Today's practical technology recap for June 12, 2026: AI-powered scams moved from theory to courtroom evidence, Oracle PeopleSoft landed in CISA's known-exploited list, Chrome received another large security update, AI developer tools picked up two new risk stories, and SpaceX's market debut became a useful reminder that big technology headlines can affect customers even when they do not buy the stock.
For home users and small businesses, the theme is simple: the technology news cycle is not just about giant companies. It changes which text messages you should trust, which systems need patching first, how developers should connect AI tools to work accounts, and how much risk hides behind everyday browser and cloud software.
Quick Takeaways For Customers
- Do not trust urgent text-message links. Google says a large phishing-as-a-service operation used AI-generated web pages and millions of texts to impersonate trusted brands.
- Patch externally reachable business software first. CISA added Oracle PeopleSoft CVE-2026-35273 to its known exploited vulnerabilities catalog on June 12.
- Update Chrome and Chromium-based browsers. Google's Chrome 149 desktop update fixed 28 critical and high-severity issues.
- Treat AI coding tools like privileged software. New reports around Agentjacking and LangGraph show why AI agents should not be handed production access without controls.
- Keep market hype separate from IT planning. SpaceX's IPO is big technology business news, but small businesses should still buy internet, cloud, and hardware based on operational need, not headline momentum.
1. Google Targets An AI-Powered Smishing Network
The biggest consumer-security story today came from Google, which said it is filing a lawsuit against a cybercrime operation it calls the Outsider Enterprise. Google says the group distributed phishing kits that helped criminals send fake text-message campaigns pretending to be trusted companies.
The important part for everyday users is the scale. Google said the operation was connected to 9,000 fake websites, more than 1 million fraudulent URLs, and 2.5 million messages sent to Android users during a two-week period in May 2026. Google also said Android users flagged 55,000 spam texts from the operation in that same period.
That is why the old advice of "look for bad spelling" is no longer enough. AI can help scammers build cleaner web pages, more believable fake account alerts, and more targeted language. The practical defense is slower and more boring: do not click the link in the text. Open the bank, carrier, delivery, payroll, or shopping account from its official app or a known bookmark. For a business, train staff to report suspicious texts the same way they report suspicious email.
Small Business IT Takeaway
Smishing is now part of account-security planning. If your business uses Microsoft 365, Google Workspace, payroll portals, merchant services, bank portals, or remote-management tools, make sure employees know that account warnings by text are not automatically trustworthy. Turn on MFA, prefer passkeys where available, and require out-of-band verification before anyone changes payment details, gift-card processes, payroll direct deposit, or vendor banking information.
Related reading from The IT Guys: Use Passkeys and MFA for Email Security and Check Password Health Before It Becomes a Problem.
2. Oracle PeopleSoft Vulnerability Added To CISA Known Exploited List
CISA's Known Exploited Vulnerabilities catalog was updated today with CVE-2026-35273, an Oracle PeopleSoft Enterprise PeopleTools issue. CISA listed it as a missing-authentication vulnerability and set a June 15, 2026 due date for federal remediation.
Oracle published a dedicated security alert for CVE-2026-35273. SecurityWeek also reported that Google confirmed exploitation tied to ShinyHunters activity, with PeopleSoft targets including education-sector organizations and potential exposure notices to more than 100 global organizations.
PeopleSoft is not common in a home office, but it is common enough in universities, larger employers, government-adjacent organizations, HR, payroll, and finance environments that this matters to customers. If a vendor, school, payroll provider, or enterprise partner says they are dealing with PeopleSoft maintenance, take it seriously. Systems like this often store sensitive employee, student, customer, or financial data.
Small Business IT Takeaway
If you operate PeopleSoft, this is not a normal monthly patch-calendar item. Inventory internet-facing PeopleSoft systems, review Oracle's mitigations, check for compromise indicators from trusted security sources, and preserve logs before cleanup. If you do not operate PeopleSoft but rely on a larger provider that does, watch for breach notices, forced password resets, payroll-account changes, or suspicious HR emails.
3. Chrome 149 Fixes 28 Critical And High-Severity Browser Flaws
Google's Chrome Releases blog published a Stable Channel update for desktop this week, and SecurityWeek summarized the security impact: Chrome 149 fixed 28 critical and high-severity vulnerabilities. The list included multiple use-after-free bugs and other memory-safety issues.
Browser updates are easy to dismiss because they arrive constantly. That is exactly why they matter. The browser is the front door for webmail, banking, vendor portals, cloud storage, accounting software, remote support, and AI tools. A browser flaw does not need to be dramatic to be useful to an attacker. It only needs to be paired with the right malicious page, ad, file, or chained exploit.
