[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fpy0xOPI0BOchC2Np44Gh2KEnDeo6Ti-9NNJFNva47fU":3},{"article":4,"iocs":54},{"id":5,"title":6,"slug":7,"summary":8,"ai_summary":9,"brief":10,"full_text":11,"url":12,"image_url":13,"published_at":14,"ingested_at":15,"relevance_score":16,"entities":17,"category_id":31,"category":32,"article_tags":36},"2e10e8a8-a00c-4a8c-bb3f-dea91a91a833","⚡ Weekly Recap: Chrome 0-Day, UniFi Exploits, macOS Stealers, VPN Flaw and More","weekly-recap-chrome-0-day-unifi-exploits-macos-stealers-vpn-flaw-and-more-93ac29","Stuff broke again. Not in a movie way. An old tool was left exposed. An abandoned package was abused. A deprecated feature was still running in prod. This week is the same lesson in a new form: phishing kits are easier to rent, AI names are useful bait, old login paths still fail, and forgotten software keeps becoming someone else's entry point. Scroll through the full Monday Cybersecurity","This week's cybersecurity recap includes Google patching a zero-day vulnerability in Chrome that was actively exploited in the wild. Additionally, the ShinyHunters gang exploited an Oracle PeopleSoft zero-day, leading to data exfiltration and CISA adding it to the KEV catalog. Hundreds of Arch Linux packages were compromised to distribute a rootkit and stealer, and the FBI took down domains linked to the Outsider phishing-as-a-service kit.","Weekly recap highlights Chrome 0-day, PeopleSoft exploit, Arch Linux package compromise, and PhaaS takedown.","⚡ Weekly Recap: Chrome 0-Day, UniFi Exploits, macOS Stealers, VPN Flaw and More Ravie LakshmananJun 15, 2026Cybersecurity \u002F Hacking Stuff broke again. Not in a movie way. An old tool was left exposed. An abandoned package was abused. A deprecated feature was still running in prod. This week is the same lesson in a new form: phishing kits are easier to rent, AI names are useful bait, old login paths still fail, and forgotten software keeps becoming someone else's entry point. Scroll through the full Monday Cybersecurity Recap below for the news, tools, webinars, and fixes worth your time this week. ⚡ Threat of the Week Google Patches Actively Exploited Chrome 0-Day - Google released security updates to address 74 vulnerabilities, including one that has come under active exploitation in the wild. The high-severity vulnerability, tracked as CVE-2026-11645 (CVSS score: 8.8), has been described as an out-of-bounds memory access in V8, Chrome's JavaScript and WebAssembly engine. Google acknowledged that an \"exploit for CVE-2026-11645 exists in the wild,\" but stopped short of sharing additional specifics to ensure that a majority of the users are updated with a fix and to prevent further exploitation. Google has addressed a total of five actively exploited Chrome zero-days since the start of the year. This includes CVE-2026-2441, CVE-2026-3909, CVE-2026-3910, and CVE-2026-5281. How Drata Tackles Shadow AI and SaaS Sprawl With a Lean Team Learn how the role of IT has changed in modern orgs, the operational realities of shadow IT and identity sprawl, and how Drata uses Nudge Security to gain visibility and control of AI use, SaaS sprawl, and identity risks. 🎥 June 16th, 2026 at 1pm CT Register Now ➝ 🔔 Top News ShinyHunters Gang Exploits Oracle PeopleSoft Zero-Day - The ShinyHunters (aka UNC6240) extortion crew exploited an unpatched flaw in Oracle PeopleSoft (CVE-2026-35273, CVSS score: 9.8) to break into enterprise networks. The vulnerability relates to a missing authentication for a critical function that could allow an unauthenticated attacker to obtain takeover of PeopleSoft Enterprise PeopleTools. According to Google Mandiant, the exploitation activity was observed between May 27 and June 9, 2026. Following a successful compromise, the attackers have been observed conducting targeted internal reconnaissance using MeshCentral, lateral movement, and data exfiltration. