infosecfollow

Washington forced Anthropic to pull its most capable AI models worldwide as an Oracle PeopleSoft zero-day let ShinyHunters drain gigabytes from hundreds of organizations.

Emerging Trends

• AI Weaponization: Attackers wired Gemini into phishing kits and turned AI coding agents into code-execution vectors, while Washington pulled frontier models offline over national-security fears.
• Supply Chain: Hijacked Arch packages, npm's script-execution overhaul, and dark-web access sales all point to the software pipeline as the soft underbelly defenders keep missing.
• Coordinated Takedowns: Europol, INTERPOL, and US prosecutors struck the laundering services, phishing platforms, and operators that bankroll ransomware inside a single 48-hour window.
• Dormant Flaws: A decade-old Velvet Ant login backdoor, a ten-year phpBB auth bypass, and freshly weaponized edge-device bugs show old access paths still swing doors open.

Security

AI Security

1. Washington Orders Anthropic to Pull Fable 5 and Mythos 5

[ai, policy, zero-day]

Last 24h: Anthropic took Fable 5 and Mythos 5 offline worldwide on June 13 after the Trump administration ordered it to block all foreign nationals.

The order arrived at 5:21 p.m. ET and demanded Anthropic cut access for foreign nationals inside and outside the United States, citing national security. Anthropic complied yet disputes the rationale, calling the cited jailbreak narrow and the underlying capability common across rival models. The suspension knocks the company's flagship models out of service globally and signals that export controls now reach frontier AI the way they reach advanced chips. A researcher's jailbreak claim, which Anthropic rejects as inauthentic, framed the security debate around the launch.

Sources: BleepingComputer · The Hacker News · SecurityWeek · SecurityWeek

2. AI Agents Become Both Weapon and Target

[ai, phishing, exploit]

Last 24h: Google sued the China-based Outsider network for weaponizing Gemini in smishing, and researchers disclosed the Agentjacking attack and a LangGraph RCE chain.

Google's suit accuses Outsider Enterprise of using Gemini to build phishing sites and run a phishing-as-a-service kit that hit hundreds of thousands of victims across more than 9,000 fake sites. Tenet Security's Agentjacking tricks AI coding agents into running arbitrary code through a booby-trapped Sentry error report. A separate LangGraph vulnerability chain, which includes SQL injection, exposes self-hosted AI agents to remote code execution. Together the items mark AI agents as both attacker tooling and a fresh attack surface.

Sources: The Hacker News · The Hacker News · The Hacker News

Vulnerabilities and Exploits

3. ShinyHunters Loots PeopleSoft via Oracle Zero-Day

[zero-day, exploit, breach]

Last 24h: Google confirmed ShinyHunters exploited the flaw, and CISA added CVE-2026-35273 to its known exploited catalog on June 12.

The bug, a missing-authentication flaw in Oracle PeopleSoft Enterprise PeopleTools, lets unauthenticated attackers reach critical functions and pull gigabytes of records. ShinyHunters hit hundreds of organizations and leaned hard on American universities running the ERP system. Oracle has mitigated CVE-2026-35273 yet has not publicly confirmed in-the-wild exploitation. Federal agencies now face a patch deadline under CISA's directive.

Sources: SecurityWeek · Ars Technica Security · CISA Advisories · Dark Reading

4. Edge VPNs and Enterprise Software Under Active Attack

[patch, exploit, vpn]

Last 24h: CISA gave agencies three days to patch an exploited Ivanti Sentry flaw, and researchers published a proof-of-concept for an exploited Check Point VPN bug.

Ivanti Sentry carries a critical OS command injection flaw that grants root-level code execution, and honeypots already show exploitation attempts; CISA's new Binding Operational Directive 26-04 sets a Sunday deadline. Check Point patched CVE-2026-50751, an authentication bypass in its Remote Access and Mobile Access VPN, on June 8 after limited attacks, and WatchTowr's public analysis now invites opportunistic waves. Splunk separately patched CVE-2026-20253, a 9.8-severity flaw that lets unauthenticated users run code on Splunk Enterprise. Anyone running the three should patch immediately.

Sources: BleepingComputer · SecurityWeek · Help Net Security · The Hacker News

5. 400 Arch Linux Packages Hijacked to Plant Rootkit

[supply-chain, malware]

Last 24h: Attackers hijacked more than 400 Arch User Repository packages to ship an infostealer and an eBPF rootkit.

The rewritten AUR build scripts install a Rust credential stealer on any machine that compiles them, and with root the malware loads an eBPF rootkit to hide. The harvested loot includes developer secrets and access tokens. Npm answered the broader threat by announcing that npm 12 will stop running dependency install scripts by default. Developers who built affected AUR packages should rotate every secret on those machines.

Sources: The Hacker News · BleepingComputer · SecurityWeek

Nation-State Activity

6. Velvet Ant Hid in Linux Login Software for a Decade

[apt, espionage]

Last 24h: Sygnia detailed how the China-nexus group Velvet Ant backdoored Linux login components to lurk for nearly ten years.

Velvet Ant seized a target's authentication stack, planting backdoors in the PAM and OpenSSH components that decide who signs in, and watched administrative activity for close to a decade. The implants sat below the laptops and servers defenders monitor most closely, surviving routine cleanup on an isolated network. The campaign shows how patient espionage groups embed themselves in the plumbing of identity itself. Organizations should audit login binaries and authentication modules for tampering.

