OriginBrief
lockCybersecurity Threats·Week 2, June 2026·生成日 June 2026·11件のソース

Cybersecurity Threats2026年6月14日 週次レポート

XでシェアLinkedInでシェア

重要な発見

1

重要な発見(12件)

  • 1.'The Gentlemen' ransomware-as-a-service group has emerged as the second most active ransomware gang by victim count, claiming at least 332 published victims since mid-2025 with more than 240 in 2026 alone, offering affiliates a 90/10 revenue split to attract experienced operators from competing programs [9].
  • 2.Oracle PeopleSoft zero-day CVE-2026-35273 is under active exploitation by ShinyHunters, with Mandiant confirming the education sector as a primary target and SecurityWeek reporting the University of Nottingham confirmed a breach with more than 450,000 email addresses leaked [2] [5].
  • 3.CISA issued Binding Operational Directive BOD 26-04 on June 10, 2026, requiring federal agencies to patch maximum severity vulnerabilities in as little as 3 days, with a CISA official warning that 'defenders cannot afford to take weeks to patch' in the context of AI-accelerated threats [6] [11].
  • 4.Mandiant's Google Threat Intelligence Group published its 2026 AI Threat Tracker, documenting adversary use of AI for zero-day exploits, autonomous malware, and industrial-scale cyber operations, while Wired reported that frontier AI is collapsing the exploit window for defenders [5] [10].
  • 5.Microsoft's June 2026 Patch Tuesday addressed 206 vulnerabilities including three publicly disclosed zero-days, a significant increase from the 130 CVEs patched in May 2026, with SecurityWeek warning about zero-day attacks exploiting Exchange Server vulnerability CVE-2026-42897 [2] [7].
  • 6.Infostealers have become a primary credential theft vector fueling ransomware operations, with the OnyxC2 Stealer targeting more than 200 applications and extensions at $250 per month while evading detection through encrypted payloads, DLL sideloading, and in-memory execution techniques [2].
  • 7.DOJ confirmed on June 12, 2026 that Ukrainian national Oleksii Oleksiyovych Lytvynenko, 44, pleaded guilty to conspiracy to commit wire fraud in connection with the Conti ransomware operation following extradition from Ireland [3].
  • 8.The FBI and DOJ disabled 13 websites backed by suspected Chinese agents that sought sensitive U.S. information from security clearance holders on June 11, 2026, corroborating CrowdStrike's 2026 Technology Threat Landscape Report identifying China as a primary cyber threat driver [4] [7].
  • 9.CISA added known exploited vulnerabilities to its KEV catalog, including a critical Ivanti Sentry flaw (CVE-2026-10520) allowing root-level remote code execution and a LiteLLM vulnerability (CVE-2026-42271) under active attack [8] [6].
  • 10.Mandiant documented a North Korea-nexus threat actor compromising the widely used Axios NPM package in a supply chain attack, representing a new development beyond the prior period's IronWorm/Shai-Hulud npm campaign [5].
  • 11.The FBI issued an active warning that threat actors are spoofing FIFA websites ahead of the 2026 World Cup, with CISA publishing venue-specific resources on June 11, 2026 as the threat window has now opened from the preparedness phase [4] [6].
  • 12.Anthropic formally launched Claude Fable 5 publicly with cybersecurity guardrails, with the public version described as unable to be used for cyberattacks, while the upgraded Mythos 5 model is being provided to Project Glasswing trusted partners [2] [10].
2

エグゼクティブサマリー(9件)