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the flaw to its Known Exploited Vulnerabilities (KEV) catalog, giving Federal Civilian Executive Branch (FCEB) agencies until June 15, 2026, to apply the fixes. The campaign has mainly targeted the higher education sector; 68% of the more than 100 notified organizations were universities and colleges. \"The observed exploitation targeted PeopleSoft's Environment Management Hub (PSEMHUB) endpoints, and data stolen during the campaign was published on the ShinyHunters Data Leak Site (DLS) on June 9, 2026,\" Rapid7 said. 100s of Arch Linux Packages Compromised to Push Rootkit and Stealer - Unknown threat actors have managed to compromise hundreds of legitimate-but-abandoned packages in the Arch User Repository (AUR) and modify them with preinstall scripts that download and execute a malicious npm package called atomic-lockfile. The campaign has been codenamed Atomic Arch by Sonatype. \"Analysis of atomic-lockfile, the malicious dependency, found a bundled Linux payload with functionality tied to credential harvesting, stealth, anti-debugging, and potential data exfiltration,\" the company said. Although the initial number of affected packages was 400, it has since risen to over 1,500. As of June 12, 2026, Arch Linux developers have deleted all the malicious commits they are aware of. Outside PhaaS Enterprise Taken Down - The U.S. Federal Bureau of Investigation said it took down a number of domains linked to Outsider, a Chinese phishing-as-a-service (PhaaS) software kit behind an estimated 3,870,000 stolen credit cards and a corresponding estimated $1.9 billion in losses since July 2023. In tandem, Google said it pursuing legal action against the operators, who weaponized Gemini to \"help generate fraudulent phishing pages and deploy massive SMS phishing ('smishing') attacks, often through text messages impersonating legitimate brands, alerting recipients of 'brokerage account issues' or insisting they are eligible for 'rewards through their mobile phone carrier.\" According to a complaint filed by Google, the group \"built, maintains, and uses a turn-key, online software suite that enables criminals, regardless of technical skill, to publish fraudulent websites designed to rob victims and enrich themselves.\" The toolkit costs $88 per week or $200 per month, offering access to more than 290 pre-built templates that mimic legitimate websites. The goal is to steal passwords and corresponding multi-factor authentication codes, as well as financial information in real-time. \"Part of the Outsider software's appeal is the ease with which someone with limited technical expertise -like many members of the Enterprise - can purchase the software, execute various phishing attacks, and, upon purchase, meet other members of the Enterprise who are proficient in other areas,\" the tech giant added. Critical Check Point VPN Flaw Exploited in Limited Attacks - Check Point warned of active exploitation of a critical vulnerability CVE-2026-50751 (CVSS score: 9.3) impacting Remote Access VPN and Mobile Access deployments that are configured to use the deprecated IKEv1 key exchange protocol. The security flaw is a case of a logic flow weakness in certificate validation that allows an unauthenticated remote attacker to bypass user authentication and establish a remote access VPN connection without a valid user password. The Israeli cybersecurity company said it first observed indications of suspicious activity on June 4, 2026, with the earliest observed exploitation dating back to May 7, 2026. Exploitation efforts are said to have ramped up starting this month. The exploitation activity, Check Point added, has been limited to a \"few dozen targeted organizations globally.