Plugin CDN Breach, Gemini AI Lawsuit, ShinyHunters Targets Universities
Quick Answer
Recent cybersecurity news highlights a major plugin CDN breach affecting websites, Google's lawsuit against a phishing group abusing Gemini AI, and ShinyHunters targeting universities through cyberattacks, underscoring growing risks to online security and data protection.
Here’s your weekly roundup of the biggest cybersecurity stories making headlines — from a brazen WordPress plugin supply chain attack affecting over 1.2 million sites to Google taking a Chinese crime ring to court for weaponising its own Gemini AI. It’s been a busy week. Let’s dive in.
WordPress Supply Chain Attack Hits 1.2 Million Sites via Hijacked Plugin CDN
A supply chain attack targeting the WordPress plugins OptinMonster, TrustPulse, and PushEngage exposed more than 1.2 million websites to potential compromise after attackers injected malicious JavaScript into files distributed through official CDN infrastructure.
E-commerce security firm Sansec discovered the attack over the weekend and found that malicious scripts were served to unsuspecting OptinMonster and TrustPulse users on Friday between 22:17 UTC and 22:42 UTC. PushEngage continued to serve malicious JavaScript code until 19:02 UTC on Saturday.
The malware triggered only when a WordPress administrator visited a page on an infected website, collecting authentication tokens and nonces, and using them to create a rogue administrator account. The intruders then installed a self-hiding backdoor plugin and established a communication channel with a domain impersonating Tidio to send any newly captured data.
Awesome Motive has since confirmed the incident, attributing it to the compromise of a CDN API key, and said it revoked and rotated all compromised CDN credentials, remediated and migrated the affected marketing server, and purged malicious files from the CDN.
If your site runs any of these plugins, check for unfamiliar admin accounts and hidden backdoor plugins immediately. This is a stark reminder that even trusting a reputable plugin vendor is no longer enough — the threat can ride in through their own infrastructure. Implementing strong email authentication like DMARC, SPF, and DKIM remains essential to block spoofed communication that often accompanies these attacks.
Google Files Landmark Lawsuit Against Chinese Phishing Ring for Weaponising Gemini AI
Google filed a lawsuit in New York federal court against Outsider Enterprise for allegedly using Gemini AI to power fraudulent campaigns. The defendants allegedly sent 2.5 million scam messages and created 8,000 phishing websites targeting financial accounts. The FBI estimates the operation stole 3.87 million credit card numbers and caused $1.9 billion in losses since July 2023.
The lawsuit, filed on June 12, 2026, claims that the Outsider Enterprise used Gemini to generate phishing websites and send millions of fraudulent text messages to Android users while impersonating well-known brands including Google, YouTube, and the U.S. Postal Service.
For as little as $88 a week (or $200 a month), the kit allowed criminals to create fraudulent websites, launch phishing campaigns, and steal victims’ credit card numbers, bank account credentials, and personal data.
In the lawsuit, Google accuses the Outsider Enterprise of various crimes, including racketeering, wire fraud, and trademark infringement. The company seeks injunctive relief and damages aimed at dismantling the group’s infrastructure.
This is the first time Google has pursued legal action against threat actors for misusing its own AI. It signals a new era where AI tools are being industrialised by criminals — and underscores why organisations must remain vigilant against AI-powered phishing targeting their domains.
ShinyHunters Exploits Oracle PeopleSoft Zero-Day to Breach Universities
The ShinyHunters extortion crew exploited an unpatched flaw in Oracle PeopleSoft to break into enterprise systems, steal data, and demand payment to keep it private. The campaign hit universities hardest.
Oracle has released mitigations for CVE-2026-35273, but has not said whether it’s a zero-day exploited in ShinyHunters attacks. Google’s Mandiant attributes the activity to the group it tracks as UNC6240, dating the campaign between May 27 and June 9 — meaning the bug was actively exploited before Oracle’s advisory was even published on June 10.
Universities store vast amounts of sensitive personal, academic, and financial data, making them high-value targets. Any institution running Oracle PeopleSoft Enterprise PeopleTools versions 8.61 or 8.62 should apply available mitigations immediately and monitor for indicators of compromise.
Splunk Enterprise Critical Flaw Allows Unauthenticated Remote Code Execution
Splunk has released security updates to address a critical security flaw in Splunk Enterprise that could be exploited to conduct unauthenticated file operations and even remote code execution. The vulnerability, tracked as CVE-2026-20253, is rated 9.8 on the CVSS scoring system.
“In Splunk Enterprise versions below 10.2.4 and 10.0.7, an unauthenticated user could create or truncate arbitrary files through a PostgreSQL sidecar service endpoint,” Splunk said in an alert this week.
A CVSS score of 9.8 is about as serious as it gets. Given that Splunk is widely deployed as a security monitoring tool in enterprise environments, an attacker gaining a foothold here could effectively blind defenders while moving laterally through the network. Upgrade to versions 10.2.4 or 10.0.7 immediately.