Small Business IT Takeaway
For managed computers, make sure Chrome, Edge, Brave, and other Chromium-based browsers are forced to update and relaunch. For unmanaged home and small-office computers, open the browser menu, go to About, let the update finish, and restart the browser. On shared office machines, do not leave browsers open for weeks just because tabs are convenient. Saved sessions are not worth running an old browser build.
4. AI Coding Agents Are Becoming A New Security Boundary
Two AI-developer stories today deserve attention because they show how fast the trust model is changing. The Hacker News covered an Agentjacking attack described by Tenet Security, where malicious data injected into a Sentry error event could be interpreted by an AI coding agent as trusted work instructions. The reported risk is not just bad code suggestions. It is the possibility that an agent running with a developer's privileges could execute commands, expose environment variables, or leak Git credentials.
The same outlet also reported on patched LangGraph vulnerabilities affecting certain self-hosted deployments using SQLite or Redis checkpointers. The article cites three flaws, including a chain that researchers said could lead to remote code execution in affected configurations.
These are not reasons to abandon AI-assisted development. They are reasons to treat AI coding agents like real software with real permissions. If an agent can read tickets, error reports, source code, secrets, local shell output, and cloud consoles, then it sits near the center of the business's trust model.
Small Business IT Takeaway
Developers and IT providers should connect AI tools with least privilege. Keep production credentials out of local environment files where possible, avoid letting agents run shell commands without review, do not connect every SaaS tool through broad MCP permissions, and use separate development accounts. If a small business hires a consultant or developer using AI coding agents, it is fair to ask how they protect secrets, logs, and customer data.
5. SpaceX's Market Debut Is A Business Story, Not An IT Buying Signal
Techmeme's June 12 front page tracked the major market story of the day: SpaceX's Nasdaq debut. Yahoo Finance reported that SpaceX opened at $150 after pricing at $135.
For customers, the practical angle is not whether the stock is attractive. The practical angle is that satellite internet, launch services, AI infrastructure, telecom capacity, and public-market expectations are blending together. Starlink, enterprise connectivity, rural broadband options, space-based services, and AI data-center narratives all sit inside the same broader technology economy now.
That can be good news for availability and investment, especially in underserved areas. It can also create hype-driven buying pressure. A business should not choose internet service, backup connectivity, or cloud infrastructure because a company is in the headlines. Choose it because it meets uptime, latency, support, cost, failover, and security requirements.
Small Business IT Takeaway
If you use satellite internet or are considering it as a backup line, test it like any other business service. Confirm real speeds at your location, check failover behavior, document power requirements, and make sure security cameras, VoIP phones, VPNs, payment terminals, and cloud apps behave correctly during a provider outage. Backup internet is valuable only if it actually carries the workflows you need.
What To Do This Weekend
- Update browsers: Chrome and other Chromium browsers should be restarted after updates.
- Warn staff about text scams: Remind users that banks, carriers, delivery companies, and payroll alerts should be checked from known apps or bookmarked sites.
- Review exposed business apps: Prioritize anything internet-facing, especially HR, finance, remote access, ERP, help desk, and developer tools.
- Check developer AI access: Make sure AI agents cannot freely read secrets, execute commands, or pull customer data without review.
- Document backup connectivity: If internet access matters to the business, write down what fails over, how it is tested, and who gets called.
FAQ
Should I stop using AI tools because criminals are using AI for scams?
No. The lesson is not that AI tools are automatically bad. The lesson is that AI makes scams and automation more convincing. Use AI tools with permission controls, avoid feeding them secrets casually, and do not treat AI-generated pages, texts, or emails as trustworthy just because they look polished.
Does the PeopleSoft vulnerability affect home users?
Usually no, not directly. PeopleSoft is enterprise software. But home users can still be affected if their employer, school, payroll provider, or another organization holding their information is compromised.
Is updating Chrome enough to stay safe?
It is necessary, but not enough by itself. Browser updates reduce known technical risk. You still need MFA, careful link handling, strong passwords or passkeys, and a habit of checking sensitive accounts from official apps or known URLs.
Should small businesses allow AI coding agents?
They can be useful, but they should be governed. Treat them like junior administrators with access to sensitive systems: limit permissions, log activity, review commands, isolate development environments, and keep production secrets out of casual tool access.
Sources
- Google: How we're combatting AI scams with security, legislation and more
- Google Affirmative Litigation: Outsider phishkit case
- CISA Known Exploited Vulnerabilities catalog feed
- Oracle Security Alert Advisory for CVE-2026-35273
- SecurityWeek: Google confirms exploitation of Oracle PeopleSoft zero-day
- Google Chrome Releases: Stable Channel Update for Desktop
- SecurityWeek: Chrome 149 update patches 28 vulnerabilities
- The Hacker News: Agentjacking attack tricks AI coding agents
- The Hacker News: LangGraph flaw chain exposes self-hosted AI agents
- Techmeme: June 12, 2026 technology news front page
- Yahoo Finance: SpaceX opens at $150 after $135 IPO price