IAM & Security Weekly Briefing

Week of: 2026-06-14 to 2026-06-20

---

1. Executive Summary (TL;DR)

• Klue OAuth token breach expands to multiple victims, with Salesforce disabling the integration and Icarus extortion group claiming the attack.
• FortiBleed campaign exposes ~86,000 FortiGate devices, with CISA urging immediate action after credential harvesting at scale.
• Microsoft links Mastra AI supply chain attack (145 compromised npm packages) to North Korean Sapphire Sleet group.
• Researchers detail AutoJack attack chain that lets a single web page hijack AI browsing agents for host code execution.
• China-linked espionage group abused Google Workspace rules to exfiltrate research and defense emails after stealing REDCap credentials.
• CISA adds Splunk Enterprise, Joomla JCE, and LiteSpeed cPanel flaws to KEV catalog amid active exploitation.
• Novo Nordisk breach highlights that secrets management is fundamentally an identity problem, not a tooling issue.
• AI agents are emerging as a new identity class, with most organizations lacking governance for non-human identities.

---

2. Top IAM & Security News

Klue OAuth Breach Victim List Grows as Icarus Hackers Claim Attack

• Source: BleepingComputer
• Link: BleepingComputer
• Date: 2026-06-19
• What happened: Threat actors stole OAuth tokens from Klue's Battlecards app used to connect to customer Salesforce environments; Salesforce disabled the integration and multiple organizations, including cybersecurity vendor Huntress, were impacted.
• Why it matters: OAuth token theft from third-party integrations represents a critical identity supply chain risk — one compromised integration can cascade into data theft across every connected customer tenant.

CISA Warns Fortinet Users to Secure Devices After FortiBleed Leak

• Source: BleepingComputer
• Link: BleepingComputer
• Date: 2026-06-19
• What happened: Nearly 74,000–86,644 FortiGate firewall and VPN credentials were exposed in a sweeping campaign by Russian-speaking threat actors targeting devices across 200 countries.
• Why it matters: Compromised VPN credentials provide direct network access, bypassing perimeter defenses — organizations must immediately rotate credentials and enforce MFA on all VPN and firewall administrative interfaces.

Microsoft Links Mastra AI Supply Chain Attack to North Korean Hackers

• Source: BleepingComputer
• Link: BleepingComputer
• Date: 2026-06-20
• What happened: A single npm contributor account was hijacked to compromise 145 @mastra/* packages used in AI application development, attributed to North Korea's Sapphire Sleet (BlueNoroff).
• Why it matters: Software supply chain attacks targeting AI development frameworks are escalating — teams must audit npm dependencies, enforce package signing, and monitor for unexpected package updates.

Chinese Hackers Abused Google Workspace Rules to Steal Research and Defense Emails

• Source: The Hacker News
• Link: The Hacker News
• Date: 2026-06-15
• What happened: A China-linked espionage group stole REDCap research server credentials, then rewrote victims' Google Workspace mail routing rules to silently exfiltrate sensitive research and defense emails for over a year.
• Why it matters: This attack demonstrates how credential theft combined with cloud identity abuse (mailbox rules) enables long-term, stealthy data exfiltration — monitor for unauthorized changes to email forwarding and inbox rules.

CISA: Splunk Enterprise Flaw Actively Exploited, Patch by Sunday

• Source: BleepingComputer
• Link: BleepingComputer
• Date: 2026-06-19
• What happened: CISA added a critical Splunk Enterprise vulnerability to its KEV catalog, requiring federal agencies to patch by Sunday amid active exploitation.
• Why it matters: Splunk is a central security operations tool — unpatched instances give attackers direct access to log data, credentials, and monitoring blind spots.

Texas Govt Data Breach Exposes Over 3 Million Driver's Licenses

• Source: BleepingComputer
• Link: BleepingComputer
• Date: 2026-06-19
• What happened: The Texas Parks and Wildlife Department disclosed a breach at its license system vendor that exposed personal information for more than three million individuals.
• Why it matters: Third-party vendor access to sensitive PII remains a top identity governance blind spot — organizations must inventory and audit all vendor data access, especially for government-issued identifiers.

Novo Nordisk Breach Highlights Software Development Pipeline Risk

• Source: Dark Reading
• Link: Dark Reading
• Date: 2026-06-18
• What happened: A leaked GitHub token exposed Novo Nordisk's software development pipeline, with analysts noting the root cause is treating secrets management as a tooling problem rather than an identity problem.
• Why it matters: Machine identities (tokens, service accounts, API keys) in CI/CD pipelines require the same governance as human identities — implement short-lived credentials, secret rotation, and token lifecycle management.

---

3. AI, Identity & Emerging Tech

Every AI Agent Is an Identity. Most Organizations Don't Treat Them That Way

• Source: BleepingComputer
• Link: BleepingComputer
• Date: 2026-06-19
• What happened: Token Security highlights that AI agents accessing data, triggering workflows, and deploying code are becoming a new identity and governance challenge with little oversight.
• Why it matters: AI agents represent a new class of non-human identities that require identity lifecycle management, least-privilege access controls, and continuous authorization — treat them like privileged service accounts.

