InfoSec News Nuggets – 06/22/2026

By MaryOn June 22, 2026 Canada’s Spy Agency Used First-of-Its-Kind Warrant to Clean Botnet-Infected Devices Canada’s Security Intelligence Service obtained a first-of-its-kind judicial warrant that permitted it to reach into infected servers, home routers, and IoT devices on Canadian soil — including Ring doorbells, security cameras, and smart TVs — and neutralize two foreign-run botnets without the owners’ knowledge or consent. Justice Catherine Kane granted the warrant in May 2024, renewed it in August, and issued her confidential reasoning in February 2026, but the ruling only entered public view this month after a redacted version was released. CSIS needed the court order because cleaning devices it doesn’t own would otherwise constitute computer mischief under Canadian criminal law, and the case sets a significant legal precedent for intelligence agencies using offensive-style remediation powers in peacetime, raising open questions about oversight, notification requirements, and the appropriate limits of state access to private devices.   Microsoft Links Mastra AI Supply Chain Attack to North Korean Hackers Microsoft attributed the recent supply chain attack against the Mastra AI framework — in which more than 140 npm packages were backdoored with a cryptocurrency-stealing dependency — to Sapphire Sleet, a North Korean state-sponsored group also known as BlueNoroff that primarily targets the financial sector for cryptocurrency theft. The group compromised a single npm maintainer account with publishing privileges across the Mastra namespace and used it to inject a malicious dependency called “easy-day-js” into the package tree in an automated 88-minute campaign, dropping a RAT designed to steal credentials and crypto wallet data from developer environments. Microsoft also linked Sapphire Sleet to a separate April 2026 supply chain attack targeting the widely-used Axios HTTP client, suggesting the group is systematically targeting the npm ecosystem as a scalable vector for reaching developer machines that hold cloud credentials, API keys, and access to financial infrastructure.   Britain’s Cyber Agency Warns AI-Written Code Could Create Security Disasters The UK’s National Cyber Security Centre published guidance this week warning that vibe coding — using AI agents to write entire applications with minimal developer oversight — introduces serious security risks that are not yet well understood, including insecure code patterns that experienced developers would catch but that AI models consistently miss. The NCSC is particularly concerned about applications where developers lack the skills to audit the generated code, leaving entire codebases that are functionally opaque to their own authors and therefore impossible to secure, maintain, or meaningfully test. The guidance stops short of recommending against vibe coding entirely, distinguishing between low-stakes proof-of-concept tools and production applications where the risk profile is fundamentally different, telling developers to calibrate their approach to “today’s reality, not tomorrow’s potential.”   Splunk Enterprise Vulnerability Exploited in Attacks Days After Disclosure A critical unauthenticated remote code execution vulnerability in Splunk Enterprise tracked as CVE-2026-20253 was confirmed as exploited in the wild just two days after researchers at WatchTowr published a technical writeup and proof-of-concept exploit — a timeline that underscores how quickly sophisticated attackers now operationalize public vulnerability research. The flaw stems from a PostgreSQL sidecar service endpoint that exposes file operations to any network-reachable user without any authentication checks, and affects Splunk Enterprise versions 10.2 before 10.2.4 and 10.0 before 10.0.7. CISA added CVE-2026-20253 to its Known Exploited Vulnerabilities catalog on June 18 and ordered federal agencies to patch by June 21; organizations running affected versions should prioritize patching immediately given Splunk’s deep integration with security operations data and its privileged position inside enterprise networks.   Asia-Pacific Scam Networks Generate Nearly $40 Billion a Year, INTERPOL Finds INTERPOL’s 2025/2026 Asia and South Pacific Cyberthreat Assessment Report found that cybercrime now accounts for more than 30% of all nationally recorded crimes in over half the surveyed jurisdictions across the region, with scam center networks — many operating with trafficked workers — generating an estimated $40 billion annually. The report documents a shift from opportunistic scamming toward industrialized operations backed by transnational criminal groups, with trafficking victims now sourced from nearly 80 nationalities and scam centers expanding beyond Southeast Asia into the Middle East and North Africa. INTERPOL notes that uneven cybersecurity maturity across the region continues to provide openings for threat actors, with rapid digital adoption outpacing defensive capabilities and regulatory frameworks in many countries.   CATEGORIESInfoSec News Nuggets TAGSAboutDFIRMastra AInews nuggetsSplunk SHARE FACEBOOK TWITTER LINKEDIN PINTEREST STUMBLEUPON EMAIL