AI and IT News Recap: June 18, 2026: Poisoned AI Packages, the G7 AI Moment, and Anthropic in Seoul

By Noah Smith, Owner & Consultant, KeyChange Technologies ยท June 18, 2026

Hand-drawn editorial illustration of a software supply-chain conveyor belt with one poisoned package, the KeyChange logo, and the date caption for June 18, 2026.

Welcome to your AI and IT news for June 18, 2026. Here is what actually matters for your business today, in plain English and without the hype. The short of it: the software your tools are built on has become the target, AI showed up at the world's top political table, and there are a few "patch this now" flaws worth putting on your team's radar. Last week's recap has the prior context if you missed it.

๐Ÿ“Œ The AI and IT news at a glance

  • Poisoned AI toolkit: ~142 packages of the popular Mastra AI framework were trojanized on npm to steal secrets.
  • AI at the G7: the CEOs of OpenAI, Anthropic, and Google DeepMind sat with world leaders in France.
  • Anthropic lands in Seoul: a new office plus Claude deals with NAVER, Samsung, and LG.
  • Patch now: a live Joomla 10.0 zero-day, rogue JetBrains plugins stealing AI keys, and Oracle's 245-fix update.

๐Ÿ” Top story: a poisoned AI toolkit

Attackers trojanized ~142 Mastra packages to steal secrets

Early on June 17, someone took over a contributor account for Mastra, one of the most popular open-source frameworks for building AI apps, and in under 90 minutes republished about 142 of its packages with a hidden malicious dependency named "easy-day-js" (a look-alike of the trusted "dayjs" library). Those packages pull more than 1.1 million downloads a week, so the blast radius was enormous.

Once installed, the malicious code quietly switched off security checks, called out to an attacker-controlled server, downloaded a second-stage payload, ran it in the background, and then deleted itself to make the intrusion hard to spot. The goal was simple: find and steal the credentials and API keys sitting on developer machines and build servers.

In short: Attackers poisoned roughly 142 packages of the widely used Mastra AI framework on npm to steal developer secrets.

What it means for your business: If your team or any vendor builds with AI tools, a single compromised dependency can quietly hand over the keys to your systems and data. This is supply-chain risk, and it now reaches anyone who ships software.

My take: This is the npm ecosystem's recurring nightmare: one hijacked maintainer account, and everyone who trusts that package inherits the malware. Pinned versions and lockfiles stopped being optional a while ago, and any key that touched an affected build should be rotated today.

๐Ÿ”— Source: Aikido Security

๐Ÿค– AI: the boardroom and the world stage

AI CEOs take a seat at the G7

On June 17, OpenAI's Sam Altman, Anthropic's Dario Amodei, and Google DeepMind's Demis Hassabis joined world leaders at the G7 summit in France for a working session on frontier AI. The agenda reportedly centered on AI risk, the energy and compute needed to run it, and "sovereignty," the growing push by countries to control the AI built and used within their borders.

In short: The CEOs of the three leading AI labs sat with world leaders at the G7, a sign AI is now a top-table political issue.

What it means for your business: When heads of state and AI CEOs are negotiating in the same room, new rules, incentives, and regional restrictions tend to follow, and they can shape which tools and clouds you are allowed to use.

My take: A photo op, sure, but also a tell. Regulation usually trails moments like this by a year or two, so if compliance touches your stack, treat it as an early warning.

๐Ÿ”— Source: CNBC

Anthropic opens a Seoul office and signs up Korea's biggest names

Anthropic opened its third Asia-Pacific office in Seoul on June 17, and it did not arrive empty-handed. Alongside the office it announced a slate of enterprise deals: NAVER rolling out Claude Code across its engineering org, Samsung SDS bringing Claude to Samsung Electronics, and LG CNS deploying it across LG Group, plus a government MOU with Korea's Ministry of Science and ICT on public-sector AI.

That is a lot of blue-chip logos for one announcement, and it underlines how aggressively the big labs are now competing for enterprise footholds outside the United States.

In short: Anthropic opened a Seoul office and announced Claude deals with NAVER, Samsung, LG, and the Korean government.

What it means for your business: More regional presence and big-name reference customers usually translate into better enterprise support, data-residency options, and competitive pricing as the labs fight for share.

My take: Land-grab season. None of this changes your Tuesday, but more serious competition among Anthropic, OpenAI, and Google generally works out in buyers' favor.

๐Ÿ”— Source: Anthropic

๐Ÿ›ก๏ธ IT and security: patch these now

A maximum-severity Joomla flaw is under active attack

CISA added CVE-2026-48907, a perfect-10 (CVSS 10.0) flaw in the widely used Joomla Content Editor (JCE) extension, to its Known Exploited Vulnerabilities catalog after confirming real-world attacks. The bug lets an unauthenticated attacker create a rogue editor profile, upload PHP, and drop a web shell for persistent access. It is fixed in JCE 2.9.99.5, but working exploit code is public and the attacks are automated.

In short: CISA flagged an actively exploited CVSS 10.0 flaw in the Joomla JCE extension that hands attackers a backdoor.

What it means for your business: If your website runs Joomla with the JCE extension, this is a drop-everything patch. A public, automated exploit for a 10.0 is how sites get defaced, breached, or quietly turned into someone else's infrastructure.

My take: A 10.0 with public exploit code and automation behind it is about as urgent as web flaws get. Update JCE today, and check the server for unfamiliar editor profiles or web shells while you are in there.

๐Ÿ”— Source: The Hacker News

Rogue JetBrains plugins are stealing AI API keys

Researchers at Aikido found at least 15 malicious plugins on the JetBrains Marketplace, spread across seven vendor accounts, that quietly forward your AI API keys to an attacker the moment you paste them into settings, with no prompt or warning. Some have been live since late 2025, and new ones were still appearing in June 2026.

In short: At least 15 JetBrains IDE plugins were caught silently exfiltrating developers' AI API keys.

What it means for your business: The tools your developers use every day are an attack surface too. A single rogue plugin can leak the keys that run your AI spend and reach your data, and the theft is invisible.

My take: Treat IDE plugins like any app with full access to your machine, because that is exactly what they are. Review what is installed, stick to known publishers, and rotate any AI key that has been entered into a questionable extension.

๐Ÿ”— Source: Aikido Security

Oracle ships 245 fixes as attackers exploit PeopleSoft

Oracle released its June Critical Patch Update on June 16 with 245 fixes across products including E-Business Suite, Fusion Middleware, MySQL, and PeopleSoft, roughly 120 of them rated critical. The timing matters: the ShinyHunters group has been exploiting a PeopleSoft flaw (CVE-2026-35273) that allows unauthenticated remote code execution, reportedly hitting more than 100 organizations, many of them in education.

In short: Oracle's June update brings 245 fixes, including for a PeopleSoft flaw already being exploited against 100+ organizations.

What it means for your business: If you run any Oracle product, especially internet-facing PeopleSoft or E-Business Suite, these patches belong at the front of your queue, not the back.

My take: Quarterly-sized updates are a slog, but an actively-exploited PeopleSoft bug takes "we'll get to it" off the table. Prioritize internet-facing and business-critical systems first, then work down the list.

๐Ÿ”— Source: Oracle

The bottom line

If there is one theme today, it is that the software you trust is exactly what attackers want to poison, whether that is an AI package on npm or a plugin in your IDE. Pin and review your dependencies, rotate exposed keys, and get the Joomla and Oracle fixes out on a short clock. On the bigger picture, AI is now a boardroom and G7 topic, so expect the rules around it to keep moving.

That is your AI and IT news for June 18, 2026. See you in the next one.