  • A significant new ransomware-as-a-service entrant, 'The Gentlemen,' has emerged as the second most active group by victim count with 332 published victims, its 90/10 affiliate revenue model actively drawing experienced operators away from established programs and accelerating victim accumulation — representing the most material structural change to the ransomware ecosystem documented in the current period [9].
  • CISA's BOD 26-04 represents the most aggressive federal patch mandate on record for the reporting cycle, compressing remediation windows to as little as 3 days for maximum severity vulnerabilities and explicitly citing AI-accelerated threats as the driver — organizations with federal contracts or supply chain relationships must treat this directive as a new compliance baseline [6] [11].
  • The active exploitation of Oracle PeopleSoft CVE-2026-35273 by ShinyHunters, confirmed by Mandiant and SecurityWeek with the University of Nottingham breach exposing 450,000+ email addresses, demonstrates that enterprise resource planning platforms remain a high-value, under-patched attack surface in the education sector [2] [5].
  • AI weaponization has deepened from operational observations to formally published intelligence: Mandiant's 2026 AI Threat Tracker now documents adversary AI use for zero-day discovery, autonomous malware, and industrial-scale operations, while CrowdStrike reported eCrime breakout times collapsing to as fast as 27 seconds — confirming that AI is restructuring the speed asymmetry between attackers and defenders (company announcement — may reflect promotional framing) [5] [7].
  • Patch volumes escalated from 130 CVEs in May 2026 Patch Tuesday to 206 in June 2026, with three publicly disclosed zero-days and active exploitation of Exchange Server CVE-2026-42897, compounding the structural patch debt challenge organizations face when CISA's BOD 26-04 simultaneously tightens remediation deadlines [2].
  • Law enforcement maintained an exceptional operational tempo with a Conti member guilty plea, 13 Chinese agent-backed websites disabled, a DNS hijacking network disrupted, and a Chinese state-sponsored hacker extradited from Italy — demonstrating expanding enforcement reach to state-sponsored actors and not just criminal groups [3] [4].
  • Infostealers have matured into an industrial-scale credential supply chain, with OnyxC2 Stealer targeting 200+ applications at $250/month, feeding ransomware operations with pre-validated access credentials and reducing the technical barrier for ransomware groups including the newly emerged 'The Gentlemen' [2].
  • The North Korea-nexus Axios NPM supply chain compromise documented by Mandiant signals an expansion of state-sponsored actors into widely used JavaScript infrastructure, building on the prior period's IronWorm npm campaigns and indicating the npm ecosystem faces threats from both criminal and nation-state actors simultaneously [5].
  • The FIFA World Cup 2026 cyber threat has transitioned from preparedness to active threat actor engagement, with FBI confirming spoofing activity against FIFA websites and CISA publishing venue resources — organizations with World Cup commercial relationships should treat this as an active threat window rather than a preparedness exercise [4] [6].
3

市場動向

AI Weaponization Deepens: Adversaries Leverage AI for Zero-Day Exploits and Industrial-Scale Operations

The use of AI by threat actors continues to escalate in sophistication. Mandiant's Google Threat Intelligence Group published its 2026 AI Threat Tracker, exploring how adversaries leverage AI for zero-day exploits, autonomous malware, and industrial-scale cyber operations [5]. Wired reported that the AI era is creating a 'bug-hunting arms race,' with frontier AI collapsing the exploit window for defenders [10]. According to CrowdStrike's blog, AI-powered adversary attacks increased 89% year-over…

Ransomware-as-a-Service Ecosystem Expands: 'The Gentlemen' Emerges as Second Most Active Group

A new ransomware-as-a-service group called 'The Gentlemen' has rapidly risen to become the second most active ransomware gang by victim count. According to KrebsOnSecurity, the group has claimed at least 332 published victims since its inception in mid-2025, with more than 240 in 2026 alone [9]. Check Point Software researchers found the group offers affiliates a 90/10 revenue split — compared to the industry standard 80/20 — accelerating growth by attracting experienced operators from competing…

Oracle PeopleSoft Zero-Day Under Active Exploitation by ShinyHunters

Oracle PeopleSoft servers came under active attack via a zero-day vulnerability. SecurityWeek reported that Oracle addressed CVE-2026-35273 amid reports of zero-day attacks, though Oracle has not confirmed whether it is a zero-day exploited in ShinyHunters attacks [2]. Mandiant published dedicated research titled 'ShinyHunters Targets Education Sector with Oracle PeopleSoft Exploit,' indicating the education sector is a primary target [5]. HelpNetSecurity corroborated the activity, featuring Ora…

