Chrome 0-Day, UniFi Exploits, macOS Stealers, VPN Flaw and More

Ravie LakshmananJun 15, 2026Cybersecurity / Hacking

Stuff broke again. Not in a movie way. An old tool was left exposed. An abandoned package was abused. A deprecated feature was still running in prod.

This week is the same lesson in a new form: phishing kits are easier to rent, AI names are useful bait, old login paths still fail, and forgotten software keeps becoming someone else’s entry point.

Scroll through the full Monday Cybersecurity Recap below for the news, tools, webinars, and fixes worth your time this week.

⚡ Threat of the Week

Google Patches Actively Exploited Chrome 0-Day – Google released security updates to address 74 vulnerabilities, including one that has come under active exploitation in the wild. The high-severity vulnerability, tracked as CVE-2026-11645 (CVSS score: 8.8), has been described as an out-of-bounds memory access in V8, Chrome’s JavaScript and WebAssembly engine. Google acknowledged that an “exploit for CVE-2026-11645 exists in the wild,” but stopped short of sharing additional specifics to ensure that a majority of the users are updated with a fix and to prevent further exploitation. Google has addressed a total of five actively exploited Chrome zero-days since the start of the year. This includes CVE-2026-2441, CVE-2026-3909, CVE-2026-3910, and CVE-2026-5281.

• ShinyHunters Gang Exploits Oracle PeopleSoft Zero-Day – The ShinyHunters (aka UNC6240) extortion crew exploited an unpatched flaw in Oracle PeopleSoft (CVE-2026-35273, CVSS score: 9.8) to break into enterprise networks. The vulnerability relates to a missing authentication for a critical function that could allow an unauthenticated attacker to obtain takeover of PeopleSoft Enterprise PeopleTools. According to Google Mandiant, the exploitation activity was observed between May 27 and June 9, 2026. Following a successful compromise, the attackers have been observed conducting targeted internal reconnaissance using MeshCentral, lateral movement, and data exfiltration. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added the flaw to its Known Exploited Vulnerabilities (KEV) catalog, giving Federal Civilian Executive Branch (FCEB) agencies until June 15, 2026, to apply the fixes. The campaign has mainly targeted the higher education sector; 68% of the more than 100 notified organizations were universities and colleges. “The observed exploitation targeted PeopleSoft’s Environment Management Hub (PSEMHUB) endpoints, and data stolen during the campaign was published on the ShinyHunters Data Leak Site (DLS) on June 9, 2026,” Rapid7 said.
• 100s of Arch Linux Packages Compromised to Push Rootkit and Stealer – Unknown threat actors have managed to compromise hundreds of legitimate-but-abandoned packages in the Arch User Repository (AUR) and modify them with preinstall scripts that download and execute a malicious npm package called atomic-lockfile. The campaign has been codenamed Atomic Arch by Sonatype….