Loading summary
A
CISA changes federal patching rules due to AI A House Republican was hacked by Russia Shiny Hunters go on an Oracle hacking spree and NPM will block auto run install scripts by default. This is the Risky Bulletin prepared by Catalyn Kim Panu and read by me, Claire aird. Today is the 12th of June and this podcast episode is brought to you by Spectrops. In today's top story, CISA has updated its patching rules for federal agencies, citing the danger of automated attacks. The new rules give agencies just three days to patch bugs that can be easily automated and are being exploited in the wild. Bugs that pose smaller risks or are more difficult to exploit have deadlines of between 14 and 60 days. If agencies cannot apply patches in time, they'll have to disconnect systems from the Internet or or remove them from their networks. In other news, the Shiny Hunters hacking group is using a zero day vulnerability to steal sensitive data from Oracle PeopleTools platforms. The zero day allows unauthenticated remote attackers to run code and take over the platform. Attacks have been observed in the wild since late May. Oracle released an out of band security update on Wednesday to patch the issue. The UK's University of Nottingham was the first known victim. A proposal for a dedicated U.S. cyber Force military branch has been rejected by a Senate committee. The provision to establish the US Cyber force was removed from the annual National Defence Authorisation act after a 1413 vote in the Senate Armed Services Committee. Suspected Russian hackers have breached the signal account of Don Bacon, a Republican congressman representing Nebraska. The FBI notified him that his account was hacked this week. Bacon is a known critic of the Kremlin. The U.S. federal Communications Commission wants to implement strong know your customer rules for American telcos. Under the proposal, telcos would have to store personal data on new and existing customers, including their names, government IDs and device details. The FCC says the stringent rules are needed to combat fraud and robocalls. Critics say the proposed changes would make it impossible to have anonymous numbers or burner phones in the us. The UK government has weakened proposed cybersecurity rules for telecom operators after intense lobbying from the industry. The government proposed the rules in the aftermath of the salt typhoon hacks. According to the record, telcos argued the proposed security standards were impractical and expensive. The Canadian government has proposed a social media ban for children under the age of 16. If passed, platforms could receive exemptions by proving their platforms are safe. Canada is the latest in a long list of countries considering social media age restrictions. South Korea has fined American retailer Coupang a record $409 million over a 2025 data breach. The breach exposed the information of 34 million Korean citizens. The the fine represents around 1.7% of the company's 2025 sales. South Korean firms can be fined up to 3% of their annual sales for security and privacy violations. The breach was traced back to a Chinese software engineer who's since left the country. Coupang says it will appeal the fine. Hackers are extorting the Jamaican Health Ministry. A threat actor has threatened to release stolen data if the National Health Fund does not pay a ransom. The government says it's still investig whether a breach occurred. Hackers have claimed to have stolen the personal information of more than 67 million Thai citizens. The data was allegedly taken from a government agency that manages healthcare entitlements. The Thai government has launched a probe of the incident after some of the stolen data was posted on hacker forums. A major Australian sugar mill has paused operations following a cyber attack this week Mackay Sugar has shut down sugar milling and cane haulage at two of its mills. The cyber attack has hit and at the beginning of the annual sugarcane crushing season. The company is Australia's second largest sugar producer. The FBI has seized 13 domains used by Chinese spies to recruit Americans who've access to classified or sensitive data. The websites impersonated consulting companies and think tanks. They offered so called consultancy fees to former American officials in exchange for sensitive information. The seizures came a week after Five Eyes intelligence agencies issued a joint warning on the the campaign. A Canadian court has approved the extradition of a local man to face hacking charges in the U.S. ryan James Roach is accused of hacking a New York educational institution in 2017 and deploying a crypto miner on its supercomputer. Prosecutors say the breach caused damages of $337,000. Europol has seized a cryptocurrency mixer that was used by