Summary4 min read

Cybersecurity Headlines – June 12, 2026

Host: Steve Prentiss
Episode Focus: Breaking updates and critical stories from the cybersecurity landscape, centering on new software vulnerabilities, significant data breaches, and evolving threats and responses across the globe.

Episode Overview

This episode delivers concise coverage of recent, high-impact security incidents and trends, including new critical vulnerabilities, changes in security practices, major data breaches at universities and corporations, disruption in industrial operations, and the state of cybersecurity team training. The host, Steve Prentiss, maintains a practical and urgent tone, offering actionable context and direct reporting on each story.

Key Discussion Points & Insights

1. Critical Fortinet Vulnerabilities Patched

[00:06]
- Summary: Fortinet released emergency security updates for FortiSandbox, FortiProxy, and FortiPortal, addressing several vulnerabilities.
- Most Severe Flaw: OS Command injection (CVSS score: 9.8), could allow remote, unauthenticated attackers to execute arbitrary commands through specially crafted HTTP requests.
- Impact: Immediate patching urged for affected devices to prevent exploitation.

2. GitHub's NPM Supply Chain Risk Mitigation

[01:05]
- Summary: GitHub announced that, starting from NPM version 12, install scripts will be disabled by default—a "breaking change" aimed at reducing supply chain attacks.
- Key Reasoning: Install-time lifecycle scripts represent the largest code execution risk in the NPM ecosystem.
- Shift in Responsibility: Users must give explicit consent for script execution during installation, closing a major attack vector.
- Notable Quote:
  - “Install time Lifecycle scripts [are] the single largest code execution surface in the NPM ecosystem.” – Steve Prentiss [01:28]

3. Nottingham University Data Breach

[02:00]
- Summary: The UK's University of Nottingham confirmed a major cyberattack on its student record system.
- Perpetrators: Shiny Hunters crew claimed responsibility.
- Stolen Data: 40 GB including billing, payment records, credit card details, student finance data, and campus portal exports for current students and alumni.
- Scope: Breach also affected university’s Malaysia and China campuses.
- Quote:
  - “The gang also compromised the university's campuses in Malaysia and China.” – Steve Prentiss [02:45]

4. FBI Seizure of Chinese Recruitment Sites

[03:10]
- Summary: DOJ announced US authorities seized 13 websites reportedly used by China to recruit US workers with government security clearances.
- Scheme: Sites masqueraded as consulting firms advertising jobs targeting sensitive information holders.
- Broader Pattern: Reflects recent intelligence (Five Eyes alliance) about rising China-based recruitment scams.

5. Australian Sugar Mills’ Cyberattack Disrupts Harvest

[04:02]
- Summary: Mackay Sugar, Australia’s second-largest sugar producer, suffered a cyberattack that halted two major sugar mills during the critical start of the cane harvest season.
- Consequences: Suspension of milling and haulage, impacting both domestic and Asian markets.
- Quote:
  - “Makai Sugar supplies raw sugar to domestic customers as well as to markets in South Korea, Indonesia, Japan and Malaysia.” – Steve Prentiss [04:35]

6. Coupang Fined Record $409 Million for Data Breach

[04:50]
- Summary: South Korean ecommerce giant Coupang was fined ₩624.6 billion ($409 million USD) after a breach affecting 37+ million users.
- Details: Subsidiary also fined for unlawful collection/use of sensitive data; attacker identified as a former IT department employee.
- Timeline: Breach occurred June last year, discovered in November.
- Notable Moment: Large regulatory fine underscores the global seriousness of failing to protect personal data.

7. ALPRs as Personal Device Trackers

[05:43]
- Summary: Security firm Leonardo aims to enhance Automatic License Plate Readers (ALPRs) with trackers for mobile phones, wearables, and Bluetooth devices in vehicles.
- Objective: Allow law enforcement to identify specific drivers or passengers, not just vehicles.
- Quote:
  - “The technology, called Signal Trace, would turn ALPR cameras from devices focused on tracking cars to ones that can more readily track the location of particular people.” – Steve Prentiss [06:08]

8. Cybersecurity Teams Struggle with Ongoing Training

[06:15]
- Summary: ISC2’s new report finds while 73% of large orgs increased security training budgets (mainly due to new tech/AI risks), 53% of security pros still can't make time for ongoing training despite having access during work hours.
- Key Insight: Continuous, not one-off, training is essential for effectiveness.
- Quote:
  - “Continuous training is key to preparedness rather than packaging things as a one time activity.” – Steve Prentiss [07:10]

Memorable Moments & Quotes

“Install time Lifecycle scripts [are] the single largest code execution surface in the NPM ecosystem.” – Steve Prentiss [01:28]
“The gang also compromised the university's campuses in Malaysia and China.” – Steve Prentiss [02:45]
“Makai Sugar supplies raw sugar to domestic customers as well as to markets in South Korea, Indonesia, Japan and Malaysia.” – Steve Prentiss [04:35]
“The technology, called Signal Trace, would turn ALPR cameras from devices focused on tracking cars to ones that can more readily track the location of particular people.” – Steve Prentiss [06:08]
“Continuous training is key to preparedness rather than packaging things as a one time activity.” – Steve Prentiss [07:10]

Timestamps for Key Segments

[00:06] – Fortinet vulnerability and urgent patch
[01:05] – GitHub/NPM supply chain change
[02:00] – Nottingham University data breach (Shiny Hunters)
[03:10] – FBI seizure of Chinese recruitment sites
[04:02] – Mackay Sugar cyberattack impact
[04:50] – Coupang’s record data breach fine
[05:43] – ALPRs and personal device tracking
[06:15] – Cybersecurity training report

Conclusion

Steve Prentiss provides a brisk, focused overview of current cyber threats and responses that both informs and prompts action, especially in patching critical vulnerabilities, reassessing security policies, and emphasizing the ongoing necessity of security training.

