Last updated: July 6, 2026 at 12:53 AM UTC
All 559 Vulnerability 199 Breach 107 Threat 246 Defense 7

ShinyHunters breach of Berkadia exposes 305,000 in real estate finance

Breach-tracking service Have I Been Pwned has confirmed that 305,216 accounts were exposed in the March attack on Berkadia, a large US commercial real estate finance firm that handles mortgage banking and investment sales. The extortion group ShinyHunters claimed the intrusion, saying it stole millions of Salesforce records containing personal and internal corporate data, around 27GB compressed, and threatened to leak them after the company did not meet its deadline. The breach is part of a broad ShinyHunters campaign this year against companies' Salesforce environments, typically entered by socially engineering employees or help desks rather than exploiting a software flaw.

Check
If you work with or for Berkadia, check whether your email appears in Have I Been Pwned and watch for targeted phishing referencing mortgage, loan, or real estate dealings.
Affected
Berkadia clients, partners, and staff whose personal and business data sat in the breached Salesforce records (305,216 accounts confirmed); the broader ShinyHunters campaign targets corporate Salesforce tenants.
Fix
Reset and stop reusing any passwords tied to Berkadia dealings and enable phishing-resistant MFA. Organizations should lock down Salesforce access, restrict bulk exports, and harden help-desk identity verification.

K-12 platform Infinite Campus breach confirmed, 137,000 student-linked accounts

Have I Been Pwned has confirmed 137,123 accounts exposed in a breach of Infinite Campus, a widely used K-12 student information system in the US. The extortion group ShinyHunters claimed the attack back in March, posting that it had stolen personal data and internal corporate information. Because student information systems hold sensitive records on minors and their families, exposed data raises the risk of identity theft and highly targeted phishing aimed at parents, students, and school staff. The incident fits the same ShinyHunters data-theft pattern seen across the education sector this year, including the much larger Canvas breach.

Check
School districts using Infinite Campus should confirm whether their tenant was affected and notify families; individuals should watch for phishing or fraud referencing schools, student accounts, or enrollment.
Affected
Students, parents, and school staff whose data is held in affected Infinite Campus deployments (137,123 accounts confirmed); minors' records carry long-term identity-theft risk.
Fix
Reset exposed credentials, enable MFA on school and family accounts, and brief parents and staff to verify any school-related message before clicking. Districts should review SaaS access controls and export limits.

Critical Splunk Enterprise flaw allows unauthenticated remote code execution

Splunk has patched a critical flaw in Splunk Enterprise that lets an unauthenticated attacker run code on the server, a serious risk given Splunk often sits at the heart of a company's security monitoring. The bug (CVE-2026-20253, rated 9.8) is in the PostgreSQL sidecar service added in Splunk 10, whose internal API has no authentication yet is reachable through the main web app's proxy. An attacker can write or overwrite files on the host and chain that into remote code execution. The sidecar is off by default on on-premises Windows but enabled out of the box on Splunk Enterprise running in AWS. Splunk Cloud is not affected.

Check
Check Splunk Enterprise versions and whether the PostgreSQL sidecar service is enabled, especially on AWS-hosted instances, and use watchTowr's detection tool to test for unauthenticated access to the API.
Affected
Splunk Enterprise 10 and later below versions 10.2.4 and 10.0.7 with the PostgreSQL sidecar service active (CVE-2026-20253); AWS-hosted instances are exposed by default. Splunk Cloud is unaffected.
Fix
Upgrade Splunk Enterprise to 10.2.4 or 10.0.7 or later immediately. Until patched, restrict network access to the web interface and sidecar endpoints, and disable the sidecar service if unused.

