Threat Newsletter June 22, 2026
This week's roundup is dominated by one theme: the AI security arms race is no longer hypothetical. The US government's abrupt order forcing Anthropic to pull Claude Fable 5 and Mythos 5 offline worldwide kicked off a week of fallout, while Chainguard's new Athena coalition shows the defensive side racing to patch open-source flaws before frontier models — or attackers using them — find them first.
On the threat front, it was a heavy week for active exploitation: an unpatched Oracle PeopleSoft zero-day is fueling a ShinyHunters extortion spree against universities, a critical unauthenticated RCE in Splunk Enterprise is now confirmed exploited in the wild, and a massive "FortiBleed" credential leak has put roughly half of all internet-facing Fortinet firewalls at risk. Nation-state activity also featured prominently, with a year-long Chinese espionage campaign against US medical and military research institutions exposing just how exposed outdated REDCap servers really are.
Rounding things out: a record-breaking $3.5B in FTC-reported imposter scam losses, a new Android banking trojan built for full device takeover, ransomware abusing Microsoft Teams infrastructure to hide its tracks, and continued warnings about CISA's shrinking capacity to support state and local defenders. Details, takeaways, and sources for all 18 stories below.
US Gov Asks Anthropic to Ban Foreign National Access to Fable, Mythos
The US government issued an export control directive ordering Anthropic to block all foreign nationals — including its own foreign-national employees — from accessing Claude Fable 5 and Mythos 5. Because compliance required disabling access broadly, Anthropic took both models offline worldwide for all customers, just days after Fable 5 had launched free to Pro/Max/Enterprise users. Anthropic disputes the government's rationale, saying the directive stems from a narrow, non-universal jailbreak (essentially "ask the model to find and fix bugs in a codebase") that it says is achievable with other publicly available models too, including OpenAI's GPT-5.5. The UK government also flagged the disruption to its users.
Key Takeaways:
- Fable 5 and Mythos 5 are suspended globally for all users/customers, not just foreign nationals — other Claude models are unaffected.
- Anthropic says it received only verbal evidence of a "narrow" jailbreak and disagrees this warrants pulling a model used by hundreds of millions.
- Security teams relying on Fable 5/Mythos 5 (e.g., for AI-assisted vulnerability research) should migrate workloads to other models immediately.

Maine Disables Data Breach Notification Portal After Fake Disclosures
Maine's Attorney General's Office took its public data breach reporting portal offline after fraudulent breach notices impersonating Discord and VRChat were submitted and auto-published. VRChat confirmed the filing (claiming 2.4M records breached) was a hoax submitted under a fabricated employee name. The state has removed the fake filings and now requires direct contact with the AG's office for breach records while it reviews submission safeguards.
Key Takeaways:
- Self-service, auto-published government breach portals can be weaponized to spread disinformation and damage company reputations.
- Threat intel teams and journalists who rely on Maine's portal for breach tracking should treat recent listings with caution until the review concludes.
- Expect tighter verification controls before public access is restore

ShinyHunters Actively Extorting Universities After Exploiting Unpatched Oracle PeopleSoft Flaw
ShinyHunters has exploited an unpatched Oracle PeopleSoft PeopleTools zero-day (CVE-2026-35273, unauthenticated RCE) since at least May 27, compromising 100+ organizations — 68% in higher education, mostly US-based. University of Nottingham confirmed significant student data theft. Oracle disclosed the flaw and mitigation steps but has not yet shipped a patch. Mandiant/Google say extortion attempts are ongoing.
Key Takeaways:
- No patch exists yet for CVE-2026-35273 — apply Oracle's mitigation guidance immediately if running PeopleSoft PeopleTools.
- Higher education is the dominant target; assume any internet-facing PeopleSoft instance is at risk.
- This mirrors last year's Clop/Oracle E-Business Suite campaign — expect a slow-burn extortion wave over coming months.

Critical Splunk Enterprise Flaw Lets Attackers Run Code Without Authentication
Splunk patched a critical (CVSS 9.8) unauthenticated RCE vulnerability (CVE-2026-20253) caused by a missing-auth PostgreSQL sidecar service endpoint in Splunk Enterprise. Researchers detailed a full exploit chain using the backup/restore endpoints to write arbitrary files and ultimately overwrite a Python script Splunk executes, achieving RCE. Splunk Cloud is unaffected. As of June 18, Splunk confirmed limited exploitation in the wild, and CISA added the flaw to its KEV catalog with a June 21 patch deadline for federal agencies.
Key Takeaways:
- Patch immediately: fixed in Splunk Enterprise 10.0.7 and 10.2.4 (10.4 unaffected).
- Now confirmed exploited in the wild — treat as urgent, not theoretical.
- Splunk Cloud customers are not impacted.