For further reading and detailed stories, listeners are directed to CISOseries.com.

Loading summary

Transcript3 lines

[00:00]
A
From the CISO series, it's Cybersecurity Headlines
[00:07]
B
these are the cybersecurity headlines for Friday, June 12, 2026. I'm Steve Prentiss. Fortinet patches a new critical Fortisandbox flaw Fortnet has released security updates to address several vulnerabilities affecting Fortisandbox, Fortis, Fort, 40 Proxy and 40 Portal. The most severe issue, a CVE numbered vulnerability with a CVSS score of 9.8, is an OS Command injection flaw in 40 sandbox products, which could allow remote unauthenticated attackers to send specially crafted HTTP requests and execute arbitrary commands on affected devices. GitHub to disable npm install scripts by default to stop supply chain attacks GitHub has announced what it describes as breaking changes coming to npm version 12, one of which turns off install scripts by default to combat software supply chain threats. These changes are designed to deal with attack techniques that abuse the NPM install command to trigger the execution of malicious code using NPM lifecycle hooks. GitHub describes install time Lifecycle scripts as the single largest code execution surface in the NPM ecosystem. The idea going forward is to require explicit user approval before code execution is initiated automatically during NPM install, as opposed to being trusted by default. Nottingham University announces data breach the UK based University of Nottingham has confirmed a cyber attack on its student record system, with the culprits identified as members of the Shiny Hunters crew. They allegedly made off with 40 gigabytes of data from the Russell Group institution. Shiny Hunters has claimed responsibility for the attack, which occurred on Tuesday, saying the data includes billing and payment records, credit card and payment details, student finance data and campus portal exports belonging to current students and alumni. The gang also compromised the university's campuses in Malaysia and China. FBI seizes 13 websites allegedly used by China to recruit US workers the Justice Department announced on Wednesday that these websites were part of a Chinese effort to target American workers who have access to classified or sensitive government information. The sites appeared to be affiliated with consulting companies that advertised job openings for current and former holders of security clearances. This follows on from an announcement from the Five Eyes Intelligence Sharing alliance that we reported on on an uptick in China based recruitment scams. Huge thanks to our sponsor Doppel. Cybercriminals don't respect your security silos. They use one connected attack chain to hit your brand externally, infiltrate your inbox and manipulate your team. Stop playing whack a mole with fragmented tools. Doppel unifies digital risk protection, human risk management and email security into one unified platform. 1 attack chain 3 pillars of defense 0 blind spots Secure your enterprise relentlessly@doppel.com that is-o P P E L.com. Cyber attack shuts down major Australian sugar mills, disrupting Harvest Australia's second largest sugar producer, Mackay Sugar, announced the which has disrupted sugar production in one of Australia's largest cane growing regions. This has forced two major sugar mills to shut down, bringing harvesting operations to a halt. The organization that represents local sugarcane farmers said in a statement that sugar milling and cane haulage operations at the two major mills has been suspended and this is occurring at the start of the annual sugar cane crushing season. Makai Sugar supplies raw sugar to domestic customers as well as to markets in South Korea, Indonesia, Japan and Malaysia. Coupang hit with record $409 million data breach fine South Korea's data protection regulator, the Personal Information Protection Commission, has fined the e commerce giant coupang a record 624.6 billion won, which is roughly $409 million following a massive data breach affecting more than 37 million customers. The company's subsidiary, Coupang Fulfillment Service, was also fined 248 million won for unlawfully collecting, using and handling customers personal and sensitive data. This breach occurred in late June of last year, but was discovered only in mid November. The primary Suspect is a 43 year old Chinese national who worked in Coupang's IT department between 2022 and 2024. Security company seeks to add phone, AirPod and smartwatch trackers to license plate readers the company, which goes by the name of Leonardo, wants to add sensors to automatic license plate readers, otherwise known as ALPRs, to attract unique identifiers of mobile phones, wearables and other Bluetooth enabled devices located in the cars whose plates they are scanning. The goal is to assist law enforcement in identifying specific drivers or passengers. The technology, called Signal Trace, would turn ALPR cameras from devices focused on tracking cars to ones that can more readily track the location of particular people. Most cybersecurity teams struggle to find time for training on new threats. This warning comes from a new report from ISC2, who polled nearly 1,000 cybersecurity leaders from large enterprises around the world on how their organization approached cybersecurity team training. 73% of them said their organization's security training budget has increased over the past year as businesses react to the emergence of new technologies and cybersecurity challenges that ACcompany them, especially AI. But at the same time, 98% said that while their organization allows employees to engage with professional development and training during work hours, just over half of the respondents, 53% said they faced challenges that prevented them from engaging in these very activities. The report suggests that continuous training is key to preparedness rather than packaging things as a one time activity. A link to this report is available in the show Notes to this episode there's never a bad week to join us for our Department of no livestream. We broadcast every Friday at 4pm Eastern on the CISO Series YouTube channel and this week is definitely a great one to join. We have Brett Conlon and Jason Thomas joining us, helping us break down why the news of the week matters to your cybersecurity team, telling you what is FUD and what you really need to know. So make sure you're subscribed to the CISO Series YouTube channel and set a calendar reminder to join us later today at 4:00pm Eastern for the Department of no. And if you have some thoughts on the news from today or about this show in general, please be sure to reach out to us. Old schooleedback@cisoseries.com we would love to hear from you. I'm Steve Prentiss reporting for the CISO series.
[07:56]
A
Cybersecurity headlines are available every weekday. Head to cisoseries.com for the full stories behind the headlines.