Today's security news is dominated by a US government directive to Anthropic, forcing them to suspend access to their latest AI models for foreign nationals due to national security concerns. Meanwhile, a critical Oracle PeopleSoft zero-day is being actively exploited by the ShinyHunters group, primarily impacting higher education institutions. Additionally, a significant supply chain attack on Arch Linux AUR packages has been discovered, distributing an infostealer and eBPF rootkit.

US Gov Orders Anthropic to Ban Foreign National Access to Fable, Mythos AI Models — The US government has ordered Anthropic to block all foreign nationals from accessing its Fable 5 and Mythos 5 AI models, leading to their worldwide suspension. Anthropic is complying but disputes the basis for the order. Read more →
ShinyHunters Exploits Oracle Zero-Day in Higher Education Attacks — The ShinyHunters group is actively exploiting a major zero-day vulnerability (CVE-2026-35273) in Oracle's PeopleSoft ERP software, primarily affecting American universities and leading to significant data theft. Read more →
Over 400 Arch Linux AUR Packages Hijacked to Deploy Infostealer and eBPF Rootkit — Attackers have compromised more than 400 packages in the Arch User Repository (AUR), rewriting their build scripts to install a Rust-based credential stealer and an eBPF rootkit on affected machines. Read more →
phpBB Forum Fixes Decade-Old Authentication Bypass Bug — A critical authentication bypass vulnerability, present in phpBB forum software for 10 years, has been patched, which could allow an attacker to log in as any user, including administrators. Read more →
China-Linked Hackers Backdoored Linux Login Software for Nearly a Decade — A China-nexus group, tracked as Velvet Ant, spent close to a decade hidden within Linux login systems, backdooring PAM and OpenSSH components to maintain persistent access. Read more →
Maine Disables Data Breach Notification Portal After Fake Disclosures — Maine has taken its public data breach reporting portal offline following the publication of fraudulent breach disclosures, prompting a review of procedures to prevent future abuse. Read more →
Pharma Giant Novo Nordisk Discloses Breach of Clinical Trials Data — Danish pharmaceutical company Novo Nordisk has disclosed a data breach affecting patient information from some of its clinical trials. Read more →
Over 73,000 French Government Employees Affected in Tchap Messenger Breach — A recent breach of the French government's Tchap encrypted messaging platform has impacted over 73,000 public sector employee accounts. Read more →