Summary5 min read

Podcast Summary: Cybersecurity Headlines – June 1, 2026

Podcast: Cybersecurity Headlines
Host: Steve Prentiss (CISO Series)
Episode Title: GlobalProtect VPN exploited, ChatGPT share links exploits, Feds criticize NIST
Date: June 1, 2026

Episode Overview

This episode delivers a rapid-fire roundup of major cybersecurity news stories from around the globe, focusing on high-impact vulnerabilities, cyber-attacks, governmental oversight, and emerging risks. Host Steve Prentiss breaks down developments including a fresh exploit against Palo Alto’s GlobalProtect VPN, malicious abuse of ChatGPT share links, a damning federal audit of NIST, notable cybercrime and advanced nation-state activity, and more.

Key Discussion Points & Insights

1. GlobalProtect VPN Authentication Bypass Now Actively Exploited

[00:06] Palo Alto Networks’ GlobalProtect VPN experienced a critical authentication bypass flaw (CVE disclosed and fixed in May 2026).
Attackers are exploiting unpatched systems to breach corporate networks.
Severity increased to 'high' after live attacks. The vulnerability is now listed in the CISA KEV (Known Exploited Vulnerabilities) catalog.
Insight: Highlights the rapid weaponization of VPN vulnerabilities and the real-world risk for laggard patchers.

“The company is warning that hackers are now exploiting a PanOS GlobalProtect authentication bypass flaw in attacks attempting to breach corporate networks... raising the severity rating to high.”
— Steve Prentiss, [00:08]

2. ChatGPT Share Links Used for Malware Delivery

[01:00] Adversaries are exploiting ChatGPT's share feature to distribute malware in the “LLMShare” campaign.
Attackers set up authentic-seeming ChatGPT share links (hosted on OpenAI’s domain) displaying fake service outage messages.
Victims are instructed to download a bogus desktop app—actually malware.
The campaign uses online ads and user trust in AI brands to enhance success rates.
Key Context: Differentiated from the Gray Vibe story covered previously.

“Victims are told they can continue using ChatGPT by downloading a supposed desktop application, which is of course malware.”
— Steve Prentiss, [01:20]

3. Federal Audit Blasts NIST’s Vulnerability Database Management

[01:50] Department of Commerce audit faults the National Institute of Standards and Technology (NIST) for severe mismanagement of the National Vulnerability Database (NVD).
Issues: Poor planning, duplicate federal programs, failure to communicate, and a critical backlog.
Backlog ballooned from 13,000 unprocessed flaws (June 2024) to over 27,000 (end of 2025), after the enrichment contract lapsed.
NIST admits lacking a plan to resolve the processing backlog.
Impact: Raises questions about the reliability of a cornerstone US vulnerability resource.

“NIST leaders admitted they had no long-term plan for clearing the backlog, even as it grew... to over 27,000 by the end of 2025.”
— Steve Prentiss, [02:30]

4. Google Security Engineer Charged with Insider Trading via Search Data

[03:10] Michele Spagnolo, a Google security engineer, was arrested in New York for allegedly using internal Google search data to place profitable bets on Polymarket, a decentralized prediction platform.
DOJ claims he used “non-public year-in-search data” to predict and profit from the most searched people in 2025, netting $1.2 million.
Key Note: Highlights the insider threat risk even at tech giants.

“He is accused of using confidential information pulled from Google systems... and placed a series of bets on the most searched people on Google in 2025.”
— Steve Prentiss, [03:38]

5. North Korea’s KimSuky Unleashes New HTTPSpy Attacks

[05:10] The KimSuky (Velvet Kolima) APT group targeted South Korean military and businesses with custom malware (HTTPSpy).
Tactics: Social engineering, fake security software, spoofed WebEx meeting pages.
Attribution: Analysis from white-hat group Enki Enki.
Threat: Demonstrates evolving social engineering playbooks and relentless targeting of regional adversaries.

