Daily Digest

CISA Mandates Urgent Patches for Exploited Ivanti & Oracle Flaws; Global Crackdowns Target Cybercrime Infrastructure

CISA Mandates Urgent Patches for Exploited Ivanti & Oracle Flaws; Global Crackdowns Target Cybercrime Infrastructure

June 13, 2026
9 articles (5 new, 4 updated)
27 min read

Summary

This cybersecurity brief for June 13, 2026, covers a series of critical events, led by CISA's emergency directives for federal agencies to patch actively exploited vulnerabilities in Ivanti Sentry and Oracle PeopleSoft. The latter is being used by the ShinyHunters group to attack the education sector. Other major incidents include a pro-Iranian group's claimed attack on California water systems, a massive data breach fine for South Korean retailer Coupang, and a significant law enforcement takedown of the 'AudiA6' crypto laundering service. Reports also detail a new BitLocker bypass exploit, a supply chain attack on Linux developers, and a data breach at pharmaceutical giant Novo Nordisk.

Filter by Category

New Articles (5)

Pro-Iranian Group 'Handala' Claims 'Warning' Attack on California Water Systems

HIGH

Pro-Iranian Hacker Group Handala Claims Cyberattack on California Water Infrastructure, Leaks Stolen Data

The pro-Iranian hacktivist group 'Handala' has claimed responsibility for a cyberattack against California water infrastructure. The group framed the intrusion as a retaliatory 'warning' to the U.S. for alleged strikes on Iranian water resources. While Handala asserted it did not disrupt water supplies, it released 5GB of data, including customer PII and administrative credentials for an RTKBase GPS network, as proof of the breach. The California Water Service (Cal Water), which serves two million customers, has been identified as a victim, with its Chico District confirmed to be affected.

June 13, 2026
5 min read
HandalaIranCyberattackCritical InfrastructureWater Utility +3 more
Pro-Iranian Group 'Handala' Claims 'Warning' Attack on California Water Systems

Conti Ransomware Coder Pleads Guilty in U.S. Court for Wire Fraud Conspiracy

INFORMATIONAL

Ukrainian National Pleads Guilty for Role as Malware Developer in Conti Ransomware Operation

Oleksii Oleksiyovych Lytvynenko, a 44-year-old Ukrainian national, has pleaded guilty in a U.S. federal court to conspiracy to commit wire fraud. He admitted to his role in the notorious Conti ransomware gang, which was responsible for over $150 million in ransom payments. Lytvynenko, who was arrested in Ireland and extradited, confessed to joining the group in 2021 and developing a malware 'loader' used to deploy the ransomware payload in attacks on at least twelve victims. He faces up to 20 years in prison.

June 13, 2026
5 min read
ContiRansomwareDOJCybercrimeMalware +3 more
Conti Ransomware Coder Pleads Guilty in U.S. Court for Wire Fraud Conspiracy

'Atomic Arch' Supply Chain Attack Hijacks Orphaned Linux Packages to Target Developers

HIGH

New 'Atomic Arch' Campaign Abuses Arch User Repository (AUR) to Distribute Malware

A sophisticated supply chain attack dubbed 'Atomic Arch' is targeting Linux developers by hijacking trusted but orphaned packages in the Arch User Repository (AUR). Attackers claim ownership of these abandoned packages and modify their build scripts (PKGBUILD) to fetch and install a malicious npm package. This secondary payload, 'atomic-lockfile', deploys a Rust-based infostealer and an eBPF rootkit designed to harvest developer credentials, tokens, and SSH keys. The campaign subverts the AUR's trust model and has compromised over 20 packages in multiple waves.

June 13, 2026
5 min read
Atomic ArchSupply Chain AttackAURArch Linuxnpm +4 more
'Atomic Arch' Supply Chain Attack Hijacks Orphaned Linux Packages to Target Developers

FinCEN Issues New Guidance to Encourage Banks to Share Fraud-Related Information

INFORMATIONAL

FinCEN Clarifies USA PATRIOT Act Rules to Bolster Information Sharing on Fraud

The U.S. Treasury's Financial Crimes Enforcement Network (FinCEN) has released updated guidance to encourage financial institutions to voluntarily share information related to suspected fraud. The guidance clarifies that the safe harbor provisions of Section 314(b) of the USA PATRIOT Act apply to the sharing of fraud-related information, not just money laundering and terrorist financing. This move aims to help banks work together to identify and stop fraud, which costs the U.S. hundreds of billions annually, by allowing them to share cyber intelligence like IP addresses and other fraud indicators.

June 13, 2026
4 min read
FinCENFraudInformation SharingUSA PATRIOT ActSection 314(b) +3 more
FinCEN Issues New Guidance to Encourage Banks to Share Fraud-Related Information

White House Overhauls Cybersecurity Policy for National Security Systems with NSPM-12

INFORMATIONAL

Trump Signs NSPM-12, Modernizing Governance and Empowering NSA to Secure Critical Government Networks

On June 12, 2026, President Donald J. Trump signed National Security Presidential Memorandum (NSPM-12), a new directive to overhaul the cybersecurity governance for America's most sensitive National Security Systems (NSS). The memo re-establishes the Committee on National Security Systems (CNSS) after 35 years and formally designates the NSA Director as the National Manager for NSS. This empowers the NSA to set baseline security requirements and provide direct assistance to secure classified and mission-critical systems across the entire U.S. government, including civilian agencies.

