Here are the top cybersecurity stories for Monday, June 15, 2026.
Agentjacking: Fake Sentry Error Reports Hijack AI Coding Agents With 85% Success Rate
Researchers at Tenet Security disclosed a novel attack class called “Agentjacking” that uses Sentry’s open event ingestion architecture to inject malicious instructions into AI coding agents. By sending a crafted error event using only a publicly discoverable Sentry DSN, attackers cause agents including Claude Code, Cursor, and Codex to execute attacker-controlled commands with the developer’s own system privileges. Tenet achieved an 85% exploitation success rate in testing and identified at least 2,388 organizations with injectable DSNs. The Hacker News
Maine Pulls Breach Notification Portal After Fraudulent VRChat and Discord Filings
Maine’s Office of the Attorney General took its public data breach notification portal offline after an unknown actor submitted fraudulent breach disclosures impersonating VRChat and Discord. The fake VRChat filing claimed 2.4 million users were affected; neither company confirmed any incident. The portal published breach notices automatically without independent verification, a design flaw now under review. BleepingComputer
Atomic Arch: 400+ Arch Linux AUR Packages Hijacked to Deploy eBPF Rootkit and Infostealer
A supply chain campaign dubbed “Atomic Arch” has compromised more than 400 Arch User Repository packages by claiming ownership of orphaned projects through AUR’s standard adoption process. Injected build scripts deploy a Rust-based credential stealer targeting developer secrets; when run with root privileges, the malware also loads an eBPF rootkit that hides its processes from standard tools like ps and htop. Official Arch repositories were not affected. The Hacker News
phpBB Forum Software Patches 10-Year-Old Authentication Bypass — CVSS 9.4
Aikido Security disclosed a critical authentication bypass in phpBB tracked as PTT-2026-004, rated CVSS 9.4, that allows an attacker to log in as any user including administrators with a single HTTP request using only the target’s username. The flaw existed in the codebase for roughly a decade and affects phpBB versions 3.3.16 and below. phpBB patched the issue in version 3.3.17 on June 6. BleepingComputer
Ukrainian Conti Ransomware Developer Pleads Guilty After Extradition From Ireland
Oleksii Oleksiyovych Lytvynenko, 44, pleaded guilty to conspiracy to commit wire fraud for developing a malware loader used in Conti ransomware attacks that infected more than 1,000 networks and generated at least $150 million in ransom payments between 2020 and 2022. Lytvynenko was arrested in Ireland in July 2023 and extradited to the United States. He faces up to 20 years in prison and is scheduled for sentencing September 10, 2026. BleepingComputer
Nightspire Ransomware Claims Canadian Entertainment Tech Firm WaxWorks
The Nightspire ransomware group listed Canadian firm WaxWorks Inc. on its extortion site on June 14, 2026, threatening to publish stolen data if ransom demands go unmet. The estimated breach date is May 17, 2026. Nightspire gains initial access primarily through CVE-2024-55591, a critical authentication bypass in FortiOS and FortiProxy, and has claimed over 250 victims globally since emerging in March 2025. DeXpose
Infinite Campus Confirms Salesforce Breach Exposing 137,000 School Staff Accounts
K-12 student information system provider Infinite Campus disclosed a data breach involving more than 137,000 school staff accounts after the ShinyHunters group claimed the theft via a Salesforce attack. The breach data was added to Have I Been Pwned on June 15, 2026. Infinite Campus serves more than 3,200 school districts covering 11 million students across 46 US states. Exposed data consisted primarily of staff names and contact information. BleepingComputer
Krebs on Security Unmasks The Gentlemen Ransomware Admin as Russian Man From Izhevsk
Brian Krebs published an investigation tracing the administrator of The Gentlemen ransomware group — operating under aliases Hastalamuerte and Zeta88 — to Alexander Andreevich Yapaev, a 36-year-old from Izhevsk, Russia. The Gentlemen is the second most active ransomware-as-a-service operation by victim count in 2026, with 332 published victims, and attracts affiliates with a 90/10 revenue split. The group targets internet-facing VPNs and firewalls and uses AI to develop its tooling. Krebs on Security
Secure Boot Certificate Deadline Now 11 Days Away — June 26 Enforcement Begins
Windows users and IT teams have 11 days to ensure systems have received the Secure Boot certificate updates replacing the expiring Microsoft Corporation KEK CA 2011 (expires June 24) and Microsoft UEFI CA 2011 certificates. Systems missing the transition will lose boot-critical security updates and malware blacklists going forward. Enterprise environments on Intune should check the Autopatch readiness report; most up-to-date systems receive the update automatically via Windows Update. BleepingComputer
Stay tuned for today’s in-depth analysis posts.
