Daily Threat Intelligence Brief - June 24, 2026

The Operator's Take

Look past the CVE numbers and today's headline vulnerabilities share one disease: the server trusts data the client controls to make a security decision. Check Point's gateway reads four attacker-supplied bytes from an IKEv1 payload and uses one of them to switch off its own certificate checks (CVE-2026-50751). Joomla JCE lets an unauthenticated visitor define an editor profile that grants itself code execution (CVE-2026-48907). PeopleSoft accepts an unauthenticated HTTP request as a command (CVE-2026-35273). That is the exact architectural failure behind prompt injection, where a model cannot tell a trusted instruction from untrusted input because both arrive as the same token stream. The network edge and the AI agent are failing for the same reason, and the crews exploiting one are now industrializing the other.

The second non-obvious connection is the actor, not the bug. ShinyHunters (tracked by Mandiant as UNC6240) turned the PeopleSoft zero-day into a 300-instance extortion spree before Oracle even had an advisory, and this is the same group behind the year's largest breaches at Instructure and Charter. The edge-RCE-to-mass-extortion pipeline is a repeatable product line now, not a series of lucky breaks. This week, stop scanning for "VPN" generically and inventory IKEv1 specifically, because that is what is being hit, and treat every internet-facing management plane (SD-WAN Manager, PeopleSoft PSEMHUB, Joomla admin) as already targeted rather than merely exposed. Then apply the same untrusted-data-as-control lens to any agent or MCP deployment you run before an attacker does it for you.

Executive Summary

CVE-2026-48907 (Joomla Content Editor) carries a maximum CVSS 10.0 and was added to CISA KEV: unauthenticated PHP upload and execution, public exploit code, automated attacks observed.
CVE-2026-50751 (Check Point Remote Access and Mobile Access VPN, CVSS 9.3) is an IKEv1 authentication bypass exploited since May 7, 2026, with confirmed post-compromise activity tied to a Qilin ransomware affiliate. Patched June 8, KEV deadline June 11.
CVE-2026-35273 (Oracle PeopleSoft PeopleTools, CVSS 9.8) was a zero-day for its entire active window: ShinyHunters hit more than 300 instances at over 100 organizations, including at least 47 US universities and the records of nearly 500,000 students.
CVE-2026-20245 (Cisco Catalyst SD-WAN Manager, CVSS 7.8) allows root command execution and was exploited as a zero-day with no mitigation for a period before the 20.18.3.1 fix; companion path-write flaw CVE-2026-20262 is in KEV with a June 29 federal deadline.
CVE-2026-11645, the fifth exploited Chrome zero-day of 2026, is an out-of-bounds read and write in the V8 engine, patched in Stable 149.0.7827.102.
Microsoft shipped its largest-ever Patch Tuesday (nearly 200 fixes, 6 zero-days); hours later a researcher dropped a weaponized exploit for the RoguePlanet Defender zero-day (CVE-2026-50656, CVSS 7.8) that grants SYSTEM on fully patched Windows 10 and 11.
Prompt injection remains OWASP's number one LLM risk, reported in 73% of production AI deployments, with attack volume up 340% year over year and the OWASP Top 10 for Agentic Applications 2026 now standardizing the agent threat model.
The 2026 adversary breakout time benchmark has fallen to 72 minutes from initial foothold to active exfiltration, a fourfold reduction that compresses the window defenders have to respond.

Critical Vulnerabilities

CVE-2026-48907: Joomla Content Editor (JCE) Unauthenticated Code Execution

A maximum-severity improper access control flaw in the Widget Factory Joomla Content Editor extension, rated CVSS 10.0. An unauthenticated attacker can create new editor profiles, then upload and execute arbitrary PHP code on the underlying server. CISA added it to the Known Exploited Vulnerabilities catalog after confirming active exploitation. Working exploit code is public and the observed attacks are automated, which means exposed Joomla sites are being swept at scale rather than picked individually. Patch the JCE extension immediately and audit web roots for unexpected PHP files and rogue editor profiles.

CVE-2026-50751: Check Point VPN IKEv1 Authentication Bypass

An improper authentication weakness (CWE-287) in Check Point Remote Access and Mobile Access components configured for the deprecated IKEv1 key exchange, rated CVSS 9.3. The root cause is precise and instructive: the gateway reads four trailing bytes from the client-supplied VPNExtFeatures Vendor ID payload and writes them straight into an authentication flag register. A client can set bit 0x4 to disable signature verification or bit 0x2 to skip certificate processing entirely, so the server uses an attacker-controlled byte to skip its own certificate checks. Successful exploitation yields a VPN session with no valid credentials. Check Point Research observed exploitation dating to May 7, 2026, climbing in early June, with one confirmed post-compromise case linked to a Qilin ransomware affiliate. Patched June 8, 2026; CISA set a June 11 federal remediation deadline. Disable IKEv1 where possible and apply the hotfix now.

