Now Playing
Splunk RCE Exploited & Icarus OAuth Attack Hit CRM Data
Audio is available on Spreaker — see link below.
A critical Splunk Enterprise RCE (CVE-2026-20253, CVSS 9.8) is under active attack with a federal patch deadline of June 21, while threat actor Icarus stole OAuth tokens from SaaS vendor Klue to silently extract CRM data from Huntress, Jamf, Recorded Future, and Tanium. Two stories, one pattern: attackers reaching infrastructure that was never designed to stop them.
Audio is available on Spreaker — see link below.
A critical Splunk Enterprise vulnerability is now confirmed under active exploitation, and federal agencies have until June twenty-first to patch it. That deadline isn't arbitrary.
The vulnerability tracked as CVE-2026-20253 carries a CVSS score of nine-point-eight. Unauthenticated remote code execution in Splunk Enterprise versions ten-point-zero-point-six and ten-point-two-point-three.
Simultaneously, a separate incident is revealing a different kind of structural weakness. A threat actor tracked as Icarus stole OAuth tokens from Klue, a competitive intelligence SaaS vendor.
The signal here is the monitoring gap. OAuth tokens grant long-lived, passwordless access to third-party platforms.
Third-party breaches now account for thirty percent of all breaches, doubled year-over-year. The Klue incident illustrates exactly how that number grows.
Two things matter most from here. First, whether organizations running vulnerable Splunk versions can identify undetected compromise before the June twenty-first deadline.
Chapter summary auto-generated from the verified script. Listen to the full episode for the complete content.