Agentjacking hijacks AI coding agents via fake Sentry error reports

Researchers at Tenet Security have disclosed Agentjacking, a new attack that turns AI coding assistants like Claude Code, Cursor, and Codex into tools for running an attacker's code on a developer's machine. The trick abuses Sentry, a widely used error-tracking service: anyone can submit a fake error event using a project's DSN, a public write-only key embedded in website code, and the AI agent, fetching that event through Sentry's MCP integration, cannot tell the malicious instructions from real diagnostics and runs them with the developer's privileges. No phishing, malware, or server breach is needed, and it bypasses traditional controls because every step is technically authorized. Tenet found 2,388 exposed organizations.

Check
Inventory developers using AI coding agents connected to Sentry or other MCP integrations that surface external data, and check whether your Sentry DSNs are exposed in frontend code or repositories.
Affected
Development teams using MCP-connected AI coding agents (Claude Code, Cursor, Codex) alongside Sentry; any project whose public DSN lets attackers inject error events that the agent treats as trusted instructions.
Fix
Run AI coding agents with least privilege in sandboxes, require human approval before they execute commands, treat all MCP tool output as untrusted, and limit which integrations feed agents external data.

Over 400 Arch Linux AUR packages hijacked to drop stealer and rootkit

Attackers hijacked more than 400 packages in the Arch User Repository (AUR), the community add-on store for Arch Linux, in a supply-chain attack dubbed Atomic Arch. Rather than exploiting a flaw, they adopted abandoned packages and quietly edited the build recipe (PKGBUILD) to pull in a malicious npm package, atomic-lockfile, at install time. The payload is a Rust credential stealer that grabs browser logins, SSH keys, crypto wallets, and developer tokens; when run as root it also loads an eBPF rootkit that hides its processes, files, and network connections. Only the AUR is affected, not Arch's official repositories. The package names and histories looked completely normal.

Check
List AUR packages installed or updated since June 9 and diff their PKGBUILD and install scripts, flagging any that invoke npm, pip, or cargo for no clear reason.
Affected
Arch Linux and Arch-based systems where AUR packages were installed or updated on or after June 9 via helpers like yay or paru; root installs also expose an eBPF rootkit.
Fix
Remove affected packages and rotate all credentials, SSH keys, tokens, and wallets from the host. If a package ran as root, rebuild the machine; the rootkit makes in-place cleanup untrustworthy.

China-linked Velvet Ant hid in Linux login software for nearly a decade

Sygnia has detailed Operation Highland, a campaign in which the China-linked group Velvet Ant hid inside the Linux authentication stack itself for close to a decade, with traces back to 2016. Instead of dropping detectable malware, the attackers replaced the trusted PAM login module (pam_unix.so) and OpenSSH binaries with backdoored versions, found in nine distinct variants. Some accepted a hardcoded secret password; others silently logged real usernames, passwords, and every command typed, with a hidden switch to turn logging off. Because login programs are trusted and rarely inspected, the activity looked like normal administration and evaded scanners on a network with no direct internet access.

Check
Integrity-check PAM modules (pam_unix.so) and OpenSSH binaries on Linux hosts against known-good hashes from your distribution, and watch for logins succeeding with unexpected or hardcoded credentials.
Affected
Linux environments, especially internal servers and appliances without endpoint detection, where attackers with prior access can replace authentication binaries; high-value, long-dwell espionage targets are most at risk.
Fix
Reinstall PAM and OpenSSH from trusted distribution packages, rotate all credentials that may have been harvested, deploy file-integrity monitoring on authentication binaries, and extend detection to appliances lacking EDR.

Decade-old phpBB auth bypass lets anyone become admin, then run code

A critical flaw in phpBB, the open-source forum software running on thousands of sites, lets an unauthenticated attacker obtain a valid login session as any user, including an administrator, with a single HTTP request. The bug (CVE-2026-48611, rated 9.4) works in the default configuration and traces back to code from 2014. An admin session gives full read, write, and delete access to the forum and, on the latest branch, opens a path to remote code execution and full server takeover. A second, lower-severity flaw affecting only OAuth-configured installs was also fixed. phpBB released version 3.3.17 to patch both.