Microsoft June 2026 Patch Tuesday: 206 Vulnerabilities Including Three Publicly Disclosed Zero-Days

Vulnerability patching volumes remained elevated in the current period. CrowdStrike reported that June 2026 Patch Tuesday saw Microsoft patch 206 vulnerabilities, including three publicly disclosed zero-days (company announcement — may reflect promotional framing) [7]. SecurityWeek separately reported that Microsoft patched 200 vulnerabilities, with three publicly disclosed before Microsoft addressed them, and warned about zero-day attacks exploiting Exchange Server vulnerability CVE-2026-42897 …

Infostealer Malware Becomes Primary Credential Theft Vector Fueling Ransomware Operations

Infostealers have emerged as a dominant threat vector, turning millions of devices into credential theft machines. SecurityWeek reported that as attackers increasingly favor stolen credentials over exploits, infostealers have become a primary source of access for ransomware and other cybercrime operations [2]. HelpNetSecurity reported that cybercriminals are moving away from mass phishing campaigns, with the assembly line behind 1.5 million malicious domains highlighted as a related infrastructu…

4

競合動向

CrowdStrike Publishes 2026 Technology Threat Landscape Report Focused on China's Cyber Ambitions

CrowdStrike released its 2026 Technology Threat Landscape Report on June 9, 2026, with China's ambitions identified as a primary driver of attacks (company announcement — may reflect promotional framing) [7]. This follows the previous period's Glassworm botnet takedown and Financial Services Threat Landscape Report, continuing CrowdStrike's pattern of high-cadence threat intelligence publishing. The report is corroborated by the FBI's June 11, 2026 action disabling 13 websites backed by suspecte…

CrowdStrike Expands Identity Security Leadership: OpenID Integration, Zscaler Partnership, and Analyst Recognition

CrowdStrike made multiple identity security moves in the current period (company announcements — may reflect promotional framing). On June 10, 2026, CrowdStrike expanded identity leadership with OpenID and IDPro integration [7]. On June 8, 2026, CrowdStrike and Zscaler announced a new integration bringing CrowdStrike's Continuous Identity approach to the Zscaler Zero Trust Exchange, enabling real-time, risk-based access decisions using the OpenID Shared Signals Framework and Continuous Access Ev…

Mandiant Tracks ShinyHunters, Chinese-Language PhaaS Evolution, and North Korea Supply Chain Attack

Mandiant published several significant threat intelligence reports in the current period. Research on ShinyHunters targeting the education sector via Oracle PeopleSoft exploit was published, alongside analysis of the evolution of Chinese-language phishing services under the '2 PhaaS 2 Furious' designation [5]. Mandiant's Google Threat Intelligence Group also documented a North Korea-nexus threat actor compromising the widely used Axios NPM package in a supply chain attack, and published a defend…

Law Enforcement Achieves New Milestones: Chinese State Hacker Extradited, Conti Member Pleads Guilty, DNS Hijacking Network Disrupted

Law enforcement actions against cybercriminal and state-sponsored actors continued at high tempo. The DOJ announced on June 12, 2026 that a Ukrainian national, Oleksii Oleksiyovych Lytvynenko, 44, pleaded guilty to conspiracy to commit wire fraud in connection with the Conti ransomware conspiracy following extradition from Ireland [3]. The FBI and DOJ disabled 13 websites backed by suspected Chinese agents that sought sensitive U.S. information from security clearance holders on June 11, 2026 [4…

Anthropic Launches Claude Fable 5 with Cybersecurity Guardrails; Wired Reports Mythos Access Expansion

Anthropic made two notable AI security-related announcements in the current period. SecurityWeek reported that Anthropic launched Claude Fable 5, described as a Mythos-Class AI with cybersecurity guardrails, and that Project Glasswing partners are being given access to the upgraded Mythos 5 [2]. Wired reported that Anthropic is releasing Claude Mythos 5 to trusted organizations and Claude Fable 5 to the public, with the public version described as unable to be used for cyberattacks [10]. This bu…