AutoJack Attack Lets One Web Page Hijack AI Agent for Host Code Execution

• Source: The Hacker News
• Link: The Hacker News
• Date: 2026-06-19
• What happened: Microsoft researchers detailed AutoJack, an exploit chain where a web page's JavaScript can hijack an AI browsing agent to achieve remote code execution on the host machine without credentials or user interaction.
• Why it matters: AI agents with browser access create new attack surfaces — organizations must sandbox agent execution environments and restrict agent permissions to prevent lateral movement from agent compromise.

Orphaned AI Agents: How to Find Hidden Access Risks Inside Your Network

• Source: The Hacker News
• Link: The Hacker News
• Date: 2026-06-18
• What happened: Research reveals that most enterprises cannot instantly identify who authorized an AI agent accessing core intellectual property, with orphaned agents and standing privileges creating administrative debt.
• Why it matters: Unmanaged AI agents with standing privileges are a ticking time bomb — implement agent identity lifecycle management, including deprovisioning when creators leave and time-bound access tokens.

Forget Data Leakage: Shadow AI's Real Threat Is Access Control

• Source: The Hacker News
• Link: The Hacker News
• Date: 2026-06-19
• What happened: Analysis argues that Shadow AI has shifted from a data leakage concern to an access control problem, with the threat being what AI tools can access rather than what data is pasted into them.
• Why it matters: IAM teams must shift focus from DLP-only approaches to implementing granular access controls for AI tools, including just-in-time permissions and continuous authorization monitoring.

One-Click Microsoft 365 Copilot Flaw Could Have Let Attackers Steal Emails, Files, and MFA Codes

• Source: The Hacker News
• Link: The Hacker News
• Date: 2026-06-15
• What happened: Varonis disclosed SearchLeak — three chained bugs in Microsoft 365 Copilot Enterprise Search allowing one-click exfiltration of emails, calendar data, and files via a legitimate microsoft.com link.
• Why it matters: AI-powered search tools inherit the access of the user and can become data exfiltration vectors — monitor Copilot activity logs and restrict Copilot access to sensitive data repositories.

LiteLLM Vulnerability Chain Lets Low-Privilege Users Take Over AI Gateway Servers

• Source: The Hacker News
• Link: The Hacker News
• Date: 2026-06-15
• What happened: Three chained vulnerabilities in LiteLLM, a popular open-source AI gateway, allow low-privilege users to escalate to full admin and execute code on the server, exposing all provider API keys and secrets.
• Why it matters: AI gateways concentrate access to multiple model provider keys — a single compromise can cascade across all connected AI services. Apply patches immediately and restrict gateway administrative access.

Google Vertex AI SDK Flaw Let Attackers Hijack Model Uploads via Bucket Squatting

• Source: The Hacker News
• Link: The Hacker News
• Date: 2026-06-16
• What happened: Palo Alto Networks Unit 42 discovered a "Pickle in the Middle" attack in the Google Cloud Vertex AI SDK that let attackers with no project access hijack ML model uploads and run code in Google's serving infrastructure.
• Why it matters: AI/ML pipelines introduce new identity and trust boundaries — validate model integrity, implement signed uploads, and restrict which identities can push models to production.

---

4. Cyber Threats & Attack Trends

FortiBleed: Sweeping Credential-Harvesting Campaign Compromises 30K+ Fortinet Devices

• Source: Dark Reading
• Link: Dark Reading
• Date: 2026-06-17
• What happened: Attackers actively targeting FortiGate devices across nearly 200 countries have compiled working credentials for tens of thousands of compromised devices, with CISA warning of ongoing exploitation.
• Why it matters: This is a large-scale identity compromise of network edge devices — credentials for VPNs and firewalls are the keys to the kingdom. Rotate all FortiGate credentials, enforce MFA, and audit device access logs.

Klue OAuth Token Theft: Salesforce Disables Integration After Customer Data Exposed

• Source: The Hacker News
• Link: The Hacker News
• Date: 2026-06-19
• What happened: Salesforce disabled the Klue Battlecards app integration after OAuth token abuse exposed customer data; this is the third integrated application compromised to steal Salesforce data.
• Why it matters: OAuth token theft from SaaS integrations is a growing attack pattern — implement OAuth token expiration, monitor for anomalous token usage, and review third-party app permissions regularly.

DragonForce Hackers Abuse Microsoft Teams Relays to Hide Backdoor C2 Traffic

• Source: The Hacker News
• Link: The Hacker News
• Date: 2026-06-18
• What happened: DragonForce ransomware actors deployed a custom Go-based RAT (Backdoor.Turn) that conceals C2 traffic inside Microsoft Teams relay infrastructure against a major U.S. services firm.
• Why it matters: Attackers are abusing trusted SaaS platforms for C2 communication, bypassing traditional network detection — monitor Teams traffic for anomalous patterns and restrict Teams API access.

INC Ransomware Emerges as Major RaaS Threat with 830+ Victims Since 2023

• Source: The Hacker News
• Link: [The Hacker News](https://thehackernews.com/2026/06