What the Fortibleed campaign means for organizations running FortiGate firewalls

A massive credential-harvesting campaign targeting FortiGate firewalls has exposed thousands of organizations to potential network compromise, and a trove of attacker tools, scripts, and credentials left inadvertently exposed on a server has given rese… Continue reading What the Fortibleed campaign means for organizations running FortiGate firewalls

Klue breach lead to Salesforce data theft, Huntress affected

Cybersecurity vendor Huntress was among multiple companies hit by a breach originating at Klue, a market intelligence platform used to integrate CRM and sales data across various business tools. Huntress published a detailed account of the incident on … Continue reading Klue breach lead to Salesforce data theft, Huntress affected

Unauthenticated RCE in Splunk Enterprise under active attack (CVE-2026-20253)

CISA has added CVE-2026-20253, a critical, remotely exploitable vulnerability in Splunk Enterprise, to its Known Exploited Vulnerabilities catalog, and ordered US federal civilian agencies to apply mitigations by June 21, 2026. In-the-wild exploitation… Continue reading Unauthenticated RCE in Splunk Enterprise under active attack (CVE-2026-20253)

Law enforcement hits SocGholish: 106 servers down, 15,000 sites cleaned

SocGholish, an operation that’s been delivering malware to users via fake software updates, has suffered a major blow: the international law enforcement coalition behind Operation Endgame has taken down 106 of its servers and domains, and cleaned… Continue reading Law enforcement hits SocGholish: 106 servers down, 15,000 sites cleaned

74,000 Fortinet firewall credentials exposed in FortiBleed data leak

A Russian-speaking cybercriminal group has stolen credentials contained in the configuration files of nearly 74,000 Fortinet firewalls and VPN gateways around the world. The data was accidentally exposed by the group on a server, along with other artif… Continue reading 74,000 Fortinet firewall credentials exposed in FortiBleed data leak

Low-skilled attacker used Claude, Codex to breach 14 companies

Researchers have long warned that AI agents could lower the skill floor for offensive cyber operations, and a recent report by OALABS (Open Analysis) researchers bears that out. After recovering and analyzing over 1,000 agent sessions from a compromise… Continue reading Low-skilled attacker used Claude, Codex to breach 14 companies

Microsoft working on patch for RoguePlanet Defender zero-day (CVE-2026-50656)

Microsoft has acknowledged the local elevation of privilege issue in Microsoft Defender that can be triggered via the “RoguePlanet” exploit, and is “working to provide a high quality security update that addresses this vulnerability.&… Continue reading Microsoft working on patch for RoguePlanet Defender zero-day (CVE-2026-50656)

Attackers are exploiting FortiSandbox vulnerabilities

Attackers have been spotted exploiting three vulnerabilities (CVE-2026-39813, CVE-2026-39808, CVE-2026-25089) in FortiSandbox, a platform that other Fortinet security products depend on for threat verdicts to enforce blocking decisions and trigger auto… Continue reading Attackers are exploiting FortiSandbox vulnerabilities

SimpleHelp RMM flaw could give attackers full access to managed endpoints (CVE-2026-48558)

A critical vulnerability (CVE-2026-48558) in SimpleHelp, a popular remote monitoring and management (RMM) tool, can be exploited remotely by unauthenticated attackers to create a new “Technician” account and use it to remote into managed en… Continue reading SimpleHelp RMM flaw could give attackers full access to managed endpoints (CVE-2026-48558)

Cisco discloses second exploited SD-WAN vulnerability in two weeks (CVE-2026-20262)

Cisco has revealed another Catalyst SD-WAN Manager vulnerability (CVE-2026-20262) that its Product Security Incident Response Team observed being exploited by attackers. But the associated security advisory also states that “the vulnerability was… Continue reading Cisco discloses second exploited SD-WAN vulnerability in two weeks (CVE-2026-20262)