CVE-2026-35273: Oracle PeopleSoft PeopleTools Unauthenticated RCE

A remote code execution flaw in PeopleSoft Enterprise PeopleTools rated CVSS 9.8, reachable through the Environment Management Hub (PSEMHUB) component with no login and no user interaction, only network access over HTTP. ShinyHunters activity, attributed to UNC6240 by Mandiant, ran between May 27 and June 9, while Oracle did not publish its out-of-band advisory until June 10, so this was a zero-day for the full duration. Scope was severe: exploitation across more than 300 instances at over 100 organizations, with higher education taking 68% of confirmed victims. Apply Oracle's out-of-band fix, pull PSEMHUB off the public internet, and hunt for web shells and anomalous PeopleTools processes.

CVE-2026-20245 and CVE-2026-20262: Cisco Catalyst SD-WAN Manager

CVE-2026-20245 (CVSS 7.8) is a CLI flaw in Cisco Catalyst SD-WAN Manager that lets an attacker with netadmin privileges execute arbitrary commands as root by supplying a crafted file. Cisco observed limited cases where exploitation pushed a configuration change down to edge devices, which turns a single management-plane compromise into fleet-wide impact. The privilege requirement is real but can be reached by chaining CVE-2026-20182 or CVE-2026-20127. A dedicated fix ships in release 20.18.3.1; 20.18.2.1 and earlier are affected. The companion flaw CVE-2026-20262 (CVSS 6.5) is an arbitrary file write in the web interface caused by improper upload validation, now in CISA KEV with a federal remediation deadline of June 29, 2026. Treat the SD-WAN Manager as a high-value target and restrict management access to a hardened administrative network.

CVE-2026-11645: Google Chrome V8 Zero-Day

A high-severity out-of-bounds read and write in the V8 JavaScript engine, exploited in the wild. This is the fifth Chrome zero-day exploited in 2026, following CVE-2026-2441, CVE-2026-3909, CVE-2026-3910, and CVE-2026-5281, a cadence that makes browser patching a recurring operational requirement rather than an occasional event. Patched Stable builds are rolling out as 149.0.7827.102.103 for Windows and Mac and 149.0.7827.102 for Linux. Force-restart browsers across the fleet so the update applies; an open tab can keep an unpatched renderer alive for days.

CVE-2026-50656: Microsoft Defender "RoguePlanet" Zero-Day

A Time-of-Check to Time-of-Use (TOCTOU) race condition in Defender's real-time scanning engine, rated CVSS 7.8. It exploits the brief window between when Defender verifies a file path and when it acts on it, spawning a command prompt running as NT AUTHORITY\SYSTEM. It affects fully patched Windows 10 and Windows 11, including systems running the June 2026 cumulative update KB5094126. The significance here is the disclosure pattern, not the score: RoguePlanet was published on June 10, 2026, hours after Microsoft's largest-ever Patch Tuesday (nearly 200 fixes, 6 zero-days), by a researcher operating as Nightmare Eclipse who is in an ongoing dispute with Microsoft over disclosure and bounty practices. Weaponized proof-of-concept released into a feud is a threat model unto itself. Monitor for the patch, and watch Defender quarantine and scanning telemetry for anomalies in the interim.

AI Security Threats

The AI attack surface this month is no longer theoretical, and the connective theme with the infrastructure flaws above is identical: systems that cannot separate trusted control from untrusted input.

Prompt injection is now the default condition, not an edge case

Prompt injection holds the number one spot in OWASP's LLM risk ranking for 2026, and the field data backs the placement. Security audits report prompt injection vulnerabilities in 73% of production AI deployments, and OWASP's 2026 reporting puts the year-over-year growth of these attacks at 340%, the fastest-growing category measured. The weakness is architectural rather than a coding mistake: large language models receive instructions and data as the same stream of tokens, so any text the model reads can act as a command. OpenAI has publicly described it as a frontier security challenge with no clean solution, and independent analysis this month frames it as a permanent property of the design rather than a patchable bug. Defenders should plan for containment and least privilege around models, not for a fix that makes injection go away.

