Security Check-in Quick Hits: Splunk RCE, Arch Linux Supply Chain Attack, PeopleSoft Exploits, VPN Flaws & More
For June 15, 2026
Critical Splunk Enterprise Flaw Enables Unauthenticated Remote Code Execution (CVE-2026-20253)
Splunk has patched a high-severity vulnerability (CVSS 9.8) in Splunk Enterprise that allows unauthenticated attackers to perform arbitrary file creation/truncation via an exposed PostgreSQL sidecar service endpoint. This can lead to remote code execution. Affected versions are below 10.2.4 and 10.0.7. The issue stems from missing authentication controls on the service listening locally (often exposed). Patches are available, and organizations should update immediately and restrict network access to these endpoints.
This highlights ongoing risks in enterprise logging and SIEM tools, where misconfigurations or exposed services become prime targets.
Massive Supply Chain Attack Compromises 400+ Arch Linux AUR Packages with Rootkit and Infostealer
Attackers hijacked or adopted orphaned packages in the Arch User Repository (AUR), injecting malicious post-install scripts that install an npm package (atomic-lockfile or similar). This deploys a credential-stealing ELF binary targeting GitHub tokens, SSH keys, browser data, messaging apps, and more. An optional eBPF-based rootkit component hides processes and files. Over 400–1,500 packages were affected; Arch maintainers reverted changes, banned accounts, and provided detection scripts. Users should audit AUR installs (pacman -Qm), check for suspicious packages, rotate credentials, and consider reinstalling if impacted. Official repos were unaffected.
This incident underscores the trust risks in community-driven repositories and the need for careful vetting of AUR packages.
ShinyHunters Exploits Oracle PeopleSoft Zero-Day for Widespread Data Theft and Extortion
The ShinyHunters group (tracked as UNC6240) leveraged a zero-day in Oracle PeopleSoft (CVE-2026-35273, patched June 10) to compromise over 100 organizations (many in higher education) and ~300 instances. They used automated scripts for data exfiltration, lateral movement, and defacement, then extorted victims. Mandiant/Google Cloud reported the campaign targeted HR/payroll/student systems. Organizations using PeopleSoft should apply patches urgently and review for indicators of compromise.
This continues ShinyHunters’ pattern of high-volume data theft operations against enterprise software.
Active Exploitation of Palo Alto Networks PAN-OS GlobalProtect VPN Authentication Bypass
Palo Alto Networks warned of active exploitation of CVE-2026-0257, an authentication bypass in GlobalProtect VPN (portal/gateway) under specific configurations. It allows unauthenticated attackers to establish unauthorized VPN connections. Limited but ongoing attacks have been observed; apply mitigations and patches promptly.
VPN appliances remain high-value targets due to their privileged network access.
Maine Disables Official Data Breach Notification Portal After Fake Submissions
Maine’s Attorney General’s office took its public breach reporting portal offline after malicious actors submitted and published fake disclosures (e.g., impersonating Discord and VRChat with fabricated millions of affected users). No verification was required, highlighting weaknesses in public reporting systems that can be weaponized for misinformation or reputational attacks. The portal is under review.
This incident shows how regulatory tools can be abused without proper safeguards.
Additional Notes: Anthropic Pulls Advanced AI Models Offline
Anthropic took Fable 5 and Mythos 5 offline to comply with U.S. export controls aimed at preventing foreign national access, reflecting growing national security scrutiny over frontier AI.
Recommendations Across Issues: Patch aggressively, monitor for anomalous access (especially in SIEM/VPN/ERP systems), audit supply chain dependencies, implement network segmentation/least privilege, and verify breach reports through official channels. Stay vigilant—threats evolve quickly in supply chain, zero-days, and misinfo vectors.