5

制度・規制動向

CISA Issues BOD 26-04: Federal Agencies Must Prioritize Patches Based on Risk Within Tight Deadlines

CISA issued a new Binding Operational Directive, BOD 26-04, on June 10, 2026, requiring federal agencies to review and update vulnerability management policies with a focus on KEV catalog entries, per SecurityWeek [2]. CISA's own press release described the directive as 'Patch Smarter, Not Harder,' published June 10, 2026 [6]. SC Magazine reported that CISA's newest binding operational directive imposes short deadlines for the most severe flaws, with agencies given as little as 3 days to patch m…

DOJ CCIPS Sustains High-Tempo Prosecution Pipeline: Conti Member, Deepfake Domains Seized, Vercel Contempt

The DOJ's Computer Crime and Intellectual Property Section continued its active prosecution posture. On June 12, 2026, a Ukrainian national pleaded guilty to wire fraud conspiracy in connection with the Conti ransomware operation following extradition from Ireland [3]. Also on June 12, 2026, the U.S. Departments of Justice and Homeland Security seized the domains CFAKE.com and SOCFAKE.com, which were used to publish thousands of digitally forged nude images of famous women [3]. On June 9, 2026, …

CISA Adds Known Exploited Vulnerabilities to Catalog; Ivanti and LiteLLM CVEs Under Active Attack

CISA continued its active maintenance of the Known Exploited Vulnerabilities catalog. On June 12, 2026, CISA added one known exploited vulnerability to the catalog . HelpNetSecurity reported that a critical Ivanti Sentry flaw (CVE-2026-10520) allows root-level remote code execution, and that a LiteLLM vulnerability (CVE-2026-42271) is under active attack with CISA warning issued [8]. A Check Point VPN zero-day (CVE-2026-50751) was also exploited, with researchers releasing details and a proof-of…

FBI Warns of Threat Actors Spoofing FIFA Websites Ahead of 2026 World Cup; CISA Offers Venue Resources

The whole-of-government cybersecurity posture around the 2026 FIFA World Cup continued to develop. The FBI issued a press release on May 27, 2026 warning that threat actors are spoofing FIFA websites in advance of the 2026 World Cup [4]. CISA published a blog on June 11, 2026 offering vital resources as venues prepare for key 2026 events [6]. This continues and updates the previous period's finding of CISA conducting full-scale exercises and security assessments with host cities, now with the to…

ソース活動

6

重要な変化の整理

'The Gentlemen' RaaS Group Emerges as Second Most Active Ransomware Gang

新規

A new ransomware-as-a-service group called 'The Gentlemen' has claimed at least 332 published victims since mid-2025, with more than 240 in 2026 alone, making it the second most active ransomware group by victim count according to Check Point Software. The group offers affiliates a 90/10 revenue split and targets internet-facing VPNs and firewalls as entry points [9]. This group was not tracked in the previous period and represents a significant new entrant to the ransomware threat landscape.

関連: Emerging Threatsソース: Krebs on Security

Oracle PeopleSoft Zero-Day CVE-2026-35273 Actively Exploited by ShinyHunters; University of Nottingham Breached

新規

Oracle addressed CVE-2026-35273 amid reports of zero-day attacks linked to the ShinyHunters group, per SecurityWeek [2]. Mandiant published dedicated research on ShinyHunters targeting the education sector via the Oracle PeopleSoft exploit [5]. The University of Nottingham confirmed a breach with more than 450,000 email addresses leaked [2]. This is a new incident not present in the previous period.

関連: Incidentsソース: SecurityWeek, Mandiant Threat Intelligence Blog

CISA BOD 26-04 Mandates Risk-Based Patch Prioritization with 3-Day Deadline for Critical Flaws

新規

CISA issued Binding Operational Directive BOD 26-04 on June 10, 2026, requiring federal agencies to prioritize vulnerability remediation based on risk with deadlines as short as 3 days for maximum severity flaws, per SecurityWeek and SC Magazine [2] [11]. This is a new directive not present in the previous period and represents the most aggressive federal patch timeline requirement documented in the current reporting cycle.

