2026-06-18: FortiBleed exposes 73,000 Fortinet VPN credentials to a Russian-speaking threat group targeting

2026-06-19: CISA adds actively exploited Splunk vulnerability to its KEV catalog days after disclosure

SHOW NOTES - 2026-06-19 STORIES COVERED * June 19, 2026 * Today: * Splunk Enterprise Authentication Bypass (CVE-2026-20253) [https://www.securityweek.com/splunk-enterprise-vulnerability-exploited-in-attacks-days-after-disclosure/] [Critical Alerts] * FortiBleed: 74,000 Fortinet Devices Compromised [https://www.bleepingcomputer.com/news/security/cisa-warns-fortinet-users-to-secure-devices-after-fortibleed-leak/] [Critical Alerts] * F5 NGINX Critical Remote Code Execution Flaws [https://thehackernews.com/2026/06/f5-patches-two-critical-nginx-open.html] [Critical Alerts] * INC Ransomware: 830 Victims Since 2023 [https://thehackernews.com/2026/06/inc-ransomware-claims-830-victims-since.html] [Ransomware & Extortion] * DragonForce Abuses Microsoft Teams Relays to Hide Backdoor Traffic [https://thehackernews.com/2026/06/dragonforce-hackers-abuse-microsoft.html] [Ransomware & Extortion] * The Gentlemen Ransomware: Multiple EDR Killers in Active Development [https://www.bleepingcomputer.com/news/security/gentlemen-ransomware-uses-multiple-edr-killers-to-disable-defenses/] [Ransomware & Extortion] * Operation Endgame Disrupts SocGholish Infrastructure [https://www.proofpoint.com/us/blog/threat-insight/sayonara-socgholish-operation-endgame-disrupts-major-cybercrime-operation] [Ransomware & Extortion] * HCRG Care Group Notifies Patients 16 Months After Medusa Ransomware Attack [https://databreaches.net/2026/06/18/uk-more-than-one-year-later-hcrg-is-first-notifying-patients-of-ransomware-attack/?pk_campaign=feed&pk_kwd=uk-more-than-one-year-later-hcrg-is-first-notifying-patients-of-ransomware-attack] [Ransomware & Extortion] * HHS Settles with Spencer Gifts Health Plan for $450K After Ransomware Investigation [https://databreaches.net/2026/06/18/hhs-o%ef%ac%83ce-for-civil-rights-settles-ransomware-investigation-with-spencer-gifts-health-plan-for-450k-corrective-action-plan/?pk_campaign=feed&pk_kwd=hhs-o%25ef%25ac%2583ce-for-civil-rights-settles-ransomware-investigation-with-spencer-gifts-health-plan-for-450k-corrective-action-plan] [Ransomware & Extortion] * Klue Supply Chain Attack Hits Cybersecurity Firms [https://www.darkreading.com/cyberattacks-data-breaches/salesforce-data-thefts-klue-app-compromise] [Business & Infrastructure Threats] * ShapedPlugin WordPress Supply Chain Attack [https://www.bleepingcomputer.com/news/security/shapedplugin-update-flow-hacked-to-infect-wordpress-sites/] [Business & Infrastructure Threats] * AutoJack: AI Agent Framework RCE via Localhost Trust Boundary [https://www.microsoft.com/en-us/security/blog/2026/06/18/autojack-single-page-rce-host-running-ai-agent/] [Business & Infrastructure Threats] * Microsoft 365 Backup Gaps Require Third-Party Solutions [https://www.bleepingcomputer.com/news/security/5-reasons-microsoft-365-backup-isnt-enough-for-business-data-protection/] [Business & Infrastructure Threats] * Rockwell Automation FactoryTalk Historian Authentication Bypass [https://www.cisa.gov/news-events/ics-advisories/icsa-26-169-03] [Vulnerability Disclosures] * Industrial Control System Vulnerabilities [https://www.cisa.gov/news-events/ics-advisories/icsa-26-169-03] [Vulnerability