FEED
LIVE · LAST UPDATED Jun 16 · 07:02 UTC

THREATWATCH.

Curated cybersecurity news, vulnerabilities, and threat intel. Stay informed without the noise.

criticalhighmediumlowinfo
critical
LiteLLM Chain Lets Low-Privilege Users Take Over AI Gateway Servers
Researchers disclosed a three-CVE LiteLLM chain where a low-privilege internal user can escalate to admin and reach server-side code execution on an AI gateway. The practical blast radius is ugly: provider API keys, stored credentials, and prompt/response traffic can all sit behind the same proxy, so upgrade to v1.83.14-stable or later and audit who can create virtual keys.
critical
Critical Splunk Enterprise Bug Allows Unauthenticated File Operations
Splunk disclosed CVE-2026-20253, a CVSS 9.8 Splunk Enterprise issue where a network-reachable PostgreSQL sidecar endpoint can let unauthenticated attackers create or alter arbitrary files and potentially reach code execution. Treat exposed Splunk management paths as high-priority patch and segmentation targets, then review for unexpected file changes.
critical
Over 400 Arch AUR Packages Hijacked for Infostealer Delivery
Attackers adopted abandoned Arch User Repository packages and changed build scripts to pull malicious npm/bun packages, including atomic-lockfile and js-digest. The payload steals developer secrets, persists with systemd, and can hide itself with eBPF when it already has root. AUR users who built packages after June 11 should check affected lists and rotate secrets from a clean host if a payload ran.
critical
Check Point VPN Exploit Details and PoC Raise Patch Urgency
watchTowr published technical details and a detection artifact generator for CVE-2026-50751, an authentication bypass in Check Point Remote Access VPN and Mobile Access that Check Point says was exploited in limited attacks. Internet-facing VPNs deserve a shorter patch window: apply vendor fixes, review access logs, and assume public exploit details will expand scanning.
critical
Oracle Mitigates PeopleSoft Zero-Day Exploited by ShinyHunters
Oracle mitigated CVE-2026-35273 after reports that ShinyHunters exploited the PeopleSoft flaw as a zero-day to steal data from universities and other organizations. PeopleSoft often sits close to identity and HR data, so the useful response is not only patching: check internet exposure, logs, and recent access to sensitive tables.
high
Cisco Patches Actively Exploited Catalyst SD-WAN Manager File-Write Flaw
Cisco released fixes for CVE-2026-20262, an actively exploited Catalyst SD-WAN Manager web UI flaw that can let an authenticated remote attacker create or overwrite files on affected systems. CISA added the issue to KEV with a June 29 federal deadline, so exposed SD-WAN management planes should be patched and checked for unexpected file changes rather than treated as routine maintenance.
high
CISA Flags Exploited LiteSpeed cPanel Plugin Root Escalation
CISA added CVE-2026-54420 to KEV after exploitation of a LiteSpeed cPanel plugin flaw that can let a user with FTP or web shell access escalate to root on shared hosting servers running CloudLinux or CageFS. Shared hosting operators should patch LiteSpeed WHM PlugIn/cPanel plugin versions and review tenants for post-exploitation persistence.
high
China-Linked Espionage Abuses Google Workspace Rules After REDCap Compromise
Google's threat team described a China-linked campaign against North American medical, academic, and defense research networks where compromised REDCap servers led to credential theft, then Workspace rules silently copied keyword-matching email to attacker-controlled inboxes. Mail routing rules deserve the same incident scrutiny as OAuth apps and forwarding settings.
high
North Korean Campaigns Keep Using Developer Tools as Malware Channels
Proofpoint reported campaigns tied to the Contagious Interview cluster using developer recruitment and code review lures against nearly 100 organizations across finance, crypto, education, and technology. The pattern keeps repeating: fake jobs, poisoned developer tooling, npm or VS Code surfaces, and victims who are targeted because their machines are close to code and credentials.
high
Meta Smart Glasses Prototype Used Pentagon-Linked Face Recognition Supplier
WIRED reported that Meta used Rank One, a face-recognition supplier with Pentagon ties and former senior intelligence officials on its board, for internal smart glasses app prototyping. Face recognition on always-available camera glasses is not a minor feature toggle; it changes what bystanders have to assume about public space.
high
Open-Source Detector Targets CI/CD Credential Abuse
Elastic released CI/CD Abuse Detector, an open-source project that uses an LLM to flag suspicious workflow and pipeline changes across GitHub Actions, GitLab CI, and Azure DevOps. The threat model is practical: stolen developer credentials are often used to alter automation files so CI becomes the attacker’s execution environment.
high
Military AI Verification Gap Gets Sharper as Contractors Pair With Frontier Labs
Help Net Security argues that military AI systems have a verification problem arms-control playbooks do not solve: proving what a model will do under messy real conditions. Partnerships involving defense contractors and frontier AI companies make auditability, test coverage, logging, and human authority boundaries less optional.
high
FCC SIM Rule Proposal Would Squeeze Burner Phone Privacy
WIRED reports that the FCC is considering rules that would make anonymous or low-friction prepaid mobile service harder to obtain. The policy is framed around fraud and phone abuse, but burner phones also protect journalists, abuse survivors, protesters, whistleblowers, and people who simply do not want every number tied to a durable identity file.
high
Velvet Ant Backdoored Linux Login Components for Long-Term Stealth
Sygnia says the China-linked Velvet Ant group backdoored PAM and OpenSSH components to stay hidden inside Linux authentication paths for years. For defenders, login infrastructure deserves file integrity monitoring, package provenance checks, and incident assumptions that go beyond ordinary endpoint telemetry.
high
EFF Says Section 702 Surveillance Authority Has Expired
