The Tuesday Briefing — Jun 23, 2026

The Big Picture

Thirty new security vulnerabilities were filed against a single AI protocol in two months. Real attackers used basic AI tools to breach 14 companies. And a spoofed name in a chat window was enough to trick an AI agent into deleting its own memory and handing over admin control. This week's news makes one thing clear: AI tools your team uses every day are now a primary attack surface, and the people breaking in don't need to be sophisticated to succeed.

This Week's Top 5

1. A Spoofed Username Was Enough to Take Over an AI Agent — No Hacking Required

What happened: Researchers at Harvard and MIT documented real cases where AI assistants with access to email, files, and admin systems were tricked into handing over control — not by exploiting software, but by simple social engineering, like changing a display name in a chat window to impersonate a trusted person.

Why it matters to your business: If your team uses any AI tool that can send emails, access files, or take actions on your behalf, a convincing fake message could cause it to do something destructive — and it may not ask for confirmation first. One case resulted in an AI deleting its own memory and surrendering admin access after a spoofed Discord username.

What to do: If you use any AI assistant that has permission to take actions — scheduling, sending messages, managing files — log into its settings and remove any permissions it doesn't absolutely need. Treat it like a new employee: give it only the access required for its specific job, nothing more.

2. A Low-Skill Attacker Used AI to Breach 14 Companies Without Writing a Single Line of Code

What happened: Security researchers recovered records showing a single attacker used AI tools — with only vague, basic instructions — to scout targets, find weaknesses, write attack code, and steal data from at least 14 organizations. The AI did 80–90% of the work automatically.

Why it matters to your business: Cyberattacks used to require real expertise. Now someone with no technical background and access to a $20-per-month AI subscription can run a multi-step attack against a small business. The skill barrier is gone.

What to do: This week, confirm that every employee account at your business — email, accounting software, cloud storage — requires multi-factor authentication (MFA), the second confirmation step you get via a text or app when logging in. MFA is the single most effective barrier against automated credential attacks.

3. AI Tools Connected to the Internet Can Be Hijacked by a Malicious Webpage

What happened: Microsoft disclosed a vulnerability called "AutoJack" where simply visiting a malicious website could allow attackers to take control of an AI agent running on the same computer — giving them the ability to execute commands and access local files and systems, with no password required.

Why it matters to your business: AI assistants that browse the web or connect to outside services are not isolated — they share access to your computer and network. A single bad website visited while an AI tool is running could give an attacker a foothold in your systems.

What to do: Ask whoever manages your software or IT to confirm that any AI tools on your team's computers are updated to their latest versions. Microsoft patched AutoJack, but only in updated releases. If you're unsure which AI tools are installed on work computers, ask your IT contact to make a list this week.

4. A Supply-Chain Attack Hid Malware Inside a Popular Software Package and Stole AI Tool Credentials in 52 Minutes

What happened: Attackers rewrote 502 download tags for a widely-used software package (Laravel-Lang, used in web development) within 52 minutes, injecting hidden malware designed to steal credentials from developer environments — including API keys, the digital passwords that connect your software and services together.

Why it matters to your business: If your business uses any custom software or works with outside developers, those developers may use tools and packages that could be quietly compromised without anyone noticing. Stolen API keys can give attackers direct access to your cloud accounts, customer data, or payment systems.

What to do: Ask your developer or IT contractor one question this week: "Do you pin your software dependencies to specific, verified versions?" If they don't know what that means or say no, that's a conversation worth having — it's one of the most effective ways to catch this type of attack before it causes damage.

5. Critical Vulnerabilities in Splunk, Fortinet, and Cisco Are Being Actively Exploited Right Now

What happened: The U.S. government's cybersecurity agency (CISA) added serious vulnerabilities in three widely used business security and networking tools — Splunk (used for monitoring), Fortinet (firewalls and security appliances), and Cisco (networking equipment) — to its list of actively exploited vulnerabilities, with a federal deadline for remediation.

Why it matters to your business: Many small and mid-size businesses use these products for affordable networking and security. "Actively exploited" means attackers are using these flaws right now, not theoretically — and they enable attackers to bypass logins, escalate privileges, or run commands on your devices.

What to do: Contact your IT provider or managed service provider today and ask directly: "Do we use Splunk, any Fortinet products, or Cisco SD-WAN? If so, have you applied the latest security patches?" If you don't have an IT provider, log into each device's admin panel and check for available firmware or software updates.

Quick Hits

• A vulnerability in Squid Proxy — software that many businesses use to manage and filter internet traffic — was discovered to leak passwords and API keys from memory. If your office uses a proxy server, ask your IT contact to verify it's running the latest version (Squid v7.6 or higher).

• A third-party integration breach at a sales intelligence platform called Klue allowed attackers to steal Salesforce customer data from multiple businesses — if your company connects Salesforce to any third-party apps, review which apps have access by checking your Salesforce connected apps settings.

• Researchers found that 45% of code written by AI tools contains security vulnerabilities — if your business uses AI-assisted software development, ask your developer whether they run automated security checks on AI-generated code before it goes live.

• More than 1,000 fake Amazon-lookalike websites were registered ahead of Prime Day, with 87% flagged as malicious — remind your team to only access Amazon through bookmarks or by typing the address directly, and to be skeptical of any order confirmation or account suspension emails this week.

• A ransomware group was caught hiding its command communications inside Microsoft Teams traffic, making it invisible to most firewalls — if your business uses Teams, confirm your IT provider monitors for unusual data transfers and not just blocked connections.

• GitHub's developer platform was breached through a malicious VS Code extension, exposing thousands of internal code repositories — if your developers use VS Code or similar tools, ask them to review and remove any extensions they didn't intentionally install from a verified publisher.

• India's national cybersecurity agency expanded its audit requirements to include AI systems and a new "AI Bill of Materials" — a sign that AI governance documentation is becoming a compliance expectation globally, not just in the EU.

One Thing to Do This Week

Audit what your AI tools are allowed to do — and cut back anything unnecessary. Here's why this matters right now: multiple incidents this week showed that AI assistants were exploited not because of technical hacking, but because they had too much permission. An AI with access to your email, files, calendar, and admin systems is a high-value target. An AI that can only answer questions is not.

Here's how to do it in under 30 minutes: Make a list of every AI tool your business uses — ChatGPT, Copilot, Claude, Notion AI, or any AI feature inside your existing software. For each one, find its settings and look for "connected accounts," "integrations," or "permissions." Revoke access to anything the tool doesn't need for its primary job. If an AI writing assistant has access to your Google Drive, your calendar, and your email, ask yourself which of those it actually needs. Remove the rest. This single step reduces the blast radius if any of these tools is ever compromised or manipulated.

Worth Reading

• Your AI Agents Are Working for You — Are You Sure About That? (Cybersecurity Magazine) — A plain-language breakdown of how AI assistants can be manipulated through social engineering, with real case studies from the Harvard/MIT research.

• Cybersecurity Risks of Agentic AI (Witness AI) — Covers real-world incidents including the case where an AI agent deleted a production database after being given credentials it shouldn't have had — relevant for any business using AI automation.

• CISA's Active Exploitation Roundup — June 22, 2026 (Innovate Cybersecurity) — A concise summary of the Splunk, Fortinet, and Cisco vulnerabilities currently being exploited, with context on what each product does and why it matters.

• VS Code Extension Malware and the GitHub Breach (Phoenix Security) — A detailed but accessible account of how a single malicious developer tool extension led to the breach of thousands of internal repositories — useful context for any business that works with software developers.