Microsoft 365 Copilot “SearchLeak” Flaw Let Attackers Steal Emails with One Click
A single click on a trusted Microsoft link could have let an attacker pull emails, calendar details, and indexed files out of Microsoft 365 Copilot Enterprise Search. Researchers at Varonis Threat Labs chained three bugs into a one-click exfiltration path they call SearchLeak. Because the link pointed to a real microsoft.com domain, traditional anti-phishing and URL filtering tools were unlikely to flag it.
Varonis Threat Labs disclosed SearchLeak on June 15, 2026. Microsoft assigned the vulnerability CVE-2026-42824 with a critical severity rating.
The exfiltrated information could include email content (such as access codes and passwords), calendar events and meeting details, documents, and other content accessible through Copilot Enterprise Search. Microsoft addressed SearchLeak at the beginning of the month.
No action is needed from users or IT teams as Microsoft has patched this server-side. However, this highlights the growing attack surface that AI-integrated tools are creating — and why monitoring for suspicious Copilot Search URLs with encoded payloads in query parameters is now a security best practice.
ServiceNow Security Incident Exposes Sensitive Enterprise Customer Data
ServiceNow disclosed a security incident involving the exploitation of an unauthenticated access flaw in a vulnerable API endpoint, allowing attackers to query data from customer instances. The company confirmed that attackers exploited this flaw to successfully query the customer instance tables.
The company also disclosed that it received a confidential bug bounty submission describing a similar issue on April 22, 2026, but did not apply a security update until June 5, after activity targeting customer instances reportedly began days earlier.
While ServiceNow did not disclose which data was accessed during the attacks, instances commonly store sensitive enterprise information, including IT support tickets, employee records, internal documentation, asset inventories, security incident reports, workflow data, and configuration details for corporate systems and services.
The two-month gap between the initial bug report and the patch is deeply concerning. Organisations using ServiceNow should confirm that their instances were updated and review access logs for suspicious activity around June 2–5.
China-Linked Velvet Ant Group Backdoored Linux Login Software for Nearly a Decade
China-nexus group Velvet Ant spent close to a decade hidden inside the Linux login system itself. Sygnia says it backdoored the PAM and OpenSSH components that decide who is allowed to sign in, planting its access where ordinary cleanup could not reach it.
Rather than targeting applications that defenders watch closely, this group embedded persistence at the deepest authentication layer of the operating system — meaning routine incident response and cleanup would leave the backdoor intact. This is a sophisticated, long-game attack that should prompt organisations to audit their PAM and SSH configurations urgently.
Europol Disrupts AudiA6 Crypto Laundering Service Used by Ransomware Gangs
Authorities in Europe have disrupted AudiA6, a cryptocurrency laundering service used by ransomware gangs and cybercriminal networks. Europol said the dismantling of AudiA6 cut off a “key financial pipeline used to wash hundreds of millions in illicit profits.” The service is estimated to have been used to launder more than €336 million (~$389 million) since its inception.
This is a significant blow to the ransomware ecosystem’s financial infrastructure. Cutting off the ability to launder proceeds directly impacts the profitability of ransomware operations — making law enforcement actions like this just as important as technical countermeasures.
INTERPOL Takes Down Sniper Dz Phishing Platform, Makes 201 Arrests
An INTERPOL-led operation last month resulted in the disruption of Sniper Dz, a decade-long phishing-as-a-service platform. The effort, codenamed Operation Ramz, took place between October 2025 and February 2026, and saw authorities from 13 countries in the Middle East and North Africa (MENA) region making 201 arrests.
Sniper Dz had been operating for roughly ten years, providing ready-made phishing tools to criminals across the region. The scale of arrests — spanning 13 countries — demonstrates how international cooperation is becoming increasingly critical to tackling cybercrime. Proper domain authentication through DMARC makes phishing significantly harder to execute at scale.
SimpleHelp Authentication Bypass Exposes Nearly 14,000 Remote Management Servers
Nearly 14,000 internet-facing SimpleHelp servers are exposed following the disclosure of a critical authentication bypass vulnerability tracked as CVE-2026-48558. The flaw raises serious concerns for enterprises using the remote monitoring and management (RMM) platform.
The issue affects SimpleHelp deployments configured with OpenID Connect (OIDC) authentication, including integrations with Azure Active Directory. This flaw allows unauthenticated attackers to create a new “Technician” account and log in without valid credentials. Once inside, the attacker gains elevated privileges, as technician accounts can access managed endpoints, execute scripts, and perform administrative actions.
SimpleHelp fixed the vulnerability on June 9 by releasing versions 5.5.16 and 6.0RC2 of the product. If you cannot patch immediately, restrict technician login to trusted IP ranges as a temporary mitigation.