June 13, 2026
4 min read
NSPM-12White HouseNSACybersecurityPolicy +3 more
White House Overhauls Cybersecurity Policy for National Security Systems with NSPM-12

Updated Articles (4)

Verizon DBIR 2026: Vulnerability Exploitation Now the #1 Path to Data Breaches

INFORMATIONAL

A Paradigm Shift: Verizon's 2026 DBIR Finds Vulnerability Exploitation is Now the Top Initial Access Vector

Update:

The 2026 Verizon DBIR update provides more granular details on ransomware, noting its presence in 48% of all breaches (up from 44%), with the percentage of victims paying ransom dropping to 31% and the median payment slightly decreasing to $139,875. Additionally, the report highlights that threat actors are leveraging generative AI to increase the speed and scale of their attacks, from reconnaissance to malware development, further shrinking the window for defenders to patch vulnerabilities.

May 20, 2026
Updated: June 13, 2026
4 min read
VerizonDBIRVulnerability ManagementPatchingThreat Intelligence +1 more
Verizon DBIR 2026: Vulnerability Exploitation Now the #1 Path to Data Breaches

Ivanti Patches Critical Sentry Flaws Allowing Root-Level RCE

CRITICAL

Ivanti Urges Immediate Patching for Critical Sentry Vulnerabilities (CVE-2026-10520, CVE-2026-10523) Enabling Root RCE

Update:

The critical Ivanti Sentry vulnerability, CVE-2026-10520, is now confirmed to be under active exploitation, leading the U.S. Cybersecurity and Infrastructure Security Agency (CISA) to add it to its Known Exploited Vulnerabilities (KEV) catalog. CISA has issued an emergency directive requiring federal agencies to patch the flaw by June 15, 2026. Security researchers report widespread exploitation attempts against internet-exposed Sentry admin portals, warning that unpatched systems are likely already compromised. This significantly increases the urgency and severity of the threat, moving from potential to confirmed active attacks.

June 10, 2026
Updated: June 13, 2026
4 min read
IvantiVulnerabilityRCEZero-DayCVE-2026-10520 +2 more
Ivanti Patches Critical Sentry Flaws Allowing Root-Level RCE

Researcher Drops 'GreatXML' Zero-Day Exploit to Bypass Windows BitLocker

INFORMATIONAL

Researcher Drops 'GreatXML' Zero-Day Exploit to Bypass Windows BitLocker

Update:

New technical analysis of the 'GreatXML' exploit reveals specific attack steps, including planting both `unattend.xml` and `ReAgent.xml` files on the recovery partition. The exploit was demonstrated on Windows 11 24H2. The report details the process from gaining physical access to achieving a SYSTEM-level command prompt within WinRE. MITRE ATT&CK TTPs identified include T1068, T1547.001, and T1007. Additional mitigation strategies like Secure Boot, BIOS/UEFI passwords, and BitLocker with TPM+PIN are suggested. The researcher is identified as Nightmare Eclipse, providing further context to the ongoing disclosures.

June 11, 2026
Updated: June 13, 2026
4 min read
Researcher Drops 'GreatXML' Zero-Day Exploit to Bypass Windows BitLocker

Oracle Rushes Emergency Patch for PeopleSoft Zero-Day Exploited by ShinyHunters

INFORMATIONAL

Oracle Rushes Emergency Patch for PeopleSoft Zero-Day Exploited by ShinyHunters

Update:

The critical Oracle PeopleSoft zero-day, CVE-2026-35273, has been added to CISA's Known Exploited Vulnerabilities (KEV) catalog, requiring federal agencies to remediate by June 15, 2026. A joint report by Mandiant and Google confirms ShinyHunters breached over 100 organizations, with 68% in the U.S. higher education sector, exploiting the 9.8 CVSS flaw between late May and early June 2026. This update provides a more precise victim count, a confirmed CVSS score, and highlights the increased urgency due to CISA's mandate.

June 11, 2026
Updated: June 13, 2026
4 min read
Oracle Rushes Emergency Patch for PeopleSoft Zero-Day Exploited by ShinyHunters

📢 Share This Publication

Help others stay informed about cybersecurity threats

📅 Daily Edition

Curated and deduplicated every day from dozens of trusted sources — giving you one clean, consolidated view of what matters in cybersecurity.

🔢 Deduplication Applied

Related stories are merged into a single evolving article rather than repeated as separate entries — cutting through noise so you only read what's new.

🔗 Full Articles Linked

Every entry links to its full enriched article — complete with MITRE ATT&CK mappings, extracted IOCs, and actionable detection and mitigation guidance.