\" In one case, the post-exploitation phase has been associated with a Qilin ransomware affiliate. The Gentlemen Ransomware Claims 478 Victims - A new analysis of The Gentlemen operation revealed that the financially motivated threat group initially operated as an affiliate responsible for conducting double extortion attacks, while leveraging resources from various ransomware-as-a-service (RaaS) schemes like LockBit (aka Tenacious Mantis), Qilin (aka Pestilent Mantis), and Medusa (aka Venomous Mantis). The group, which it tracks as Phantom Mantis, is led by a Russian-speaking cybercriminal it calls LARVA-368, who goes by the online aliases hastalamuerte, ArmCorp, zeta88, nobody0, and santamuerte. The Gentlemen is known to be active since March 2025, claiming a total of 478 victims to date. Microsoft, which is tracking the cluster under the moniker Storm-2697, said the operation \"initially started as a closed ransomware group then began offering its RaaS to affiliates in September 2025.\" ‎🔥 Trending CVEs Bugs drop weekly, and the gap between a patch and an exploit is shrinking fast. These are the heavy hitters for the week: high-severity, widely used, or already being poked at in the wild. Check the list, patch what you have, and hit the ones marked urgent first - CVE-2026-11645 (Google Chrome), CVE-2026-50751 (Check Point Remote Access VPN and Mobile Access), CVE-2026-35273 (Oracle PeopleSoft), CVE-2026-5027 (Langflow), CVE-2026-44963 (Veeam Backup & Replication), CVE-2026-23111 (Linux kernel), CVE-2026-45447 (OpenSSL), CVE-2026-44748, CVE-2026-27671 (SAP NetWeaver AS ABAP and ABAP Platform), CVE-2026-22732 (SAP Commerce Cloud and SAP Data Hub), CVE-2026-40128 (SAP NetWeaver Application Server Java Web Container), CVE-2026-10520 (Ivanti Sentry), CVE-2026-28252, CVE-2026-28253, CV","https:\u002F\u002Fthehackernews.com\u002F2026\u002F06\u002Fweekly-recap-chrome-0-day-unifi.html","https:\u002F\u002Fblogger.googleusercontent.com\u002Fimg\u002Fb\u002FR29vZ2xl\u002FAVvXsEgOtdohah5P1Lv9egIZCwwxpEdcV4phYigmhvgzB3ulDhSeeffe4qDsVoowrzaTD6WsgwyjKIdJ_vzvnsUJ78zn5oxOl83qUj5ie8NN_MF8pMbdcikrPpV9vAUgm-7NLOztqN17uTx-dktpkgcQSFrmulSyCtE3MCGHOe5yQRVDFbsrx0DUjoHTa76k4Oos\u002Fs1600\u002Fthn-recap.jpg","2026-06-15T13:49:29+00:00","2026-06-15T16:00:08.662299+00:00",8,[18,21,23,25,27,29],{"name":19,"type":20},"Chrome","product",{"name":22,"type":20},"V8",{"name":24,"type":20},"Oracle PeopleSoft",{"name":26,"type":20},"PeopleTools",{"name":28,"type":20},"MeshCentral",{"name":30,"type":20},"atomic-lockfile","80544778-fabb-4dcd-aa35-17492e5dcf4f",{"id":31,"icon":33,"name":34,"slug":35},null,"Vulnerabilities","vulnerabilities",[37,42,44,49],{"category":38},{"id":39,"icon":33,"name":40,"slug":41},"26b0b636-0e31-4db1-bffb-61bdf9f20a58","Supply Chain","supply-chain",{"category":43},{"id":31,"icon":33,"name":34,"slug":35},{"category":45},{"id":46,"icon":33,"name":47,"slug":48},"89f78b1c-3503-45a1-9fc7-e23d2ce1c6d5","Malware","malware",{"category":50},{"id":51,"icon":33,"name":52,"slug":53},"e7b231c8-5f79-4465-8d38-1ef13aea5a14","Threat Intelligence","threat-intelligence",[55,59,62,64,66,68,71],{"type":56,"value":57,"context":58},"cve","CVE-2026-11645","Out-of-bounds memory access in Chrome's V8 engine.",{"type":56,"value":60,"context":61},"CVE-2026-2441","Previously exploited Chrome zero-day.",{"type":56,"value":63,"context":61},"CVE-2026-3909",{"type":56,"value":65,"context":61},"CVE-2026-3910",{"type":56,"value":67,"context":61},"CVE-2026-5281",{"type":56,"value":69,"context":70},"CVE-2026-35273","Unpatched flaw in Oracle PeopleSoft.",{"type":48,"value":30,"context":72},"Malicious npm package used in Arch Linux compromise."]