500.html Cybersecurity researchers have warned of a "resurgence and expansion" of JDY, a covert network associated with China-nexus state-sponsored threat actors. "The JDY botnet comprises over 1,500 SOHO [small office and home office] and IoT devices and operates as a centrally controlled, high-performance scanner used to discover, fingerprint, and continuously map exposed services at scale," Lumen's

Ivanti, Fortinet, and SAP Release Patches for Multiple Critical Vulnerabilities https://thehackernews.com/2026/06/ivanti-fortinet-and-sap-release-patches.html Fortinet, Ivanti, and SAP have released security updates to address multiple critical security vulnerabilities that could result in arbitrary code execution and information disclosure. The security flaw patched by Fortinet relates to a command injection vulnerability in FortiSandbox, FortiSandbox Cloud, and FortiSandbox PaaS WEB UI. It's tracked as CVE-2026-25089 (CVSS score: 9.1). "An

Unpatched Langflow Flaw CVE-2026-5027 Exploited for Unauthenticated RCE https://thehackernews.com/2026/06/unpatched-langflow-flaw-cve-2026-5027.html A high-severity unpatched security flaw in Langflow, an open-source low-code platform to build artificial intelligence (AI) applications, has come under active exploitation in the wild, according to findings from VulnCheck. The vulnerability in question is CVE-2026-5027 (CVSS score: 8.8), a case of path traversal that could allow an attacker to write files to arbitrary locations. "The 'POST /

CISA Adds Cisco, Chrome, and Arista Flaws to KEV Catalog Amid Active Exploitation https://thehackernews.com/2026/06/cisa-adds-cisco-chrome-and-arista-flaws.html The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Tuesday added three new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, following reports of active exploitation. The list of vulnerabilities is as follows - CVE-2026-20245 (CVSS score: 7.8) - An improper encoding or escaping of output vulnerability in Cisco Catalyst SD-WAN Manager that could allow an