26 Jun 2026
Week in review
Greetings,
Global cyber security leaders are urging organisations to rethink their approach to risk as AI rapidly reshapes both the scale and speed of cyber attacks. In a joint statement, the Five Eyes alliance, comprising Australia, the United States, the United Kingdom, Canada and New Zealand, has warned that the impact of frontier AI models will be felt far sooner than many organisations expect.
According to the advisory, these next-generation systems are poised to transform offensive and defensive cyber capabilities “within months, not years,” dramatically reducing the time between discovering and exploiting vulnerabilities. This acceleration is lowering barriers to entry for malicious actors, enabling less sophisticated attackers to launch complex, high-impact operations with increasing efficiency.
Coverage from The Record reinforces this message, highlighting growing government concern that powerful AI tools can already identify and exploit software flaws at a pace that exceeds human response. In some cases, advanced models have demonstrated an ability to uncover vulnerabilities and generate exploit pathways in hours, intensifying fears that cyber defences may struggle to keep up.
Despite the urgency, the Five Eyes agencies emphasise that the fundamentals of cyber security remain critical. Their guidance focuses on strengthening baseline practices such as rapid patching, reducing system exposure, improving identity controls and preparing thoroughly for inevitable breaches. They also stress that cyber risk is now a core organisational risk, rather than a purely technical issue, requiring strategy and leadership accountability.
Importantly, the statement balances its warning with opportunity. While adversaries are already leveraging AI, organisations are urged to adopt the same technologies to enhance detection, improve resilience and respond more quickly to incidents.
This message serves as an important reminder that AI is a present and accelerating force. Organisations that act decisively now will be better positioned to manage emerging risks, while those that delay may face growing operational, financial and reputational consequences.
Splunk Enterprise Vulnerability Exploited in Attacks Days After Disclosure
Date: 2026-06-19
Author: Security Week
A critical Splunk Enterprise vulnerability is being exploited in attacks only days after its public disclosure, and organizations have been urged to patch it immediately.
The vulnerability is tracked as CVE-2026-20253 and Splunk’s advisory says it can be exploited by an unauthenticated attacker to create or truncate arbitrary files via a PostgreSQL sidecar service endpoint.
“The vulnerability exists because the PostgreSQL sidecar service endpoint lacks authentication controls, allowing any network-reachable user to invoke file operations without credentials,” Splunk said in its advisory.
Cisco Unified CM flaw CVE-2026-20230 now exploited in attacks
Date: 2026-06-23
Author: Bleeping Computer
[See AUSCERT Bulletin https://portal.auscert.org.au/bulletins/ESB-2026.6126]
A high-severity SSRF vulnerability, tracked as CVE-2026-20230, in Cisco Unified Communications Manager Server is now being exploited in attacks.
Cisco released security updates for the CVE-2026-20230 flaw on June 3, warning that exploitation could give attackers root privileges on the device.
"A vulnerability in Cisco Unified Communications Manager (Unified CM) and Cisco Unified Communications Manager Session Management Edition (Unified CM SME) could allow an unauthenticated, remote attacker to conduct server-side request forgery (SSRF) attacks through an affected device," warned Cisco.
ASD to retire Essential Eight cyber security framework within next two years
Date: 2026-06-24
Author: iTnews
Its replacement reflects a changing reality for security teams.
The Australian Signals Directorate intends to retire its Essential Eight guidance framework within two years, to keep up with shifting cyber security sands.
Replacing Essential Eight will be a broader "Essentials" series designed to cover enterprise IT, cloud, operational technology, and potentially agentic artificial intelligence (AI) as distinct security domains.
15,000 WordPress Websites Cleaned Up in SocGholish Botnet Takedown
Date: 2026-06-19
Author: Security Week
[AUSCERT have contacted the potentially impacted members via email]
Law enforcement agencies in four countries, working with Europol and private partners, have disrupted SocGholish infrastructure and cleaned up nearly 15,000 infected WordPress websites.
Active since 2017 and also known as FakeUpdates, SocGholish is a malware framework injected into websites running popular content management systems, such as WordPress, Joomla, and Drupal, either via known vulnerabilities or stolen credentials.
FortiBleed Targeted FortiGate Firewalls in 110 Million-Credential Harvesting Operation
Date: 2026-06-23
Author: The Hacker News
A Russian-speaking initial access broker (IAB) driven by financial gain is assessed to be behind a large-scale credential-harvesting operation known as FortiBleed that has targeted over 430,000 FortiGate firewalls globally.
The campaign, active since February 2026, involves collecting credential lists, searching for exposed services, brute-forcing accessible systems, and deploying bespoke sniffers on compromised firewalls.
"Once deployed, these sniffers capture cleartext and hashed credentials from traffic passing through compromised devices," SOCRadar said [PDF] in a fresh report. "The actors then crack, validate, and reuse the credentials against Active Directory domains and other exposed services."
ESB-2026.6227.3 – Cisco Catalyst SD-WAN Manager: CVSS (Max): 10.0
A severe vulnerability allowed an authenticated, local attacker to execute arbitrary commands as root via a crafted file into the affected system. Cisco has released updates that address this issue.
ESB-2026.6871 – MISP: CVSS (Max): 9.4
This MISP update addresses two RCE vectors, an authentication hardening issue and various fixes across the controller layer. Upgrading is strongly recommended.
ESB-2026.6891 – IBM MQ container software: CVSS (Max): 10.0*
IBM MQ Operator and Queue Manager container images had multiple severe vulnerabilities addressed. IBM strongly recommends applying the latest container images.
ESB-2026.6951 – Tenable Identity Exposure: CVSS (Max): 9.9
Several third party components of Tenable Identity Exposure were found to contain numerous vulnerabilities. Updated/patched versions have been provided by the respective vendors to address reported vulnerabilities.
ESB-2026.7052 – chromium: CVSS (Max): 9.6*
Execution of arbitrary code, denial of service and information disclosure were security issues recently discovered in Chromium. These issues have been addressed in version 149.0.7827.196-1~deb13u1.
Stay safe, stay patched and have a good weekend!
The AUSCERT team