Agentic amplification turns one bad output into system-wide compromise

The OWASP Top 10 for Agentic Applications 2026 codifies what red teamers have been demonstrating: with tool-using agents, a single manipulated output can hijack an agent's planning loop, execute privileged tool calls, persist malicious instructions in memory, and propagate across connected systems. The "lethal trifecta" framing captures the danger precisely: an agent that has access to private data, exposure to untrusted content, and the ability to communicate externally can be steered into exfiltrating what it can read. This is why agentic red teaming belongs in the deployment pipeline, not as a one-time gate. An agent that passes a functional test can still be a data-exfiltration primitive once an attacker controls any text it ingests.

MCP exposure is a live, internet-scale problem

MCP security failures moved from research to mass exposure this year. Researchers scanning the public internet found more than 8,000 MCP servers reachable, a meaningful share with admin panels, debug endpoints, or API routes exposed without authentication. Analysis of over 7,000 servers found 36.7% vulnerable to SSRF. The January 2026 Clawdbot incident traced to a default configuration binding the admin panel to 0.0.0.0:8080, publicly reachable from first deployment, and abuse patterns now span GitHub MCP, Cursor, VS Code, Windsurf, Claude Code, and Gemini-CLI through tool poisoning, rug pulls, and STDIO command injection. On February 25, 2026, Check Point Research disclosed critical vulnerabilities in Claude Code itself. The lesson is operational: treat MCP servers as production network services with authentication, network segmentation, and egress control, not as convenient developer plumbing.

AI as an offensive accelerator

Nation-state operators are using AI to outrun signature-based defense. Trend Micro reporting describes APT36 running AI as a polymorphic malware assembly line, producing variants faster than detection signatures can be written. Combined with the 72-minute breakout benchmark, the defender takeaway is that behavioral and identity-centric detection now matters more than static signatures, because the static artifacts are being regenerated faster than they can be cataloged.

Source: https://www.trendmicro.com/en_us/research/26/d/us-public-sector-under-siege.html

Threat Actor Activity

Actor	Attribution	Activity this period	Source
ShinyHunters (UNC6240)	Financially motivated extortion	Exploited PeopleSoft zero-day CVE-2026-35273 across 300+ instances and 100+ organizations, 47+ US universities, roughly 500K student records	https://cloud.google.com/blog/topics/threat-intelligence/shinyhunters-targets-education-sector-oracle-exploit
Qilin (affiliate)	Ransomware-as-a-service	Confirmed post-compromise activity following Check Point VPN bypass CVE-2026-50751	https://www.helpnetsecurity.com/2026/06/08/check-point-cve-2026-50751-qilin-ransomware/
Salt Typhoon	PRC nation-state	Targeted US House Committee staff emails; part of campaigns reportedly hitting 50+ telecoms across 42 countries	https://cybelangel.com/blog/cyber-espionage-apts/
Phantom Taurus	PRC nation-state (newly documented)	Espionage against government agencies, embassies, and military operations across Africa, the Middle East, and Asia	https://www.darkreading.com/cyberattacks-data-breaches/new-china-apt-strikes-precision-persistence
APT36	Nation-state	Using AI as a polymorphic malware assembly line to outpace signature detection	https://www.trendmicro.com/en_us/research/26/d/us-public-sector-under-siege.html

The pattern worth tracking: financially motivated crews like ShinyHunters and Qilin are operating at zero-day speed against enterprise software, a tempo previously associated with nation-states, while the nation-state actors fold AI into their tooling. The line between espionage and profit-driven extortion keeps blurring, and the 72-minute breakout benchmark means both move faster than legacy response playbooks assume.

Ransomware and Data Breaches

Incidents reported in June 2026

Organization	Actor	Impact	Source
47+ US universities	ShinyHunters (UNC6240)	PeopleSoft zero-day exploited; tens of GB and roughly 500K student records leaked; University of Nottingham confirmed	https://thehackernews.com/2026/06/shinyhunters-exploits-oracle-peoplesoft.html
Nintendo	ShadowByt3$	859 MB claimed stolen: employee PII, surveys, internal reports 2016 to 2026, sentiment analytics	https://sharkstriker.com/blog/june-2026-data-breaches/
Illinois Central College	ShinyHunters	Ransomware attack on the institution	https://sharkstriker.com/blog/june-2026-data-breaches/
Oxford University	Undisclosed	Career services platform breach (June 1): names and email addresses of CareerConnect users	https://sharkstriker.com/blog/june-2026-data-breaches/
Multiple (June 23)	Undisclosed	Aerospace & Advanced Composites GmbH, Belpointe Asset Management, BITS Pilani, Canada Wide Media, Central Bank of Libya	https://www.breachsense.com/breaches/