6. Malicious npm Packages Mimicking OpenSearch and Elasticsearch

[05:50] A lone NPM actor published 14 malicious packages imitating major DevOps/Elasticsearch tooling (OpenSearch, AWS, HashiCorp Vault) within four hours.
Attackers used a new maintainer alias—potential aim to move laterally via supply chain compromise.
Lateral movement and privilege escalation a highlighted threat.

“These types of attacks allow the actor to move laterally across cloud environments, steal sensitive data, and push more poisoned updates.”
— Steve Prentiss, [06:20]

7. SoftBank’s Multibillion-Euro French Data Center Investment

[06:45] Announcement: SoftBank pledges up to €75 billion (~$87bn USD) for building data centers in northern France (Dunkirk, Bockel, Beauchamp).
Intended to add 5GW capacity and support the expansion of AI infrastructure in Europe—the company is both an OpenAI investor and client.
Significance: Marks Europe’s largest AI infrastructure investment.

8. California Sues 23andMe Over 2023 Genetic Data Breach

[07:10] California AG sues 23andMe, alleging failure to protect sensitive customer data, exposing 7 million users (850,000 Californians) in a high-profile credential-stuffing attack.
Exposed data included genetic, health predispositions, ancestry, DNA matches.
Broader Implication: Regulatory enforcement heats up around the protection of sensitive personal and genetic information.

Notable Quotes & Memorable Moments

On fast-moving LLM-based scams:
“Researchers found that the campaign leveraged online advertising and users' trust in recognizable AI brands to increase success rates.”
— Steve Prentiss, [01:30]
On NIST’s vulnerability data crisis:
“The database’s enrichment contract lapsed, creating a backlog of unprocessed security flaws that has only grown worse.”
— Steve Prentiss, [02:10]
On npm "lone wolf" attacker tactics:
“The attacker used a newly created maintainer alias to target Amazon Web Services, HashiCorp Vault, GitHub Actions and the NPM Registry itself.”
— Steve Prentiss, [05:55]

Timestamps for Key Segments

GlobalProtect VPN exploit – [00:06]
ChatGPT share links for malware – [01:00]
NIST/NVD audit and backlog – [01:50]
Google engineer insider betting case – [03:10]
KimSuky HTTPSpy attacks – [05:10]
Malicious npm packages (OpenSearch/Elasticsearch) – [05:50]
SoftBank French data center investment – [06:45]
California sues 23andMe – [07:10]

Conclusion

This daily headlines episode offers concise yet rich coverage of urgent and emerging cybersecurity issues—demonstrating the ecosystem’s volatility, the steady march of sophisticated threat actors, and the compounding impact of operational missteps by key organizations. Essential listening for anyone needing to quickly come up to speed on the most pressing security developments.