The Gentlemen Ransomware Claims 478 Victims, Spreads Like a Worm
A new analysis of The Gentlemen operation has revealed that the financially motivated threat group initially operated as an affiliate responsible for conducting double extortion attacks, while leveraging resources from various ransomware-as-a-service schemes like LockBit, Qilin, and Medusa.
What makes this group particularly alarming is the worm-like propagation capability built into their ransomware, which allows it to spread autonomously across networks after initial access — significantly accelerating the blast radius of any infection. Organisations should ensure robust network segmentation to limit lateral movement.
Palo Alto GlobalProtect VPN Flaw Under Active Exploitation — CISA Orders Federal Patch
CISA added CVE-2026-0257, a critical Palo Alto GlobalProtect authentication bypass under active exploitation, to its Known Exploited Vulnerabilities catalog. Federal agencies must patch by June 19, 2026. The flaw allows unauthenticated VPN access and is being chained with a zero-day for remote code execution.
Arctic Wolf observed a wave of CVE-2026-0257 exploitation activity in late May and early June 2026, following the publication of working exploit code and technical details about the vulnerability. The campaign is still ongoing.
Edge-facing VPN appliances are prime initial access targets. Any organisation running PAN-OS GlobalProtect with authentication override cookies enabled should treat this as an emergency patching priority.
Over 400 Arch Linux AUR Packages Hijacked to Deploy Infostealers and eBPF Rootkits
Attackers took over more than 400 packages in the Arch User Repository (AUR) this week and rewrote their build scripts to install a credential stealer on any machine that built them. The malware is a Rust binary built to harvest developer secrets. When it lands with root, it can also load an eBPF rootkit to hide itself.
Developer environments have become high-value targets because a compromised developer machine can be a gateway to source code, CI/CD pipelines, cloud credentials, and production infrastructure. This attack specifically targeted builders — those who compile packages from source — a community that often operates with elevated privileges.
Sysco Hit by ShinyHunters Extortion Claim Covering 61 Million Records
ShinyHunters claimed a breach of Sysco Corporation on June 15, threatening to leak over 61 million Salesforce records across several tables, some containing customer data/PII, employee data, and other internal corporate data. The group issued a final warning with a June 18, 2026 deadline before threatening to leak the data.
Sysco, the world’s largest food distributor with operations spanning 100+ countries, has not publicly confirmed the breach at the time of writing. ShinyHunters has been one of the most prolific extortion groups of 2026, with prior attacks on universities, financial firms, and technology platforms. Organisations across all sectors should review their Salesforce configurations and ensure sensitive data is access-controlled appropriately.
”Agentjacking” — New Attack Class Tricks AI Coding Agents Into Running Malicious Code
Cybersecurity researchers described a new class of attack that can trick AI coding agents into running arbitrary code on developer machines. Called Agentjacking by Tenet Security, the attack can be triggered by means of a fake error report crafted using Sentry, an open-source error-tracking and performance-monitoring platform.
As AI coding assistants like Claude Code, GitHub Copilot, and Cursor become embedded into developer workflows, attackers are targeting the agents themselves rather than the humans using them. Agentjacking represents a fundamental new threat model — one where the “user” being manipulated isn’t a person but an autonomous agent with code execution privileges.
LiteLLM AI Gateway Critical Flaw Allows Full Server Takeover
A default low-privilege account on a LiteLLM proxy can climb to full admin and run code on the server by chaining three vulnerabilities. LiteLLM is a widely deployed open-source AI gateway that brokers calls to more than 100 model providers behind one OpenAI-compatible interface. A server takeover exposes every provider key it holds, the secrets that decrypt its stored credentials, and every prompt and response passing through it. Obsidian rates the full chain CVSS 9.9, in the Critical range.
BerriAI, the maintainer, included the complete fix set in LiteLLM v1.83.14-stable. Upgrade to that release or later to close the three-CVE chain.
For any organisation running self-hosted AI infrastructure, a compromised LiteLLM gateway could expose API keys for every model provider — essentially handing attackers the keys to your entire AI stack. Update immediately.
OnyxC2 Malware Targets 200+ Apps with Encrypted Payloads and DLL Sideloading
Researchers say the OnyxC2 malware targets more than 200 applications and extensions while evading detection through encrypted payloads, DLL sideloading, and in-memory execution techniques.
OnyxC2 is notable for the sheer breadth of its target list and its multi-layered evasion capabilities. By operating entirely in memory and using DLL sideloading to piggyback on legitimate processes, it can bypass many traditional endpoint detection tools. Organisations should ensure their security tooling includes behavioural analysis rather than relying solely on signature-based detection.
General Manager
Founder and General Manager of DuoCircle. Product strategy and commercial lead for DMARC Report's 2,000+ customer base.
LinkedIn Profile →Take control of your DMARC reports
Turn raw XML into actionable dashboards. Start free - no credit card required.