Check
Identify phpBB installations and their versions, prioritizing internet-facing forums, and confirm whether any are running version 3.3.16 or earlier or the 4.0.0-a2 alpha.
Affected
phpBB forums version 3.3.16 and earlier and 4.0.0-a2 in the default database authentication mode (CVE-2026-48611); a second flaw (CVE-2026-48612) affects only OAuth-configured installs.
Fix
Upgrade to phpBB 3.3.17 immediately; there is no safe 4.x release yet, so 4.x users should move to the patched master branch. No configuration workaround fully closes the bypass.

LangGraph flaw chain exposes self-hosted AI agents to code execution

Check Point has disclosed three now-patched flaws in LangGraph, the popular LangChain framework for building AI agents, that can be chained for remote code execution on self-hosted servers. The chain combines an SQL injection (CVE-2025-67644) with an unsafe msgpack deserialization bug (CVE-2026-28277): an attacker who can reach the agent's stored-state endpoint plants a malicious checkpoint that runs code when loaded. A compromised LangGraph server exposes everything the agent can touch, including model API keys, customer data, and internal network access. It is only exploitable in self-hosted deployments using the SQLite or Redis checkpointer; LangChain's managed LangSmith platform is not affected.

Check
Identify self-hosted LangGraph deployments using the SQLite or Redis checkpointer, check whether the get_state_history endpoint is exposed without authentication, and confirm the framework version against the patched releases.
Affected
Self-hosted LangGraph servers using the SQLite or Redis checkpointer with user-controlled filter input (CVE-2025-67644, CVE-2026-28277, CVE-2026-27022). Managed LangSmith deployments are not affected.
Fix
Upgrade LangGraph to the patched versions, require authentication on self-hosted servers, avoid long-lived static secrets, segment the network, and treat AI agents as privileged identities with least-privilege access.

Iran-linked Handala steals data from California water utility Cal Water

The Iran-linked group Handala claims it breached California Water Service (Cal Water), one of the largest US investor-owned water utilities, and published a 5GB sample to prove it. Analysts say the attackers reached a customer billing database holding personal data (names, addresses, account and payment details) and an internal GPS-correction server, leaking administrative credentials in the process. Handala framed the attack as retaliation for US actions against Iran and boasted it could disrupt water supply, but researchers stress the evidence does not support that claim, neither system controls water treatment, and the group is known to exaggerate. Cal Water has not yet publicly confirmed the incident.

Check
Water and other critical-infrastructure operators should verify strict isolation between IT and operational-technology networks, and review access logs and exposed credentials on internet-facing billing and GPS or telemetry systems.
Affected
California Water Service customers whose billing data was exposed, and the utility's internal GPS-correction systems; the broader US water sector faces heightened Iran-linked targeting per CISA warnings.
Fix
Rotate all exposed credentials and take the affected GPS server offline to audit it, enforce phishing-resistant MFA on privileged accounts, segment IT from OT, and report to CISA and WaterISAC.

Novo Nordisk says clinical trial patient data stolen in breach

Novo Nordisk, the pharmaceutical giant behind Wegovy and Ozempic, has disclosed that attackers copied data from its internal IT systems, including information on patients in some of its clinical trials. The company stressed the patient data was de-identified, containing fields like patient ID, year of birth, sex, biomarkers, and lifestyle factors rather than names or direct identifiers. Novo has not said how many people are affected or named the attacker, and is not offering credit monitoring, instead advising patients and healthcare professionals to stay alert for unexpected messages or calls. Pharma firms are increasingly targeted for their valuable research and patient data.

Check
Patients in Novo Nordisk trials and contacted healthcare professionals should watch for unexpected calls or messages referencing the company or a trial, and verify any such contact through official channels.
Affected
Patients in some Novo Nordisk clinical trials whose de-identified data (patient ID, year of birth, sex, biomarkers, lifestyle factors) was copied, plus healthcare professionals the company has contacted.
Fix
There is no direct user fix; stay alert for targeted phishing referencing the breach. Pharma and research organizations should tighten access controls, monitoring, and segmentation around trial and research data stores.