> TritonInfoSec News

# Archive

Browse past daily curated stories

Jun 14 Jun 13 Jun 12 Jun 11 Jun 10 Jun 09 Jun 08 Jun 07 Jun 06 Jun 02 May 31 May 30 May 29 May 28 May 27 May 26 May 24 May 23 May 22 May 21 May 20 May 19 May 18 May 17 May 15 May 14 May 13 May 12 May 10 May 09

Sunday, June 14, 2026

  1. 1
    0
    SecurityWeek general
    Google Confirms Exploitation of Oracle PeopleSoft Zero-Day by ShinyHunters

    ShinyHunters is actively exploiting CVE-2026-35273, a zero-day in Oracle PeopleSoft, confirmed by Google's threat intelligence team. The group has been leveraging the unpatched flaw since late May to steal gigabytes of data from hundreds of organizations, with a disproportionate impact on American universities. Oracle has mitigated the vulnerability but has not publicly acknowledged in-the-wild exploitation, leaving defenders with limited vendor guidance.

  2. 2
    0
    CyberScoop general
    ShinyHunters is actively extorting universities after exploiting an unpatched Oracle flaw

    ShinyHunters is extorting universities after exploiting an unpatched Oracle PeopleSoft zero-day (CVE-2026-35273) that Oracle had still not formally patched as of publication. The campaign, active since late May, targets higher education institutions and underscores the risk of unpatched ERP systems exposed to the internet. Security teams at universities should audit PeopleSoft exposure immediately given Oracle's delayed public response.

  3. 3
    0
    The Hacker News general
    400+ Arch Linux AUR Packages Hijacked to Install Rust Credential Stealer

    Attackers compromised over 400 packages in the Arch Linux AUR this week, rewriting build scripts to install a Rust-based credential stealer targeting developer secrets and access tokens. On systems where the malware lands with root privileges, it deploys an eBPF rootkit to conceal itself. Arch Linux developers who ran builds from AUR during the compromise window should treat their systems and stored credentials as fully compromised.

  4. 4
    0
    The Hacker News general
    Critical Splunk Enterprise Flaw Lets Attackers Run Code Without Authentication

    Splunk patched CVE-2026-20253 (CVSS 9.8), a critical unauthenticated remote code execution flaw affecting Splunk Enterprise versions below 10.2.4 and 10.0.7 that allows arbitrary file creation or truncation without credentials. Given Splunk's widespread deployment as a core security monitoring platform, exploitation could blind SOC teams while enabling full system compromise. Administrators should prioritize upgrading to the patched versions immediately.

  5. 5
    0
    BleepingComputer general
    Chinese hackers hijack auth flow, spy on isolated network for a decade

    A Chinese threat actor hijacked a target organization's authentication stack and maintained undetected access for approximately 10 years, achieving full visibility into administrative activity on an isolated network. The operation involved persistent control of the authentication flow, enabling long-term espionage without triggering standard detection mechanisms. This case illustrates the extreme dwell times achievable when attackers compromise identity infrastructure rather than endpoints.

  6. 6
    0
    CyberScoop general
    FBI takes down massive China-based cybercrime network that caused $1.9B in losses

    The FBI dismantled a massive China-based cybercrime network responsible for $1.9 billion in losses, which supplied phishing kits and infrastructure to criminals running smishing scams impersonating package delivery services, toll agencies, and parking authorities. The operation provided turnkey fraud tooling to a broad ecosystem of downstream criminals, making it a significant supply-side takedown. Attribution to a China-based operator providing infrastructure-as-a-service marks a notable enforcement action.

  7. 7
    0
    SecurityWeek general
    Ivanti Sentry Exploitation Attempts Hitting Honeypots

    Exploitation attempts targeting a critical OS command injection vulnerability in Ivanti Sentry have been detected hitting honeypots, indicating active scanning and attack activity in the wild. The flaw allows unauthenticated attackers to execute arbitrary commands with root privileges, making it a high-priority target. Organizations running Ivanti Sentry should apply available patches immediately given the confirmed exploitation activity.

  8. 8
    0
    The Hacker News general
    U.S. Orders Anthropic to Suspend Fable 5 and Mythos 5 Access for Foreign Nationals

    The Trump administration's Commerce Department ordered Anthropic at 5:21 p.m. ET to suspend access to Claude Fable 5 and Mythos 5 for all foreign nationals, citing national security concerns linked to a purported jailbreak of Fable 5. Anthropic complied by taking both models fully offline worldwide, affecting all users, while publicly disputing the threat basis as narrow and the underlying capability as widely available elsewhere. The action represents a significant precedent for government export controls applied directly to frontier AI model access.

  9. 9
    0
    BleepingComputer general
    Over 400 Arch Linux packages compromised to push rootkit, infostealer

    More than 400 Arch User Repository packages were trojanized to distribute a Linux eBPF rootkit and a credential-stealing infostealer targeting access tokens and secrets stored on developer machines. The attack targeted the AUR's community-maintained package ecosystem, which carries no formal security vetting, making it a recurring supply chain risk vector for Arch Linux users. Developers who built affected packages should rotate all credentials and audit systems for eBPF-based persistence.

  10. 10
    0
    BleepingComputer general
    phpBB forum fixes auth bypass bug lurking for a decade

    A 10-year-old authentication bypass vulnerability in phpBB forum software has been patched, allowing an unauthenticated attacker to log in as any account including site administrators. The flaw had been present and undetected in the widely deployed open-source forum platform for a decade, posing a significant risk to any phpBB instance that had not applied the fix. Forum operators should update immediately, as the bug's severity and long exposure window make it likely to be actively targeted following public disclosure.