ransomware groups to launder their profits. The Audi A6 service is suspected of laundering more 336 million euros between 2022 and 2025. Two administrators, a Ukrainian and a Russian national were also arrested in the country of Georgia. The Dutch Court of Appeal has reduced the prison sentence of the director of crypto phone maker Enetcom to 10 months behind bars. He was originally sentenced to 54 months in prison. Authorities seized Enetcom's operations in 2016 and the court reduced the sentence because the legal proceedings had been running for 10 years. The company sold closed system encrypted BlackBerry phones primarily to criminal groups. A member of a Russian state sponsored hacking group has been extradited from Thailand and charged in the us. Denise Obryzka was arrested in November last year. He's believed to be a member of the Void Blizzard apt, also known as Laundry Bear. Obryzgar is accused of hacking U.S. companies and harvesting their email inboxes. A Vietnamese APT group has been observed conducting domestic espionage. The Ocean Lotus group has been linked to hacks of a major construction company and investors. The group's been active for 15 years and most of its operations have targeted neighbouring countries, particularly China. A new cyber espionage group is targeting Cambodian government officials in spearfishing campaigns. Two separate campaigns have targeted the country's defence and civil sectors with a new malware strain called Nightforce. Evidence suggests the group may be a Chinese apt, but no formal attribution has been made. A botnet operated by Chinese state sponsored hackers is still operating despite a US takedown operation. The JDY botnet is part of the Vault Typhoon infrastructure and is used for scanning and reconnaissance operations. According to Lumen's Black Lotus Labs, the botnet has grown from 650 devices two years ago to more than 1,500 today. Most are hacked SoHo routers and IoT devices. Chinese hackers used ChatGPT to automate two influence operations targeting the American public and tech sectors. The campaign sought to undermine America's push to build AI data centers, the dominance of American AI companies and President Trump's tariffs strategy. They use ChatGPT to generate social media comments and images. Microsoft has patched an exchange zero day that's being exploited in the wild. The zero day allows attackers to run malicious JavaScript code in exchange inboxes under certain conditions. Microsoft first disclosed the attacks in May and released a temporary mitigation. It released a full security update on Tuesday. Hackers are exploiting a pre authentication remote code execution bug to take over Ivanti Sentry mobile gateways. The bug was patched on Tuesday. Attacks began hours after a detailed write up was published on Thursday. Avanti Sentry was previously known as Mobile Incentry. Developers of the PHP BB forum software have patched a major vulnerability that can allow threat actors to hijack any user session. The bug impacts all PHP BB versions released within the past decade. Forums are vulnerable in their default setup if OAuth authentication is enabled and finally NPM will block all auto running installation scripts starting from next month's Release of version 12.0. The change aims to counter the rising number of supply chain attacks on the platform. Threat actors are currently hiding malicious commands inside install scripts. These get auto executed when a victim installs a new package. And that is all for this podcast edition. Today's show was brought to you by our sponsor, Spectrops. Find them@Spectropsio. Thanks for your company.
Podcast: Risky Bulletin (Risky Business Media)
Date: June 12, 2026
Host/Presenter: Claire Aird
Prepared by: Catalyn Kim Panu
This episode delivers a brisk roundup of global cybersecurity news, focusing on new federal vulnerability patching policies in the U.S., major data breaches, regulatory updates, and noteworthy actions by cybercriminals and law enforcement. The main theme is the mounting pressure on governments and organizations to keep pace with both the speed and sophistication of cyber threats—especially as AI-driven and automated attack methods become more common.
Dutch Appeal Reduces Prison Term for Enetcom Director (05:01–05:17)
Russian State Hacker Extradited/Charged in US: (05:18–05:29)
This Risky Bulletin maintains the signature concise, no-nonsense Risky Business tone, breaking down fast-moving developments from the past week without editorialization or speculation, providing just enough detail for professionals to track major trends.
This episode is a dense, fast-paced tour through major cybersecurity developments, emphasizing the interplay between accelerated threat actor capabilities and regulatory, law enforcement, and technical countermeasures.