Loading summary

Transcript4 lines

[00:00]
A
From the CISO series, it's Cybersecurity Headlines
[00:07]
B
these are the cybersecurity headlines for Monday, June 1, 2026. I'm Steve Prentiss. Palo Alto Global protect VPN AUTH bypass flaw now exploited in attacks the company is warning that hackers are now exploiting a Panos Global Protect Authentication bypass flaw in attacks attempting to breach corporate networks. The CVE numbered flaw was fixed earlier in May. However, on Friday, the advisory was updated to warn that the flaw was being exploited in attacks against unpatched devices, raising the severity rating too high. And as of Friday, it has also been added to the CISA Kev catalog. ChatGPT share links used to host fake outage pages to deliver malware Cybercriminals are abusing ChatGPT's sharing feature to distribute malware through a campaign researchers call LLMShare. Attackers create legitimate looking ChatGPT share pages hosted on OpenAI's domain and use them to display fake service outage messages. Victims are told they can continue using ChatGPT by downloading a supposed desktop application, which is of course malware. Researchers found that the campaign leveraged online advertising and users trust in recognizable AI brands to increase success rates. This is a different ChatGPT hacking story from the Gray Vibe story presented Friday. Federal audit reveals NIST's NVD problems A report released on Thursday from the Department of Commerce found that nist, the National Institute of Standards and Technology, has mismanaged a critical cybersecurity vulnerability database through poor planning, inefficient operations, duplicate federal programs and failure to communicate with users. The National Vulnerability Database, also known as nvd, collects information about computer security flaws and adds details like severity ratings and affected products. In February of 2024, the database's enrichment contract lapsed, creating a backlog of unprocessed security flaws that has only grown worse. NIST leaders admitted they had no long term plan for clearing the backlog, even as it grew from about 13,000 unprocessed security flaws in June 2024 to over 27,000 by the end of 2025. Google Security Engineer accused of profiting off confidential search trends on polymarket Security Engineer Michele Spagnolo, a 36 year old Italian citizen who lives in Switzerland, was arrested in New York charged with crimes related to bet allegedly placed on the decentralized prediction market platform that allows users to place bets on the outcomes of real world events. He is accused of using confidential information pulled from Google systems. According to the Justice Department, he quote, allegedly abused internal access to Google's non public year in search data and placed a series of bets on the most searched people on Google in 2025. End quote. The scam made him $1.2 million but now carries a possible maximum sentence of. Huge thanks to our sponsor Vanta. Your team just added its 67th AI tool and unfortunately also your 67th security blind spot. The good news? The Vanta agent works like a GRC engineer in the background, finding every app your team uses, scoring the risk and drafting fixes for you. Vanta is the platform used by over 16,000 fast moving companies like Ramp, Cursor and Harvey who are shaping the future with AI and staying ahead of AI risk. Get started today at Vanta.com headlines that is V A N T A dot com headlines. North Korea's Kim Suki Deploys HTTP Spy in New Attack the state sponsored threat actor, also known as Velvet Kollima, is being identified as responsible for a new wave of cyberattacks targeting South Korean military and corporate entities these past two months. It used social engineering tactics including spoofing security software installation packages and crafting a fake WebEx meeting page that leveraged a legitimate meeting schedule. This is according to the white hack hacking group Enki Enki. In an analysis published this week, Kim Suki has used these attacks to deliver a variant of a known malware family dubbed httpspy malicious npm packages published mimicking OpenSearch and Elasticsearch libraries. This appears to be the work of a lone wolf NPM user who on Thursday published 14 malicious packages within a four hour window. According to Microsoft, these mimicked popular OpenSearch, Elasticsearch, DevOps and Environment Configuration libraries. The attacker used a newly created maintainer alias to target Amazon Web Services, HashiCorp Vault, GitHub Actions and the NPM Registry itself. As pointed out in the Register, these types of attacks allow the actor to move laterally across cloud environments, steal additional sensitive data, and push even more poisoned updates to packages owned by hijacked maintainer identities. Thus expanding the attack beyond the initial 14 SoftBank to invest up to 75 billion euros to build French data centers. The company, which among other things is both an investor in and customer of OpenAI, announced on Saturday that it plans to spend this money, which is around US$87 billion, to expand operations in France to enable up to 5 gigawatts of additional data center capacity. The first phase involves building data centers in Dunkirk, Bockel and Beauchamp, all in northern France. This, they say, will be its largest AI infrastructure investment in Europe to date. California Attorney General sues 23andMe over a 2023 breach California Attorney General Rob Bonta filed the lawsuit against 23andMe over the company's failure to protect sensitive customer genetic and personal information. This led to a high profile data breach in 2023 that exposed the sensitive information of nearly 7 million customers, including more than 850,000 Californians. The California based company confirmed that the leaked data was genuine and claimed that it had been extracted following a credential stuffing attack targeting accounts with weak credentials. The incident exposed genetic data, health predisposition information, ancestry and ethnicity information, biological relatives and DNA matches Remember to subscribe to The CISO Series YouTube channel. We're featuring new shorts, videos daily, plus original interviews, demos and clips from all our podcasts, plus our Department of Know livestream each and every Friday at 4pm Eastern. So why not go ahead and subscribe to the CISO series YouTube channel today? And if you have some thoughts on the news from today or about this show in general, please be sure to reach out to us@feedbackisoseries.com we would love to hear from you. I'm Steve Prentiss reporting for the CISO Series.
[08:16]
A
Cybersecurity headlines are available every weekday. Head to cisoseries.com for the full stories behind the headlines.
[08:24]
B
It.