Microsoft Fixes Windows Update Failures Linked to WUSA Installer
Microsoft resolved a long-standing known issue (since updates released after May 2025) where Windows Update Standalone Installer (WUSA) failed with ERROR_BAD_PATHNAME when installing .msu updates from network shares containing multiple files. The fix shipped in the June 2026 Patch Tuesday cumulative updates for Windows 11 24H2/25H2 (KB5079391) and Windows Server 2025 (KB5094125).
Key Takeaways:
- Affects enterprise environments deploying patches via WUSA from network shares — not a typical home-user issue.
- Apply the June 2026 cumulative updates to resolve; workaround is copying .msu files locally before install.
- Part of a recurring pattern of Windows Update reliability issues this year.

FBI Disrupts Massive AI-Powered Phishing Service Using a Million URLs
The FBI, Google, and Black Lotus Labs dismantled "Outsider Enterprise," a China-based AI-assisted phishing-as-a-service operation active since 2023 that used over 9,000 fake websites and 1M+ fraudulent URLs to send SMS phishing impersonating trusted brands via AT&T, T-Mobile, and Verizon. The operation is linked to over 3.8 million stolen credit card records and an estimated $1.9 billion in losses. Authorities seized servers, a Shopify storefront, a Telegram bot, and ~$100,000 in USDT; Google filed a civil suit and is pushing for the Stop SCAMS Act.
Key Takeaways:
- Part of the FBI's broader "Operation Riptide" against cybercrime infrastructure.
- Despite the takedown, the scale (2.5M SMS messages in just two weeks in May) shows smishing-as-a-service remains a major active threat.
- Google's Android scam-detection AI is blocking 10B+ malicious messages monthly — a sign of how automated this fight has become on both sides.

China-Nexus Actor (UNC6508) Spied on US Researchers Undetected for a Year
Google's Threat Intelligence Group disrupted a year-plus China-linked espionage campaign (UNC6508) that compromised REDCap (clinical research web app) servers at a US medical university with military ties, using custom malware ("Infinitered") to steal credentials, then pivoting internally to exfiltrate data via a novel technique abusing email content-compliance rules — avoiding traditional malware/LOTL detection entirely. The actor used exclusively US-based IPs for obfuscation, an unusual OPSEC choice for Chinese state actors, and targeted military strategy, foreign policy, defense tech, and medical research data.
Key Takeaways:
- Phishing-resistant MFA is the #1 defense recommendation — many of these intrusions relied on reused/stolen credentials.
- The data exfiltration method (manipulating compliance rules rather than malware) is hard to detect with conventional EDR/network tools — monitor audit logs for unauthorized rule changes.
- REDCap and similar research-specific web apps are now a recognized high-value target for state actors (see also story #18 below).

Adriatic Port Cyber-Attack by Anubis Sparks Warning Over Maritime Security
he Anubis ransomware-as-a-service group breached the Adriatic Port Authority (Port of Ancona, Italy) via spear-phishing and lateral movement through insecure Office 365/Azure cloud accounts — no OT/operational technology compromise needed. Resecurity reports crippled operations, rerouted vessels, and a $10M Bitcoin ransom demand; the port itself says losses were closer to 2% of its data. Stolen data reportedly included port safety/security plans valuable to smugglers. Anubis has earned an estimated $20M+ since its February 2025 affiliate launch, often via known unpatched flaws in SonicWall, SolarWinds, Cisco, and Citrix products.
Key Takeaways:
- Maritime/port infrastructure is increasingly targeted — IT-only compromises can still disrupt physical port operations.
- Anubis affiliates frequently exploit known, unpatched VPN and remote-access vulnerabilities — patching these remains the top mitigation.
- Expect this maritime ransomware trend (also seen at Maersk, Nagoya) to deepen through 2030 per Resecurity.

