Today's security brief highlights critical vulnerabilities and persistent threats, with a focus on supply chain attacks and AI-related security concerns. Several high-impact flaws, including a critical Splunk vulnerability and an actively exploited Oracle zero-day, demand immediate attention. Additionally, the brief covers ongoing efforts to combat sophisticated hacking groups and the evolving landscape of AI model security.

Critical Splunk Enterprise Flaw Allows Unauthenticated Code Execution — Splunk has released updates for a critical vulnerability, CVE-2026-20253 (CVSS 9.8), in Splunk Enterprise that could enable unauthenticated file operations and remote code execution. Read more →
Chinese Hackers Maintained Decade-Long Persistence in Isolated Network — A Chinese hacking group hijacked an organization's authentication stack, maintaining persistence and full administrative visibility for ten years. Read more →
ShinyHunters Exploits Oracle Zero-Day in Higher Education Attacks — The ShinyHunters group is actively exploiting a major zero-day vulnerability (CVE-2026-35273) in Oracle's PeopleSoft ERP software, primarily affecting American universities and leading to significant data theft. Read more →
CISA Adds Actively Exploited Oracle PeopleSoft Flaw to KEV Catalog — CISA has added CVE-2026-35273, an Oracle PeopleSoft Enterprise PeopleTools vulnerability, to its Known Exploited Vulnerabilities Catalog due to active exploitation. Read more →
Over 400 Arch Linux AUR Packages Hijacked to Deploy Infostealer and eBPF Rootkit — Attackers compromised more than 400 packages in the Arch User Repository (AUR), modifying build scripts to install a Rust-based credential stealer and an eBPF rootkit. Read more →
US Government Orders Anthropic to Suspend AI Model Access for Foreign Nationals — Anthropic has complied with a US government directive to block foreign nationals from accessing its Fable 5 and Mythos 5 AI models, leading to their worldwide suspension. Read more →
NPM 12 to Change Script Execution Behavior to Prevent Supply Chain Attacks — NPM 12 will introduce a significant change, preventing the default execution of scripts from dependencies during `npm install` unless explicitly allowed, aiming to mitigate supply chain risks. Read more →
phpBB Forum Fixes Decade-Old Authentication Bypass Vulnerability — A critical authentication bypass vulnerability, present in phpBB forum software for 10 years, has been patched, which allowed attackers to log in as any user, including administrators. Read more →