Disclosures] * Medical Device Bluetooth Vulnerabilities [https://www.cisa.gov/news-events/ics-medical-advisories/icsma-26-169-01] [Vulnerability Disclosures] * Apple Beats Studio Buds Microphone Eavesdropping Flaw [https://thehackernews.com/2026/06/apple-patches-beats-studio-buds-flaw.html] [Vulnerability Disclosures] * Unpatchable iPhone SecureROM Exploit for A12/A13 Chips [https://thehackernews.com/2026/06/apple-patches-beats-studio-buds-flaw.html] [Vulnerability Disclosures] * Microsoft June 2026 Vulnerabilities [https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-47633] [Vulnerability Disclosures] * Windows Server 2016 Security Update Failures Fixed [https://www.bleepingcomputer.com/news/microsoft/microsoft-fixes-windows-server-2016-security-update-failures/] [Windows / AD Security] CVES REFERENCED CVE-2023-3519, CVE-2023-48788, CVE-2023-52271, CVE-2024-57727, CVE-2025-1055, CVE-2025-13036, CVE-2025-20700, CVE-2025-20701, CVE-2025-20702, CVE-2025-36539, CVE-2025-44019, CVE-2025-5777, CVE-2025-61155, CVE-2026-10275, CVE-2026-12087, CVE-2026-12390, CVE-2026-20253, CVE-2026-32174, CVE-2026-32208, CVE-2026-40624, CVE-2026-42014, CVE-2026-42055, CVE-2026-42530, CVE-2026-42895, CVE-2026-42945, CVE-2026-43966, CVE-2026-44967, CVE-2026-47633, CVE-2026-47646, CVE-2026-4827, CVE-2026-48914, CVE-2026-50034, CVE-2026-52866, CVE-2026-53689, CVE-2026-6865, CVE-2026-8805, CVE-2026-8806, CVE-2026-9669 INDICATORS OF COMPROMISE IP Addresses: 37.0.2.1 Read the full brief [https://carolinacleartech.com/brief/2026-06-19/]

2026-06-18: FortiBleed exposes 73,000 Fortinet VPN credentials to a Russian-speaking threat group targeting

SHOW NOTES - 2026-06-18 STORIES COVERED * June 18, 2026 * Today: * Joomla Content Editor Plugin Zero-Day (CVE-2026-48907) [https://www.bleepingcomputer.com/news/security/cisa-orders-feds-to-patch-max-severity-joomla-plugin-flaw-by-friday/] [Critical Alerts] * FortiBleed: 73,000 Fortinet VPN Credentials Exposed [https://www.bleepingcomputer.com/news/security/fortibleed-leak-exposes-fortinet-vpn-credentials-for-73-000-devices/] [Critical Alerts] * Fortinet FortiSandbox Vulnerabilities Under Active Exploitation [https://cyberscoop.com/fortinet-fortisandbox-vulnerabilities-exploits/] [Critical Alerts] * Microsoft Defender Zero-Day RoguePlanet (CVE-2026-50656) [https://thehackernews.com/2026/06/microsoft-confirms-rogueplanet-defender_02022423645.html] [Critical Alerts] * INC Ransomware Reaches 800+ Victims Through Basic Tactics [https://www.darkreading.com/cyberattacks-data-breaches/inc-ransomware-thrives-by-mastering-the-basics] [Ransomware & Extortion] * DragonForce Ransomware Deploys Custom Backdoor Using Microsoft Teams Infrastructure [https://www.securityweek.com/microsoft-teams-relay-servers-abused-in-dragonforce-ransomware-attack/] [Ransomware & Extortion] * EdTech Sector Faces Escalating Ransomware and Data Breach Activity [https://databreaches.net/2026/06/17/cybercriminals-are-targeting-edtech-data-breaches-and-ransomware-attacks-on-the-rise/?pk_campaign=feed&pk_kwd=cybercriminals-are-targeting-edtech-data-breaches-and-ransomware-attacks-on-the-rise] [Ransomware & Extortion] * Mastra npm Supply Chain Attack Poisons 140+ Packages [https://www.microsoft.com/en-us/security/blog/2026/06/17/postinstall-payload-inside-mastra-npm-supply-chain-compromise/] [Business & Infrastructure Threats] * Account Takeover Attacks Rising Through Session Hijacking and MFA Bypass [https://www.bleepingcomputer.com/news/security/why-account-takeovers-are-rising-and-how-to-stop-them/] [Business & Infrastructure Threats] * CASB Blind Spot: QUIC Protocol Bypasses Web Traffic Inspection [https://isc.sans.edu/diary/rss/33084] [Business & Infrastructure Threats] * Crypto Clipper Malware Uses Tor and Worm-Like Propagation [https://www.microsoft.com/en-us/security/blog/2026/06/17/crypto-clipper-uses-tor-worm-like-propagation-for-persistence-control/] [Windows / AD Security] * Office Apps Experiencing Launch Issues After June Updates [https://www.bleepingcomputer.com/news/microsoft/microsoft-confirms-office-apps-launch-issues-after-june-updates/] [Windows / AD Security] * Interpol: Cyber Offenses Account for One-Third of Crime in Asia-Pacific [https://www.theregister.com/cyber-crime/2026/06/18/cyber-offenses-now-account-for-around-a-third-of-all-crime-across-asia-and-south-pacific/5257716] [General Security News] * Junior Hacker Uses Tailscale and OpenSSH for Backup Persistence [https://thehackernews.com/2026/06/junior-hacker-used-tailscale-and.html] [General Security News] * CVE-2026-48854: Elixir gRPC Unbounded Request Body Memory Exhaustion [https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-48854] [Vulnerability Disclosures] * Coordinated SSH Brute Force Attacks Over Three Months [https://isc.sans.edu/diary/rss/33086] [Vulnerability Disclosures] CVES REFERENCED CVE-2023-3519, CVE-2023-48788, CVE-2024-57727, CVE-2025-5777, CVE-2026-25089, CVE-2026-33825, CVE-2026-39808, CVE-2026-39813, CVE-2026-41091, CVE-2026-45498, CVE-2026-48854, CVE-2026-48907, CVE-2026-50656 INDICATORS OF COMPROMISE IP Addresses: 2.9.99.6 Read the full brief [https://carolinacleartech.com/brief/2026-06-18/]

2026-06-17: CISA gives federal agencies until tomorrow to patch an actively exploited cPanel plugin

SHOW NOTES - 2026-06-17 STORIES COVERED * Today: * CISA Orders LiteSpeed cPanel Patch by June 18 (CVE-2026-54420) [https://www.bleepingcomputer.com/news/security/cisa-warns-of-another-actively-exploited-cpanel-plugin-flaw/] [Critical Alerts] * Microsoft Working on RoguePlanet Defender Zero-Day Patch (CVE-2026-50656) [https://www.bleepingcomputer.com/news/microsoft/microsoft-working-on-defender-patch-for-rogueplanet-zero-day/] [Critical Alerts] * Joomla JCE Plugin Flaw Under Active Exploitation (CVE-2026-48907) [https://thehackernews.com/2026/06/cisa-warns-of-actively-exploited-joomla.html] [Critical Alerts] * Three Fortinet FortiSandbox Flaws Under Active Exploitation [https://www.securityweek.com/3-recently-patched-fortinet-fortisandbox-vulnerabilities-in-hacker-crosshairs/] [Critical Alerts] * DragonForce Ransomware Abuses Microsoft Teams TURN Relays for Command-and-Control [https://www.bleepingcomputer.com/news/security/ransomware-gang-abuses-microsoft-teams-relays-to-hide-malicious-traffic/] [Ransomware & Extortion] * Kodak Confirms Data Breach, ShinyHunters Claims 2.2 Million Records [https://www.bleepingcomputer.com/news/security/kodak-confirms-data-breach-claimed-by-shinyhunters-extortion-gang/] [Ransomware & Extortion] * Lorem Ipsum Malware Pivots to ClickFix Delivery, Likely Linked to Vice Society [https://www.darkreading.com/cyberattacks-data-breaches/lorem-ipsum-malware-clickfix-delivery] [Ransomware & Extortion] * Novo Nordisk Hit by Two Separate Threat Actors Demanding $50M and $25M [https://databreaches.net/2026/06/16/one-threat-actor-demanded-50-million-from-novo-nordisk-another-one-demanded-25-million-neither-got-paid/?pk_campaign=feed&pk_kwd=one-threat-actor-demanded-50-million-from-novo-nordisk-another-one-demanded-25-million-neither-got-paid] [Ransomware & Extortion] * 144 Mastra npm Packages Compromised via Hijacked Contributor Account [https://thehackernews.com/2026/06/144-mastra-npm-packages-compromised-via.html] [Business & Infrastructure Threats] * 15 Malicious JetBrains Plugins Steal AI API Keys from 70,000 Developers [https://www.bleepingcomputer.com/news/security/malicious-jetbrains-marketplace-plugins-steal-ai-api-keys-from-developers/] [Business & Infrastructure Threats] * Steam Workshop Abused to Spread Malware via Wallpaper Engine [https://www.bleepingcomputer.com/news/security/steam-workshop-abused-to-spread-malware-via-wallpaper-engine-app/] [Business & Infrastructure Threats] * 30,000 Compromised Fortinet Firewalls Expose Corporate Networks (FortiBleed Campaign) [https://www.securityweek.com/3-recently-patched-fortinet-fortisandbox-vulnerabilities-in-hacker-crosshairs/] [Business & Infrastructure Threats] * ClickFix Campaigns Expand with BabaDeda, Lorem Ipsum, and Potemkin Loaders [https://thehackernews.com/2026/06/clickfix-campaigns-expand-malware.html] [General Security News] * GhostTree Attack Abuses Recursive Windows Junctions to Hide Malware from EDR [https://www.bleepingcomputer.com/news/security/ghosttree-attack-abused-recursive-windows-junctions-to-hide-malware/] [General Security News] * Google Vertex AI SDK Flaw Allowed Cross-Tenant Model Hijacking (Pickle in the Middle) [https://unit42.paloaltonetworks.com/hijacking-vertex-ai-model/] [General Security News] * China Arrests 67 Suspects Linked to Silver Fox Cybercrime Group [https://news.risky.biz/risky-bulletin-china-arrests-members-of-silver-fox-cybercrime-group/] [General Security News] * Chrome Extensions Steal AI Conversations (PromptSnatcher Campaign) [https://thehackernews.com/2026/06/malicious-jetbrains-plugins-steal-ai.html] [General Security News] * China-Linked SprySOCKS Backdoor Expands to Windows with Driver-Based Stealth [https://thehackernews.com/2026/06/china-linked-sprysocks-backdoor-expands.html] [General Security News] * New Rokarolla Android Malware Targets 217 Banking and Crypto Apps [https://www.bleepingcomputer.com/news/security/new-rokarolla-android-malware-targets-217-banking-crypto-apps/] [General Security News] * FTC Warns of Record $3.5 Billion Losses to Imposter Scams in 2025 [https://www.bleepingcomputer.com/news/security/ftc-warns-of-record-35-billion-losses-to-imposter-scams-in-2025/] [General Security News] * Rockwell Automation FLEX I/O EtherNet/IP Adapters (CVE-2026-0646, CVE-2026-0647) [https://www.cisa.gov/news-events/ics-advisories/icsa-26-167-05] [Vulnerability Disclosures] * Rockwell Automation RSLinx Classic (CVE-2020-13573) [https://www.cisa.gov/news-events/ics-advisories/icsa-26-167-02] [Vulnerability Disclosures] * Rockwell Automation Logix 5370 & 5570 Controllers (CVE-2026-11317) [https://www.cisa.gov/news-events/ics-advisories/icsa-26-167-03] [Vulnerability Disclosures] * Rockwell