Chainguard Launches Athena Coalition to Fix Open Source Flaws Before AI Attackers Exploit Them
Chainguard launched Athena, an industry coalition (BNY, Cisco, Cloudflare, Docker, JPMorganChase, Kyndryl, PwC, and others — 2+ dozen members) designed to find and patch open-source vulnerabilities discovered by frontier AI models before attackers can weaponize them. The coalition is already operational, having processed 20,000+ findings and shipped 2,000+ patches across ~500 open source projects, with coordinated disclosures beginning next month. Many submitted findings originate from frontier AI security programs, including Anthropic's Project Glasswing and OpenAI's Daybreak.
Key Takeaways:
- Responds directly to the collapsing "time-to-exploit" window now that AI models can find and chain zero-days at machine speed.
- Members span the full stack — AI researchers, cloud/network providers, security vendors, and systems integrators — to coordinate patching and mitigation pre-disclosure.
- Worth watching for organizations maintaining open source dependencies: expect faster, more coordinated embargo-based disclosures going forward.

Atomic Arch Supply Chain Attack Hits 1,500 AUR Packages
A supply chain campaign dubbed "Atomic Arch" compromised 1,500+ packages in the Arch User Repository (AUR) by hijacking abandoned/orphaned packages and modifying their PKGBUILDs to execute a malicious payload masquerading as the npm package "atomic-lockfile" (later shifting to Bun-based installs). The Linux malware uses eBPF for kernel-level persistence and process/file/network hiding, includes anti-debugging, and harvests SSH keys, HashiCorp Vault tokens, browser cookies, and collaboration-app credentials. Arch Linux suspended new AUR account registrations to contain the campaign.
Key Takeaways:
- Any system that built AUR packages since June 11 should be treated as compromised — rebuild from clean media and rotate all credentials.
- eBPF-based rootkits make detection and cleanup significantly harder than typical malware — a one-off scan is not sufficient.
- Mirrors recent npm/PyPI supply-chain attack patterns (Shai-Hulud, Megalodon) — orphaned/abandoned packages remain a key attack vector across ecosystems.

FTC Warns of Record $3.5 Billion Losses to Imposter Scams in 2025
The FTC reports Americans lost a record $3.5 billion to imposter scams in 2025 — the most-reported fraud category, nearly tripling since 2020. Business impersonation (especially fake bank alerts) cost victims ~$1 billion; government impersonation cost ~$920 million. Social media was the most cost-effective vector for scammers, driving $2.1B+ in losses (an 8x increase since 2020), with Facebook alone outpacing text and email combined. Total reported fraud losses across all categories hit ~$16 billion in 2025, up ~25% year-over-year.
Key Takeaways:
- Bank-impersonation scams (fake security alerts prompting "protective" transfers) are the costliest single scheme type.
- Social platforms — not email/text — are now the leading entry point for impersonation fraud.
- The FTC's Impersonation Rule has secured $70M+ in consumer redress since April 2024 via a dozen enforcement actions.

Rokarolla Trojan Combines Banking Fraud With Device Surveillance
Zimperium's zLabs detailed "Rokarolla," a new Android banking trojan (named after its C2 servers) targeting 217 banking/crypto apps via 137 commands. It spreads through fake TikTok/Chrome sites and a Google Play Protect-impersonating dropper. Once installed, it becomes the default call/SMS handler to intercept OTPs and fraud alerts, abuses Accessibility Services to harvest credentials/PINs/keystrokes via fake overlay screens, swaps clipboard crypto addresses, mutes audio/vibration, hides its icon, and exfiltrates timestamped screenshots while trying to disable Play Protect.
Key Takeaways:
- Represents a shift from simple data theft to full "victim isolation" — blocking the bank's own fraud-alert channels.
- Relies heavily on Android Accessibility Services abuse — a recurring weak point across modern banking trojans.
- Users should avoid sideloading apps from non-official sources advertised via social media/search, and enable Play Protect scanning.

FortiBleed Leak Exposes Fortinet VPN Credentials for 73,000 Devices
Researcher Bob Diachenko discovered an exposed server containing what appears to be valid Fortinet/FortiGate VPN credentials (usernames, emails, plaintext passwords) for 73,932 firewall URLs across 194 countries and 21,632 domains, dubbed "FortiBleed." Affected organizations reportedly include Chevron, Samsung, Foxconn, Comcast, AT&T, Mercedes-Benz, Toyota, and many government/critical infrastructure entities. Analysis (by Diachenko, Hudson Rock, and Kevin Beaumont) suggests a Russian-speaking group conducted ~1.16 billion credential attempts against FortiGate devices and 2.1 billion against MS-SQL servers, cracking SSL VPN hashes via a 45-GPU cluster, with full compromise (including a Turkish NATO defense contractor) confirmed in several cases. Beaumont independently verified credential authenticity; the data appears sourced from exported Fortinet configs and represents roughly half of all internet-accessible FortiGate firewalls — most still online.
Key Takeaways:
- Treat this as an active, large-scale compromise — rotate all FortiGate VPN/admin credentials immediately and enforce MFA.
- Don't expose FortiGate management interfaces directly to the internet — a major contributing factor here.
- A free lookup tool from Hudson Rock can check if your organization is affected.

