Today's security landscape is marked by critical vulnerabilities and persistent threats, including a severe Splunk flaw and widespread supply chain attacks. Geopolitical tensions also feature prominently, with the US government ordering Anthropic to restrict access to its advanced AI models for foreign nationals.

Critical Splunk Enterprise Flaw Allows Unauthenticated Code Execution — Splunk has patched CVE-2026-20253, a critical 9.8 CVSS vulnerability in Splunk Enterprise that could enable unauthenticated file operations and remote code execution. Read more →
Chinese Hackers Maintained Decade-Long Persistence in Isolated Network — A Chinese hacking group compromised a target organization's authentication stack, gaining full visibility into administrative activity and maintaining persistence for ten years. Read more →
US Government Orders Anthropic to Restrict AI Model Access for Foreign Nationals — Anthropic has suspended its Fable 5 and Mythos 5 AI models worldwide after a US government directive to block foreign national access, citing national security concerns. Read more →
ShinyHunters Exploits Oracle Zero-Day in Higher Education Attacks — The ShinyHunters group has leveraged a critical zero-day vulnerability (CVE-2026-35273) in Oracle's PeopleSoft ERP software to steal data from numerous American universities. Read more →
Over 400 Arch Linux AUR Packages Hijacked to Deploy Infostealer and eBPF Rootkit — Attackers compromised more than 400 packages in the Arch User Repository (AUR), modifying build scripts to install a Rust-based credential stealer and an eBPF rootkit. Read more →
NPM 12 to Change Script Execution Behavior to Prevent Supply Chain Attacks — NPM 12 will, by default, no longer execute scripts from dependencies during `npm install` unless explicitly allowed, a significant step to mitigate supply chain risks. Read more →
phpBB Forum Fixes Decade-Old Authentication Bypass Bug — A 10-year-old authentication bypass vulnerability in phpBB forum software has been patched, which allowed attackers to log in as any user, including administrators. Read more →
Ex-School District Employee Jailed for Hacking Former Employer — A former IT employee was sentenced to 21 months in prison for a prolonged cyberattack against an Iowa school district, causing significant disruption and damages. Read more →