Scattered Spider Hackers Plead Guilty on Day 1 of Trial Two young British members of the notorious Scattered Spider cybercrime group — Thalha Jubair, 20, and Owen Flowers, 18 — pleaded guilty on the opening day of what was expected to be a six-week UK trial, admitting to conspiring to hack Transport for London in August 2024. The guilty pleas arrived against a backdrop of sweeping U.S. federal charges: Jubair faces an indictment alleging involvement in 120 network intrusions across 47 U.S. organizations between 2022 and 2025, with victims paying at least $115 million in ransom. Flowers is separately alleged to have participated in attacks on U.S. healthcare providers, and multiple sources tied him to the high-profile 2023 ransomware hits on MGM Resorts and Caesars Entertainment.
Five Eyes Group Issues Urgent Call to Tackle Frontier AI Threats The cybersecurity agencies of the United States, United Kingdom, Canada, Australia, and New Zealand issued a rare joint public statement on June 22, warning that frontier AI will “fundamentally” transform both offensive and defensive capabilities within months — not years. The group cautioned that AI is already accelerating the window between vulnerability discovery and exploitation, lowering the barrier to entry for malicious actors, and urged a whole-of-organization response centered on reducing attack surfaces, accelerating patching, addressing legacy systems, hardening identity controls, and building breach-response readiness before incidents occur. “AI is not a future consideration — it is already here,” the statement read.
Trump Order Sets 2030 Deadline for Federal Post-Quantum Crypto Migration President Trump signed Executive Order 14409 on June 22, setting binding deadlines for all federal civilian agencies to migrate high-value and high-impact systems to post-quantum cryptography: key establishment algorithms must be replaced by December 31, 2030, and digital signatures by December 31, 2031. The order directly responds to the “harvest now, decrypt later” threat — the practice of adversaries collecting encrypted government data today to decrypt it once capable quantum machines exist — and pulls the government’s previous 2035 target forward by four to five years, aligning with the NIST standards finalized in August 2024.
CISA: Splunk Enterprise Flaw Actively Exploited, Patch by Sunday A critical unauthenticated remote code execution vulnerability in Splunk Enterprise (CVE-2026-20253) is being actively exploited in the wild, just days after researchers at WatchTowr published technical details and working proof-of-concept code. The flaw stems from a complete lack of authentication controls on the PostgreSQL sidecar service endpoint, allowing any network-reachable attacker to create or truncate arbitrary files — a primitive researchers quickly parlayed into full RCE. CISA added the flaw to its Known Exploited Vulnerabilities catalog and invoked its rapid-patching directive, giving Federal Civilian Executive Branch agencies just three days to remediate; over 1,400 Splunk instances remain exposed on the internet.
Cybersecurity Firms Impacted by Klue Supply Chain Attack A threat actor calling itself Icarus breached market intelligence platform Klue on June 11, hijacking its backend to push a malicious update that harvested OAuth tokens for customer integrations with Salesforce, HubSpot, Slack, and other platforms. The attackers then used the stolen tokens to execute a sustained Salesforce REST API exfiltration campaign — nearly a thousand queries in 15 minutes and extraction bursts lasting over six hours — siphoning CRM data from dozens of enterprise customers. Huntress and Recorded Future both confirmed they were among the affected organizations, with business contact data, price quotes, and sales records exposed, though no threat telemetry, passwords, or engineering data were compromised. Icarus’s extortion contact to Huntress and the group’s known leak site activity give investigators high confidence in the attribution.