Microsoft Confirms RoguePlanet Defender Zero-Day, Patch in Development
Microsoft confirmed "RoguePlanet" (CVE-2026-50656, CVSS 7.8), a privilege-escalation race-condition flaw in the Microsoft Malware Protection Engine within Defender, disclosed by researcher "Chaotic Eclipse." The exploit grants SYSTEM-level shell access and reportedly works regardless of whether real-time protection is on, off, or in passive mode. It's the fourth Defender vulnerability this researcher has disclosed (after BlueHammer, UnDefend, and RedSun — all since patched).
Key Takeaways:
- No patch is available yet — Microsoft is actively developing one; monitor for the update and apply promptly once released.
- The exploit's inconsistent success rate (varies by machine) suggests a race condition rather than a deterministic bug — still a credible SYSTEM-level escalation risk.
- Part of a pattern of repeated Defender privilege-escalation disclosures from the same researcher this year.

Sen. Warner Warns of CISA Cuts, Staffing Shortages
Sen. Mark Warner (D-VA) sent a letter to CISA Acting Director Nick Andersen raising alarm over staffing cuts (roughly one-third of CISA's workforce, mostly senior staff), a $700M+ proposed FY2027 budget cut, and the loss of funding for MS-ISAC (the information-sharing center for state/local governments) after DHS stopped paying for it. Warner cited reports of "reduced responsiveness" from CISA among governors, mayors, and state CIOs, and noted 5 of 10 regional director roles are filled only in an acting capacity. CISA is hiring ~330 new staff, with some already onboard, but Warner argues this is insufficient given the threat landscape. He's requesting detailed org charts and service-delivery data by June 26.
Key Takeaways:
- State and local governments may be experiencing reduced federal cyber support — plan accordingly for incident response and threat-sharing gaps.
- MS-ISAC funding loss directly affects smaller governments' access to threat intelligence — Warner's proposed Guaranteeing Universal Access to Cybersecurity Act would restore it.
- CISA's leadership vacancy (no permanent director since January 2025) compounds the staffing concerns.

DragonForce Hackers Abuse Microsoft Teams Relays to Hide C2 Traffic
Symantec/Carbon Black documented DragonForce ransomware affiliates using a custom Go-based RAT, "Backdoor.Turn," that hides command-and-control traffic inside legitimate Microsoft Teams TURN relay infrastructure — the first publicly documented abuse of this kind. The malware obtains an anonymous Teams visitor token via Microsoft's Skype-backed identity service, uses a legitimate Microsoft relay server to establish connection, then runs a QUIC session to the real attacker C2 — appearing to defenders as ordinary outbound Teams traffic. The attack against an undisclosed major US services firm began with a likely SQL/MS-SQL exploit or initial access broker, used BYOVD techniques (including a Huawei driver previously seen in tax-themed malvertising) to disable security software, and persisted 1–2 months by injecting the backdoor into a legitimate debugging process after deploying ransomware.
Key Takeaways:
- Traditional network monitoring won't flag this — traffic looks like legitimate Microsoft Teams communication.
- DragonForce continues evolving from a standard RaaS into a more sophisticated, cartel-like operation with advanced evasion tradecraft.
- Watch for unusual outbound TURN/QUIC sessions correlated with Teams identity tokens, and monitor for known vulnerable driver abuse (BYOVD).

Majority of Internet-Accessible REDCap Servers Outdated
Internet intelligence firm Censys found that of ~8,500 internet-exposed REDCap (clinical research platform) instances worldwide, just over 1% run the latest version; nearly a third run version 16.0.17, with the current 17.1.3 release adopted by only ~1.18% of instances. REDCap servers — used heavily by academic, healthcare, and military-affiliated research institutions — are the same target class actively exploited by China-linked UNC6508 (see story #7) for credential theft and long-term espionage. ~40% of exposed instances are in the US, followed by the UK, Germany, and Australia.
Key Takeaways:
- If your organization runs REDCap, inventory all instances (including "legacy" side-by-side deployments) and patch to the latest version.
- Keep the database server behind a firewall, separate from the web-facing server, per vendor guidance.
- This directly compounds the risk profile described in the UNC6508 China-nexus campaign — patch urgency should be treated as high given active nation-state targeting.
















