Critical Splunk RCE, AI Export Controls, and Phishing Takedowns Dominate Cybersecurity Landscape

The latest Chrome update, version 149, addresses a total of 28 vulnerabilities, significantly expanding beyond the previously reported CVE-2026-11645. Google has now confirmed that CVE-2026-11645 is being actively exploited via 'drive-by compromise' attacks, where users are compromised simply by visiting a malicious website. This type of zero-day is highly valued by sophisticated threat actors, including state-sponsored APT groups like APT28 and APT29, as well as cybercriminal organizations. Enhanced detection methods, such as monitoring EDR alerts for suspicious process creation from `chrome.exe` and network traffic analysis for unusual C2 communications, are now emphasized.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is experiencing critical staffing shortages, having lost approximately one-third of its personnel due to workforce reductions mandated by the Department of Government Efficiency (DOGE) over a year ago. Lawmakers express serious concerns that this significantly weakens CISA's capacity to defend against sophisticated cyber threats and fulfill expanding responsibilities, including implementing new AI security directives and responding to major incidents like the Salt Typhoon intrusions. This situation poses a direct national security risk, impacting incident response, threat intelligence sharing, and the ability to implement key cybersecurity mandates across federal agencies and critical infrastructure.

California Water Service (Cal Water) and independent analysis by Dataminr have confirmed that the Handala cyberattack was limited to non-critical IT systems, including a GPS server and customer billing database. Crucially, there was no impact on water production, delivery, or industrial control systems (ICS). This clarification significantly reduces the perceived operational severity of the incident, highlighting the effectiveness of network segmentation in containing the breach. The attack's primary goal appears to be propaganda and psychological warfare rather than kinetic damage.

The 'Atomic Arch' supply chain attack targeting Arch Linux AUR packages has escalated significantly, with reports now indicating over 400 packages have been compromised. This is a substantial increase from the previously reported 20+ packages. The attack continues to leverage modified PKGBUILDs to deploy a Rust-based infostealer and an eBPF rootkit, aiming to steal developer credentials and maintain stealth. The expanded scope highlights the growing threat to the Arch Linux developer community.

Microsoft has begun the widespread rollout of the Secure Boot 2023 certificate update for Windows 10 and 11 systems as part of the June 2026 Patch Tuesday, identified as KB5094126. This deployment is critical as the original 2011 Secure Boot certificates are set to begin expiring on June 24, 2026. The broad rollout follows a lengthy, cautious phased testing period, indicating Microsoft's confidence in the update's compatibility and ensuring continued boot-level security against pre-boot malware. Users are advised to ensure their systems receive this automatic update.

GitHub has announced a critical security update for the npm ecosystem. The upcoming NPM version 12, expected in July, will no longer automatically execute 'preinstall', 'install', and 'postinstall' scripts from dependencies. This change directly addresses the supply chain attacks, including those by the 'Shai-Hulud' worm and 'TeamPCP', which have exploited this feature to inject malicious payloads. Developers will now need to explicitly enable script execution, shifting to an opt-in security model and significantly reducing the primary infection vector for such attacks. This is a major step in hardening the software supply chain against the types of compromises seen with Red Hat and TanStack.