関連: Regulatoryソース: SecurityWeek, s12

Law Enforcement Enforcement Pipeline Expands: Conti Member Extradited, Chinese Agents' Websites Seized, DNS Hijacking Network Disrupted

更新

The previous period documented the Silent Ransom Group warning, KimWolf botnet arrest, and Kali365 PhaaS action. The current period adds: Conti member Oleksii Lytvynenko pleading guilty on June 12, 2026 [3]; FBI and DOJ disabling 13 Chinese agent-backed websites on June 11, 2026 [4]; DOJ disrupting a Russian Military Intelligence DNS hijacking network on April 7, 2026 [4]; and a prolific Chinese state-sponsored contract hacker extradited from Italy on April 27, 2026 [4]. The enforcement pipeline…

関連: Enforcementソース: DOJ CCIPS, FBI Cyber Division News

AI Weaponization Trend Continues: Mandiant 2026 AI Threat Tracker Published, Exploit Window Collapsing

更新

The previous period documented AI-powered adversary attacks increasing 89% year-over-year. The current period adds Mandiant's Google Threat Intelligence Group publishing its full 2026 AI Threat Tracker documenting adversary use of AI for zero-day exploits, autonomous malware, and industrial-scale operations [5]. Wired reported that frontier AI is collapsing the exploit window [10]. The trend is deepening with formal research publication now corroborating the operational observations from the pri…

関連: Emerging Threatsソース: Mandiant Threat Intelligence Blog, SC Media

Anthropic Claude Fable 5 Publicly Launched with Cybersecurity Guardrails; Mythos 5 Expanded to Trusted Partners

更新

The previous period documented Anthropic expanding Mythos access to 150 new organizations. The current period marks the formal public launch: SecurityWeek reported Anthropic launched Claude Fable 5 with cybersecurity guardrails, while Mythos 5 is being given to Project Glasswing partners [2]. Wired confirmed the tiered release strategy, with the public Fable 5 version described as unable to be used for cyberattacks [10]. This represents a meaningful evolution from the prior period's access expan…

関連: Competitor Trendsソース: SecurityWeek, SC Media

MITRE ATT&CK v19 Remains Current Framework; ATT&CKcon 7.0 Announced for October 2026

継続監視

ATT&CK v19, released April 28, 2026, remains the current version with a minor v19.1 update also published on MITRE/CTI. The framework contains 949 pieces of software, 178 groups, and 59 campaigns [1]. ATT&CKcon 7.0 is confirmed for October 27–28, 2026. No new major version changes were detected in the current period. Organizations continue to face the operational burden of updating detection mappings following the Defense Evasion tactic split into Stealth and Defense Impairment tactics.

関連: Frameworksソース: MITRE ATT&CK Updates

FIFA World Cup 2026 Cyber Threat Activity Confirmed: FBI Spoofing Warning Remains Active, CISA Venue Resources Published

更新

The previous period documented CISA conducting full-scale exercises and security assessments with host cities. The current period adds CISA publishing venue-specific resources on June 11, 2026 [6], while the FBI's May 27, 2026 warning about threat actors spoofing FIFA websites remains active [4]. The threat posture around the World Cup has evolved from preparedness exercises to active threat actor spoofing activity being confirmed, indicating the threat window is now open.

