IT News Roundup: Anthropic Model Shutdown, Langflow RCE Exploitation, Charter Breach - June 14, 2026

The past week has been dominated by a collision of AI policy, supply chain security, and large-scale data breaches. Anthropic made headlines by disabling its most powerful models, open-source AI platform Langflow faces active exploitation of a critical flaw, and the ShinyHunters extortion group continues its aggressive campaign against enterprise targets. Below are the most significant stories for IT professionals this week.

Anthropic Abruptly Disables Mythos 5 and Fable 5 After US Government Order

Anthropic announced on June 12 that it would "abruptly disable" its most advanced AI models, Mythos 5 and Fable 5, for all users worldwide. The decision follows a US government directive ordering the company to suspend access to these models for foreign nationals, citing national security concerns.

Because Anthropic could not technically enforce a foreign-national-only restriction, it chose to disable the models entirely rather than comply with a partial restriction. The move has sparked widespread debate about the intersection of government oversight and AI development, with critics arguing that blanket shutdowns stifle innovation and researchers losing access to cutting-edge tools.

This incident marks one of the most direct government interventions in AI model availability to date and is likely to influence how other AI companies navigate similar regulatory pressures in the future.

Sources: Reuters, New York Times, CNN

Langflow CVE-2026-5027: Critical RCE Vulnerability Under Active Exploitation

A high-severity security flaw in Langflow, the popular open-source low-code platform for building AI applications, is being actively exploited in the wild. The vulnerability, tracked as CVE-2026-5027 with a CVSS score of 8.8, allows unauthenticated attackers to perform path traversal attacks that escalate to full remote code execution on affected servers.

Security researchers at VulnCheck confirmed active exploitation, with approximately 7,000 publicly accessible Langflow instances identified at the time of discovery. Attackers can write arbitrary files to exposed servers and execute malicious code without authentication. The vulnerability has been patched in Langflow version 1.9.0 and later, with the current release at 1.10.0 as of mid-June.

This is the latest in a pattern of high-severity Langflow vulnerabilities throughout 2026, including CVE-2026-0770, CVE-2026-33017, and CVE-2026-21445. Organizations running Langflow instances are urged to verify they are on the latest patched version and to restrict external access to their deployments.

Sources: The Hacker News, Daily Security Review

ShinyHunters Leaks 13M+ Charter Communications Customer Records After Ransom Refusal

The ShinyHunters extortion group has publicly leaked over 13 million customer records allegedly stolen from Charter Communications, one of the largest cable and internet providers in the United States. The data dump followed Charter's refusal to pay a ransom demand after ShinyHunters claimed to have stolen approximately 42 million customer records through a breach linked to Salesforce.

The leaked records reportedly include customer names, email addresses, and physical addresses. Charter has denied that customer proprietary network information (CPNI) was exfiltrated and confirmed it is working with law enforcement and cybersecurity experts. The ShinyHunters group had set a May 27 deadline for payment before initiating the leak.

This incident underscores the growing threat of extortion groups targeting large telecommunications providers and the operational dilemma companies face when deciding whether to pay ransom demands.

Sources: CyberNews, BleepingComputer

Oracle PeopleSoft Zero-Day (CVE-2026-35273) Exploited Before Patch Release

Oracle issued an emergency security alert on June 10 addressing a critical remote code execution vulnerability in PeopleSoft Enterprise PeopleTools, tracked as CVE-2026-35273 with a maximum CVSS v3.1 score of 9.8. Rapid7 and Mandiant confirmed that the zero-day was already under active exploitation in the wild before the advisory was released, with ShinyHunters leveraging the flaw to target enterprise environments for data exfiltration and extortion.

The vulnerability allows attackers to execute arbitrary code on affected PeopleSoft servers without authentication. Oracle has released mitigation guidance and patches, but the window between exploitation and patching highlights the persistent risk that enterprise ERP systems face from state-level and financially motivated threat actors.

Organizations running PeopleSoft are strongly advised to apply the available patches immediately and review Oracle's mitigation recommendations for environments where immediate patching is not feasible.

Sources: Oracle Security Alert, Rapid7, The Hacker News

Red Hat npm Supply Chain Compromise: Dozens of Packages Backdoored

Red Hat confirmed a significant supply chain compromise disclosed on June 1 affecting at least 32 packages under the @redhat-cloud-services npm namespace. Researchers at Wiz and multiple security firms identified that a compromised GitHub account was used to inject malicious code into official Red Hat packages, which were then published to the npm registry under the legitimate Red Hat organization.

The compromised packages reached an estimated 80,000 weekly downloads before the issue was discovered. The Cloud Security Alliance published a detailed analysis naming the malware "Miasma," describing it as a supply chain worm designed to propagate through the npm ecosystem. Red Hat disclosed the incident as RHSB-2026-006 and has since revoked the compromised credentials and republished clean versions of all affected packages.

This incident serves as a stark reminder of the risks inherent in software supply chains and the importance of verifying package integrity, even for packages from trusted vendors.

Sources: Red Hat Security, Ars Technica, Cloud Security Alliance

VRChat Data Breach Exposes 2.4 Million User Accounts

VRChat, the popular virtual reality social platform, disclosed a data breach affecting over 2.4 million users. The company confirmed that unauthorized access to its cloud environment occurred between May 10 and May 12, 2026. Exposed data reportedly includes account information such as usernames, email addresses, and potentially hashed passwords.

VRChat contained the breach and engaged external cybersecurity experts to conduct a forensic investigation. The company began notifying affected users electronically on June 12. Some users and community members have questioned the authenticity of certain breach claims, though VRChat has stood by its official disclosure.

The breach highlights ongoing security challenges for online social platforms and the importance of cloud infrastructure hardening for companies managing large user databases.

Sources: CyberNews, CyberInsider

SoFi Confirms Third-Party Data Breach at Hong Kong Subsidiary

SoFi, the US-based financial technology company, confirmed a data breach at its Hong Kong subsidiary after hackers gained unauthorized access to a customer database managed by a third-party vendor. The incident was detected on April 30, 2026, and publicly disclosed on June 8.

Details about the exact scope of the breach and the specific data compromised remain limited. SoFi has not confirmed whether sensitive financial or personal identification data was accessed. The company has engaged cybersecurity experts to investigate the incident and is cooperating with relevant authorities.

This breach underscores the persistent risk of third-party vendor compromise in the financial sector, where supply chain attacks increasingly serve as the weakest link in enterprise security chains.

Sources: BleepingComputer, Privacy Guides