Largest 2026 breaches for context

Organization	Actor	Scale	Source
Instructure (Canvas)	ShinyHunters	~3.65 TB and roughly 275M records across nearly 9,000 institutions: largest education-sector breach on record	https://techcrunch.com/2026/06/07/the-worst-hacks-and-breaches-of-2026-so-far/
Charter Communications	ShinyHunters	~40M records	https://techcrunch.com/2026/06/07/the-worst-hacks-and-breaches-of-2026-so-far/
Medtronic	ShinyHunters	9M+ records claimed (confirmed April 24, 2026)	https://www.pkware.com/blog/2026-data-breaches
Carnival Cruise Line	ShinyHunters	At least 6M customer records	https://techcrunch.com/2026/06/07/the-worst-hacks-and-breaches-of-2026-so-far/
NYC Health + Hospitals	Undisclosed	1.8M+ affected, including biometric fingerprints and palm prints, one of the largest healthcare breaches of 2026	https://techcrunch.com/2026/06/07/the-worst-hacks-and-breaches-of-2026-so-far/

The concentration is the story. A single extortion brand sits behind the year's biggest education, telecom, healthcare-adjacent, and travel breaches, and its newest tool is enterprise-software zero-days. Defending against ShinyHunters in 2026 is less about one product and more about removing internet-facing management interfaces and detecting mass-exfiltration behavior early.

Recommended Actions

Immediate (next 24 to 72 hours)

Patch or disable Joomla Content Editor (CVE-2026-48907) on any internet-facing Joomla site; audit for rogue editor profiles and unexpected PHP files in the web root.
Apply the Check Point hotfix for CVE-2026-50751 and disable the deprecated IKEv1 key exchange on Remote Access and Mobile Access gateways; review VPN session logs back to early May for sessions established without valid credentials.
Apply Oracle's out-of-band PeopleSoft fix for CVE-2026-35273, remove PSEMHUB from public reachability, and hunt for web shells and anomalous PeopleTools activity between May 27 and June 9.
Force a fleet-wide browser restart to apply the Chrome V8 fix (CVE-2026-11645, Stable 149.0.7827.102).
Meet the CISA KEV deadlines: Cisco SD-WAN file-write CVE-2026-20262 by June 29, 2026.

Short-Term (this week to this month)

Upgrade Cisco Catalyst SD-WAN Manager to 20.18.3.1 for CVE-2026-20245, and restrict management-plane access to a dedicated administrative network; verify no unexpected configuration was pushed to edge devices.
Track and stage the Microsoft Defender RoguePlanet (CVE-2026-50656) patch; in the interim, monitor Defender quarantine and scanning telemetry for TOCTOU-style anomalies and unexpected SYSTEM-level process spawns.
Inventory all internet-facing management interfaces (VPN concentrators, SD-WAN controllers, ERP hubs, CMS admin panels) and put them behind authentication and network segmentation.
Inventory and authenticate every MCP server in your environment; close unauthenticated admin and debug endpoints and apply egress filtering.

Strategic (this quarter)

Add agentic red teaming to the deployment lifecycle for any LLM or agent system, testing for prompt injection, tool abuse, and the lethal trifecta rather than treating functional tests as security validation.
Architect AI agents on least privilege and containment: scope tool permissions tightly, isolate untrusted content, and constrain external communication so a successful injection has a limited blast radius.
Shift detection investment toward behavioral and identity-centric signals, since the 72-minute breakout benchmark and AI-generated polymorphic malware are outrunning signature-based defense.
Build a zero-day response posture for enterprise software: assume internet-facing ERP, VPN, and management software can be hit before a vendor advisory exists, and rehearse rapid isolation and exfiltration detection.