関連: Regulatoryソース: FBI Cyber Division News, s13
7

示唆・見るべき論点(9件)

  • 1.'The Gentlemen' RaaS group's 90/10 affiliate split — compared to the industry standard 80/20 — is a direct market-disruption play for talent acquisition: organizations should anticipate that established ransomware groups will face affiliate attrition to this group, potentially causing operational disruptions in incumbent RaaS programs while 'The Gentlemen' scales, and should update their ransomware attribution and IOC tracking accordingly [9].
  • 2.CISA's BOD 26-04 three-day patching deadline for maximum severity vulnerabilities creates a compliance-operations tension for most enterprise security teams: organizations should immediately audit their vulnerability management tooling and workflows to determine whether current mean-time-to-remediate for critical flaws is compatible with the new federal standard, as this timeline will likely become an industry benchmark beyond federal agencies [6] [11].
  • 3.The ShinyHunters Oracle PeopleSoft exploitation pattern — targeting education sector ERP platforms as entry points — suggests that threat actors are deliberately targeting verticals with large data stores and historically slower patch cycles; organizations in education, healthcare, and public sector running Oracle PeopleSoft should treat CVE-2026-35273 as requiring emergency patching irrespective of standard patch cycles [2] [5].
  • 4.The convergence of AI-enabled exploit discovery (Mandiant's 2026 AI Threat Tracker) with compressed eCrime breakout times means that the traditional patch-within-30-days standard is operationally obsolete — security teams should adopt a tiered response model where AI-assisted triage identifies KEV-listed and zero-day vulnerabilities for immediate emergency response, not standard patch cycle inclusion [5] [10].
  • 5.The infostealer-to-ransomware pipeline represented by OnyxC2 and similar tools indicates that credential hygiene and endpoint detection of stealer behavior are now ransomware prevention controls, not just data protection controls — organizations should instrument their environments specifically for infostealer behavioral indicators (browser credential access, clipboard monitoring, extension enumeration) as an upstream ransomware prevention layer [2].
  • 6.The FBI and DOJ's coordinated takedown of 13 Chinese agent-backed websites targeting security clearance holders, combined with CrowdStrike's China-focused 2026 Threat Landscape Report, signals that defense industrial base and cleared contractor organizations face an elevated and validated intelligence-collection threat — these organizations should conduct immediate reviews of their personnel security awareness programs for social engineering via official-looking government portals [4] [7].
  • 7.The North Korea Axios NPM supply chain attack documented by Mandiant represents a qualitative escalation: Axios is among the most widely downloaded JavaScript packages, meaning the potential blast radius of this compromise is orders of magnitude larger than prior targeted npm attacks — organizations should implement software composition analysis tools that alert on behavioral changes in top-100 npm packages, not just known malicious packages [5].
  • 8.Anthropic's tiered Claude deployment strategy — public Fable 5 with cybersecurity guardrails and restricted Mythos 5 for trusted partners — establishes a de facto industry model for dual-use AI capability management; security teams evaluating AI tooling should assess whether vendor guardrail architectures provide meaningful operational separation or represent marketing differentiation with minimal technical enforcement [2] [10].
  • 9.The June 2026 Patch Tuesday volume increase to 206 CVEs from 130 in May, combined with CISA's BOD 26-04 mandate and active exploitation of Exchange Server CVE-2026-42897, creates a compounding organizational risk: security teams operating without automated patch prioritization tied to KEV status, active exploitation signals, and CVSS criticality will be structurally unable to meet both compliance and security objectives simultaneously [2] [6].

信頼度サマリー

今週追跡された 11 件のソース

15 件の監視対象 URL から、期間中に新着・更新が検出された記事数。

各ソースは信頼度レベルに応じて重み付けされています。単独ソースの主張は AI 合成時に未検証としてフラグ付けされます。

8

ソース

[1]学術・研究
MITRE ATT&CK Updates2026-04-28

Official source for ATT&CK v19 framework statistics (949 software, 178 groups, 59 campaigns), v19.1 minor update, and ATT&CKcon 7.0 October 2026 announcement. Framework remains stable in current period.

関連: Frameworks
[2]メディア
SecurityWeek2026-06-14

Primary source for Oracle PeopleSoft CVE-2026-35273 zero-day reporting, University of Nottingham breach confirmation (450,000+ emails), June 2026 Patch Tuesday 200 CVE count, Exchange Server CVE-2026-42897 exploitation warning, CISA BOD 26-04 reporting, OnyxC2 Stealer details, and Anthropic Claude Fable 5 launch.

