Today's security brief highlights significant disruptions to cybercrime operations, critical vulnerabilities requiring immediate attention, and ongoing concerns surrounding AI and surveillance. Law enforcement agencies have taken down major phishing and crypto-laundering services, while new critical flaws in Splunk and Oracle PeopleSoft are being actively exploited.

FBI disrupts massive AI-powered phishing service — The FBI, in collaboration with Google and Black Lotus Labs, has dismantled "Outsider Enterprise," a Chinese phishing-as-a-service operation that used thousands of AI-powered phishing websites to steal credit card data and passwords. Read more →
Critical Splunk Enterprise Flaw Allows Unauthenticated RCE — Splunk has released updates for a critical vulnerability, CVE-2026-20253 (CVSS 9.8), in Splunk Enterprise versions below 10.2.4 and 10.0.7, which could lead to unauthenticated file operations and remote code execution. Read more →
Google Confirms Exploitation of Oracle PeopleSoft Zero-Day — Google has confirmed active exploitation of CVE-2026-35273, a critical Oracle PeopleSoft Enterprise PeopleTools vulnerability, by the ShinyHunters group, which allows missing authentication for critical functions. Read more →
CISA Adds Oracle PeopleSoft Vulnerability to KEV Catalog — CISA has added CVE-2026-35273, an Oracle PeopleSoft Enterprise PeopleTools Missing Authentication for Critical Function Vulnerability, to its Known Exploited Vulnerabilities Catalog due to active exploitation. Read more →
Chinese Hackers Spy on Isolated Network for a Decade — A Chinese hacking group maintained persistence for 10 years by hijacking a target organization's authentication stack, gaining full visibility into administrative activity on an isolated network. Read more →
Over 400 Arch Linux AUR Packages Hijacked — Attackers compromised more than 400 packages in the Arch User Repository (AUR), rewriting build scripts to deploy a Rust-based infostealer and an eBPF rootkit on affected machines. Read more →
NPM 12 to Change Script Execution for Supply Chain Attacks — NPM 12 will introduce a significant change where `npm install` will no longer execute scripts from dependencies by default, aiming to prevent supply chain attacks unless explicitly allowed. Read more →
US Orders Anthropic to Suspend AI Model Access for Foreign Nationals — Anthropic has disabled its advanced AI models, Fable 5 and Mythos 5, for all users globally after a US government order to suspend access for foreign nationals due to national security concerns. Read more →