Sources

CISA, Known Exploited Vulnerabilities Catalog: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
CISA, Adds Two Known Exploited Vulnerabilities (June 15, 2026): https://www.cisa.gov/news-events/alerts/2026/06/15/cisa-adds-two-known-exploited-vulnerabilities-catalog
The Hacker News, CISA Warns of Actively Exploited Joomla JCE Flaw: https://thehackernews.com/2026/06/cisa-warns-of-actively-exploited-joomla.html
Rapid7, Critical Check Point VPN Zero-Day Exploited (CVE-2026-50751): https://www.rapid7.com/blog/post/etr-critical-check-point-vpn-zero-day-exploited-in-the-wild-cve-2026-50751/
Check Point Blog, Hotfix for IKEv1 VPN vulnerabilities: https://blog.checkpoint.com/security/check-point-releases-important-hotfix-for-vulnerabilities-in-deprecated-ikev1-vpn-protocol/
Help Net Security, Qilin affiliate exploited Check Point VPN zero-day: https://www.helpnetsecurity.com/2026/06/08/check-point-cve-2026-50751-qilin-ransomware/
The Hacker News, ShinyHunters Exploits Oracle PeopleSoft Zero-Day: https://thehackernews.com/2026/06/shinyhunters-exploits-oracle-peoplesoft.html
Google Cloud (Mandiant), ShinyHunters Targets Education Sector: https://cloud.google.com/blog/topics/threat-intelligence/shinyhunters-targets-education-sector-oracle-exploit
Help Net Security, Oracle PeopleSoft under attack (CVE-2026-35273): https://www.helpnetsecurity.com/2026/06/11/oracle-peoplesoft-under-attack-cve-2026-35273/
The Hacker News, Cisco Catalyst SD-WAN Manager CVE-2026-20245: https://thehackernews.com/2026/06/cisco-catalyst-sd-wan-manager-cve-2026.html
Cisco Security Advisory, SD-WAN Authenticated Privilege Escalation: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-privesc-4uxFrdzx
Security Affairs, CVE-2026-20262 Under Active Exploitation: https://securityaffairs.com/193693/security/cve-2026-20262-cisco-catalyst-sd-wan-flaw-under-active-targeted-exploitation.html
The Hacker News, Chrome V8 Zero-Day CVE-2026-11645: https://thehackernews.com/2026/06/chrome-v8-zero-day-cve-2026-11645.html
SOC Prime, CVE-2026-11645 Chrome Zero-Day Analysis: https://socprime.com/blog/cve-2026-11645-chrome-zero-day-vulnerability-exploited-in-the-wild/
SecurityWeek, Microsoft Working on Patch for RoguePlanet: https://www.securityweek.com/microsoft-working-on-patch-for-rogueplanet-zero-day/
BleepingComputer, Microsoft warns of new Defender zero-days: https://www.bleepingcomputer.com/news/security/microsoft-warns-of-new-defender-zero-days-exploited-in-attacks/
Help Net Security, RoguePlanet zero-day (CVE-2026-50656): https://www.helpnetsecurity.com/2026/06/17/rogueplanet-zero-day-cve-2026-50656/
Kunal Ganglani, Prompt Injection in 2026: https://www.kunalganglani.com/blog/prompt-injection-2026-owasp-llm-vulnerability
Airia, AI Security in 2026: Prompt Injection and the Lethal Trifecta: https://airia.com/ai-security-in-2026-prompt-injection-the-lethal-trifecta-and-how-to-defend/
Tech Times, AI Agent Security Hits Its Reckoning: https://www.techtimes.com/articles/318361/20260614/ai-agent-security-hits-its-reckoning-prompt-injection-may-permanent-flaw-not-patchable-bug.htm
Christian Schneider, From LLM to agentic AI: prompt injection got worse: https://christian-schneider.net/blog/prompt-injection-agentic-amplification/
Medium (Nyami), 8,000+ MCP Servers Exposed: https://cikce.medium.com/8-000-mcp-servers-exposed-the-agentic-ai-security-crisis-of-2026-e8cb45f09115
Checkmarx Zero, 11 Emerging AI Security Risks with MCP: https://checkmarx.com/zero-post/11-emerging-ai-security-risks-with-mcp-model-context-protocol/
AuthZed, A Timeline of MCP Security Breaches: https://authzed.com/blog/timeline-mcp-breaches
Trend Micro, US Public Sector Under Siege (Q1 2026): https://www.trendmicro.com/en_us/research/26/d/us-public-sector-under-siege.html
Dark Reading, New China APT Strikes With Precision and Persistence: https://www.darkreading.com/cyberattacks-data-breaches/new-china-apt-strikes-precision-persistence
CybelAngel, Cyber Espionage and APTs: Chinese Threat Groups in 2026: https://cybelangel.com/blog/cyber-espionage-apts/
SecurityWeek, Cyber Insights 2026: Cyberwar and Rising Nation State Threats: https://www.securityweek.com/cyber-insights-2026-cyberwar-and-rising-nation-state-threats/
SharkStriker, June 2026 Data Breaches: https://sharkstriker.com/blog/june-2026-data-breaches/
Breachsense, Recent Data Breaches in 2026: https://www.breachsense.com/breaches/
TechCrunch, The worst breaches of 2026 so far: https://techcrunch.com/2026/06/07/the-worst-hacks-and-breaches-of-2026-so-far/
PKWARE, 2026 Data Breaches: https://www.pkware.com/blog/2026-data-breaches