関連: Market Trends / Incidents / Regulatory
[3]政府・国際機関
DOJ CCIPS2026-06-12

Official source for Conti member Oleksii Lytvynenko guilty plea (June 12, 2026), CFAKE.com and SOCFAKE.com deepfake domain seizures (June 12, 2026), and Vercel Inc. civil contempt resolution (June 9, 2026).

関連: Regulatory / Law Enforcement
[4]政府・国際機関
FBI Cyber Division News2026-06-11

Official source for 13 Chinese agent-backed website disabling (June 11, 2026), Russian Military Intelligence DNS hijacking network disruption (April 7, 2026), Chinese state-sponsored hacker extradition from Italy (April 27, 2026), and FIFA World Cup 2026 website spoofing warning (May 27, 2026).

関連: Law Enforcement / Regulatory
[5]企業公式
Mandiant Threat Intelligence Blog2026-06-14

Primary source for 2026 AI Threat Tracker publication, ShinyHunters Oracle PeopleSoft education sector targeting research, North Korea-nexus Axios NPM supply chain attack, Chinese-language PhaaS '2 PhaaS 2 Furious' evolution analysis, and BRICKSTORM vSphere defender's guide.

関連: Market Trends / Competitor Trends / Incidents
[6]政府・国際機関
CISA News and Events2026-06-11

Official source for BOD 26-04 'Patch Smarter, Not Harder' directive (June 10, 2026), KEV catalog addition (June 12, 2026), and FIFA World Cup 2026 venue security resources publication (June 11, 2026).

関連: Regulatory Trends
[7]企業公式
CrowdStrike Blog2026-06-11

Source for June 2026 Patch Tuesday 206 CVE analysis (company announcement), 2026 Technology Threat Landscape Report focused on China (June 9, 2026), AI-powered adversary attacks 89% YoY increase, eCrime breakout time of 27 seconds, OpenID/IDPro identity integration (June 10, 2026), and Frost Radar Cloud Security leadership recognition (June 11, 2026) — may reflect promotional framing.

関連: Competitor Trends / Market Trends
[8]メディア
Help Net Security2026-06-14

Source for Oracle PeopleSoft servers under attack spotlight (week of June 14, 2026), critical Ivanti Sentry CVE-2026-10520 root-level RCE reporting, LiteLLM CVE-2026-42271 active attack CISA warning, Check Point VPN CVE-2026-50751 zero-day exploitation, and 1.5 million malicious domain infrastructure reporting.

関連: Market Trends / Vulnerabilities
[9]メディア
Krebs on Security2026-06-14

Primary source for 'The Gentlemen' RaaS group emergence as second most active ransomware gang (332 victims since mid-2025, 240+ in 2026, 90/10 affiliate split, VPN/firewall entry point targeting).

関連: Emerging Threats / Market Trends
[10]メディア
Wired Security2026-06-14

Source for AI bug-hunting arms race and frontier AI collapsing the exploit window, CISA BOD 26-04 3-day patch mandate corroboration with CISA official quote, and Anthropic Claude Mythos 5/Fable 5 tiered release strategy confirmation.

関連: Market Trends / Competitor Trends / Regulatory
[11]メディア
SC Media2026-06-14

Source for CISA BOD 26-04 short deadline details, confirming agencies have as little as 3 days to patch maximum severity vulnerabilities.

関連: Regulatory Trends

関連レポート

Cybersecurity Threats の他のレポート

lockCybersecurity Threats

Cybersecurity Threats

2026-06-07
lockCybersecurity Threats

Cybersecurity Threats

2026-06-02
lockCybersecurity Threats

Cybersecurity Threats

2026-06-01

他のテーマから

wrenchDeveloper Tools & Platforms

Developer Tools & Platforms

2026-06-14
lockLegal & Compliance

Legal & Compliance

2026-06-14

OriginBriefで自分のテーマを監視する

無料で始める →
Cybersecurity Threats Reports無料で始める →