EFF says Section 702 of FISA expired on June 12 after months of pressure for a warrant requirement. 702 allows warrantless collection targeting foreigners abroad while sweeping in Americans' communications; the broader European lesson is familiar: surveillance powers sold as foreign-intelligence plumbing almost always create domestic rights fights later.
high
Agentjacking Shows Error Trackers Can Steer Coding Agents
Tenet Security described Agentjacking, an attack where crafted error reports can persuade AI coding agents to run attacker-controlled code on developer machines. The useful lesson is not to ban agents; it is to treat issue trackers, crash reports, Sentry-style payloads, and retrieved debugging context as untrusted input when an agent has a shell or repository write access.
high
LangGraph Flaw Chain Exposes Self-Hosted Agents to RCE
Check Point disclosed three patched LangGraph issues, including SQL injection in SQLite checkpoint metadata handling, unsafe msgpack deserialization, and RediSearch query injection in Redis checkpointing. Self-hosted AI agent servers should update affected LangGraph packages, isolate agent runtimes, and avoid giving agents long-lived static secrets.
high
Google Sues Smishing Network Over Gemini-Assisted Scam Infrastructure
Google filed a lawsuit against Outsider Enterprise, a China-based cybercrime network it says used Gemini and other tools to build phishing websites and scam infrastructure. Google links the operation to more than 9,000 fake websites, one million fraudulent URLs, and hundreds of thousands of victims. AI is not magic here; it is a scale tool for boring but effective fraud operations.
high
Europol Disrupts AudiA6 Crypto Laundering Service
European authorities disrupted AudiA6, a cryptocurrency laundering service that Europol says moved more than €336 million for ransomware gangs and other cybercriminals. Takedowns like this do not end ransomware, but they can raise the cost of cashing out and expose operator infrastructure that victims rarely see.
high
OpenClaw Agent Attacks Show Hidden Inputs Can Become Tool Calls
Researchers described two OpenClaw attack paths: hidden instructions in shared contacts, vCards, and location pins, plus a phishing email that persuaded a test agent to forward mock AWS keys and customer data. One flaw is patched in OpenClaw 2026.4.23, but the larger lesson is unchanged: agent inputs and agent permissions have to be treated as one security boundary.
medium
EU Cybersecurity Act 2.0 Debate Raises Geopolitics-versus-Evidence Risk
Help Net Security warned that proposed EU Cybersecurity Act 2.0 changes could brand vendors high-risk based on geopolitical criteria rather than technical evidence. Europe needs supply-chain resilience, but security labels that skip measurable controls can create expensive disruption without proving systems are safer.
medium
EFF Frames LGBTQ+ Safety as a Surveillance and Platform Accountability Fight
EFF announced a livestream on LGBTQ+ solidarity against censorship and targeted surveillance, centered on safer virtual spaces, platform policy pressure, and accountability. The privacy angle is concrete: identity, speech, and community data become dangerous when platforms or governments can turn them into targeting infrastructure.
medium
HAMLOCK Research Hides Neural Network Backdoor Across Chip and Model
Researchers described HAMLOCK, a hardware neural network backdoor that splits its logic between custom silicon and the model so software-only scans miss the trigger. Edge AI supply chains need hardware provenance, model testing, and runtime monitoring rather than assuming a clean model file proves a clean system.
medium
Senior Engineers Are Cleaning Up More AI-Generated Code After It Ships
Help Net Security reports survey findings that AI-generated code often receives strong review scores at submission time while still driving more production incidents after release. Treat AI code review as operational risk management: tests, ownership, observability, and rollback paths matter more than whether the diff looks clean.
medium
KPMG Pulls AI Usage Report After Apparent Hallucinations
TechCrunch reports that KPMG pulled an AI usage report after apparent hallucinations were found. The operational lesson is simple and boring: AI-assisted research needs claim-level source tracking, human citation checks, and someone accountable for factual integrity before a polished document leaves the building.
medium
State Attorneys General Investigate OpenAI Practices
TechCrunch reports that state attorneys general are investigating OpenAI, with questions said to include advertising practices and handling of health data. For users and builders, the important part is not the lawsuit theatre; it is that consumer AI products are being pulled into ordinary privacy, health-data, and marketing accountability regimes.
medium
Schneier Highlights AI Sovereign Wealth Fund Debate
Bruce Schneier pointed to Bernie Sanders' proposal for an AI sovereign wealth fund, framing frontier AI as a political economy problem rather than only a product race. For Europe and small countries, the live question is who captures AI rents, who pays for infrastructure, and whether democratic oversight arrives before the private defaults harden.
medium
California Surveillance Pricing Bill Draws EFF Support
EFF backed California legislation to ban surveillance pricing, where companies use browsing, location, and other personal data to show different people different prices for the same product. The digital-rights issue is not only tracking; it is whether personal data becomes a hidden bargaining file used against the customer.
medium
EFF Calls Out Fake Staff Quotes on AI Slop Site
EFF says a site calling itself News-USA Today quoted multiple nonexistent EFF staffers in recent articles. This is not a quirky content-quality issue; fake experts and fabricated quotes poison search results, source discovery, and AI summaries that downstream tools may reuse as if they were evidence.
medium
GreatXML BitLocker Bypass Claim Needs Careful Triage, Not Panic
A researcher published GreatXML, a claimed BitLocker bypass involving Windows Defender Offline Scan and recovery partition XML files. The report includes caveats from other researchers about prerequisites and exploit practicality, so defenders should track Microsoft guidance and avoid treating early proof-of-concept claims as settled incident evidence.
▸ WANT DEEPER ANALYSIS?

Read the security articles.

SECURITY ARTICLES →