Sources: BleepingComputer · The Hacker News

Ransomware and Cybercrime

7. Police Strike Crypto Laundering, Phishing, and Conti

[ransomware, phishing]

Last 24h: Europol dismantled the AudiA6 laundering service, a Conti operator pleaded guilty, and INTERPOL took down the Sniper Dz phishing platform.

AudiA6 washed more than €336 million for ransomware gangs between 2022 and 2025 before investigators seized it. A Ukrainian national extradited from Ireland admitted conspiracy charges tied to Conti, one of the most prolific ransomware crews. INTERPOL's Operation Ramz disrupted the decade-old Sniper Dz phishing-as-a-service platform and drove 201 arrests across 13 countries in the Middle East and North Africa. The sweep squeezes the financial and tooling layers that sustain cybercrime.

Sources: Help Net Security · BleepingComputer · The Hacker News

Data Breaches

8. Record Fines and Fresh Breaches Mount

[breach, policy]

Last 24h: South Korea fined Coupang a record $409 million, a court approved a $47 million 23andMe settlement, and Novo Nordisk disclosed a clinical-trials breach.

Coupang's penalty, the largest the Korean commission has ever issued, eclipses the $88.8 million SK Telecom fine from earlier in 2026. The 23andMe fund compensates roughly 7 million customers whose genetic data thieves stole starting in April 2023 and posted to the dark web. Novo Nordisk, the world's largest insulin maker, said attackers took patient information from some clinical trials, and France confirmed a Tchap messenger breach exposing 73,000 public-sector accounts. Regulators and courts keep raising the price of losing personal data.

Sources: The Record · The Record · BleepingComputer · BleepingComputer

Business and Politics

• Trump said the United States and Iran will sign an agreement Sunday to reopen the Strait of Hormuz, ending a war that swung from a helicopter-crash escalation back to a ceasefire. Pakistan, a mediator, called a deal closer than ever, though Tehran's Revolutionary Guard controls the harder phase ahead—talks over the nuclear program. (Financial Times · Wall Street Journal)
• SpaceX raised $75 billion and debuted at a $2.1 trillion valuation, the largest initial public offering in history; shares climbed 19% and Elon Musk became the world's first trillionaire. Financial stocks carried the Dow up 0.7%. (Wall Street Journal · Financial Times)
• US headline annual inflation reached 4.2%, the highest since April 2023, sharpening the Federal Reserve's dilemma over a wait-and-see policy that some economists warn echoes 2008. (Financial Times · Financial Times)

Pittsburgh

Weather

Tonight: Partly Cloudy, low 64F.

Sunday: Showers And Thunderstorms, high 81F.

Sunday Night: Showers And Thunderstorms then Mostly Cloudy, low 55F.

Business

• A Pittsburgh restaurant that fire gutted more than two years ago will sell its building, having never managed to reopen. (WPXI)
• The 12th annual Beers of the Burgh festival drew a few thousand people to the Carrie Blast Furnaces on Saturday to sample dozens of regional breweries, wineries, and cideries, a showcase of Western Pennsylvania's craft-beverage industry. (KDKA)

Around Town

• Pennsylvania American Water lifted a boil-water advisory that had covered about 1,500 customers in Clairton for nearly a week. (WTAE)
• Volunteers planted gardens along Mount Washington's famous Grandview promenade, reclaiming beds that weeds had overrun for decades. (Pittsburgh Post-Gazette)
• A water-main break crumbled a road in Forest Hills, forcing its closure Saturday. (WPXI)
• The Kittanning Firemen's Band played outside the Armstrong County Courthouse on Saturday, a send-off three weeks before it represents Pennsylvania in the National Independence Day Parade in Washington. (TribLive)

Events

• The Yough River Rally continues Sunday along the Youghiogheny River with family entertainment, following Saturday's "Yough River Rat" mullet contest. (TribLive)
• The Ligonier Valley Farmers Market opened its season, with regional growers such as Sand Hill Berries of Mt. Pleasant returning for the summer. (TribLive)

Sports

Pirates (36-35)

Fri Jun 12 · Marlins 8 · Pirates 3 · Final

Marlins beat the Pirates 8-3 for their 6th straight victory

Sat Jun 13 · Marlins 2 · Pirates 3 · Final

Spencer Horwitz hit by pitch with the bases loaded to lift the Pirates past the Marlins, 3-2

Up Next · Marlins @ Pirates · Sun Jun 14, 12:15 PM

• Marlins try to extend road win streak in matchup against the Pirates
• 2026 MLB ABS challenge system tracker: Team, player rankings

Reading

• Ed Zitron — Premium: The Silicon Valley Bubble (Part 1). Zitron argues the AI era is ending as OpenAI and Anthropic file to go public, racing for exit liquidity despite burning billions a year with no path to profitability.
• Stratechery — Fable 5, Anthropic Alignment, AI Tiers. Thompson holds that Fable 5, the public version of Mythos, is highly capable yet sets troubling precedents around model alignment and tiered AI access.
• Cal Newport — Why Isn’t AI Taking Our Jobs?. Newport questions the AI-as-industrial-automation comparison, examining why the predicted wave of job losses has yet to materialize.

Markets

weekly average, change vs prior week

S&P 500     7,377.03  ▼ -2.2%
Dow        50,725.58  ▼ -0.7%
Nasdaq     25,695.30  ▼ -3.8%
WTI crude      88.42  ▼ -5.0%
EUR/USD       1.1550  ▼ -0.4%
GBP/USD       1.3378  ▼ -0.3%
USD/JPY       160.28  ▲ +0.2%