Automation FactoryTalk Analytics PavilionX (CVE-2025-14272) [https://www.cisa.gov/news-events/ics-advisories/icsa-26-167-01] [Vulnerability Disclosures] * Chrome and Firefox Memory Safety Updates [https://www.securityweek.com/chrome-and-firefox-updated-to-patch-critical-high-severity-vulnerabilities/] [Vulnerability Disclosures] CVES REFERENCED CVE-2020-13573, CVE-2023-52271, CVE-2025-1055, CVE-2025-14272, CVE-2025-61155, CVE-2026-0646, CVE-2026-0647, CVE-2026-11317, CVE-2026-25089, CVE-2026-39808, CVE-2026-39813, CVE-2026-48907, CVE-2026-50656, CVE-2026-54420 INDICATORS OF COMPROMISE IP Addresses: 2.9.99.4, 2.9.99.5, 39.107.60.51 Read the full brief [https://carolinacleartech.com/brief/2026-06-17/]

2026-06-16: Cisco patches its eighth SD-WAN zero-day of the year

SHOW NOTES - 2026-06-16 STORIES COVERED * June 16, 2026 * Today: * Cisco Catalyst SD-WAN Manager Arbitrary File Write (CVE-2026-20262) [https://thehackernews.com/2026/06/cisco-releases-security-updates-for.html] [Critical Alerts] * Google Chrome V8 Zero-Day (CVE-2026-11645) [https://thehackernews.com/2026/06/weekly-recap-chrome-0-day-unifi.html] [Critical Alerts] * Oracle PeopleSoft Zero-Day Exploited by ShinyHunters (CVE-2026-35273) [https://thehackernews.com/2026/06/weekly-recap-chrome-0-day-unifi.html] [Critical Alerts] * LiteSpeed cPanel Plugin Privilege Escalation (CVE-2026-54420) [https://thehackernews.com/2026/06/cisa-flags-litespeed-cpanel-plugin-flaw.html] [Critical Alerts] * Mackay Sugar Ransomware Attack Shuts Down Mills [https://www.securityweek.com/ransomware-attack-shuts-down-mills-of-australias-second-largest-sugar-producer/] [Ransomware & Extortion] * FulcrumSec Leaks Novo Nordisk Data After $25M Demand Goes Unpaid [https://databreaches.net/2026/06/15/scoop-fulcrumsec-leaks-novo-nordisk-data-after-25m-demand-goes-unpaid/] [Ransomware & Extortion] * Conti Ransomware Developer Pleads Guilty [https://www.securityweek.com/ukrainian-man-pleads-guilty-in-us-to-conti-ransomware-charges/] [Ransomware & Extortion] * Microsoft 365 Copilot SearchLeak Vulnerability (CVE-2026-42824) [https://thehackernews.com/2026/06/one-click-microsoft-365-copilot-flaw.html] [General Security News] * 1,500+ Arch Linux Packages Compromised With Malware [https://thehackernews.com/2026/06/weekly-recap-chrome-0-day-unifi.html] [General Security News] * FBI Takes Down Outsider PhaaS Enterprise [https://thehackernews.com/2026/06/weekly-recap-chrome-0-day-unifi.html] [General Security News] * ShinyHunters Claims Council of Europe Hack [https://www.bleepingcomputer.com/news/security/council-of-europe-investigates-shinyhunters-data-breach-claims/] [General Security News] * North Korean Hackers Target Developers With Malicious Tools [https://thehackernews.com/2026/06/north-korean-hackers-are-turning.html] [General Security News] * Chinese APT UNC6508 Targets US Medical and Academic Research [https://cloud.google.com/blog/topics/threat-intelligence/prc-targets-us-medical-research/] [General Security News] * Jaguar Land Rover Ordered 30,000 Staff Password Resets After Cyberattack [https://databreaches.net/2026/06/15/jlr-ordered-30000-staff-to-reset-passwords-in-person-after-cyberattack/] [General Security News] * VHDX File Delivers Remcos RAT [https://isc.sans.edu/diary/rss/33080] [Vulnerability Disclosures] * Linux-PAM Timing Attack (CVE-2026-54411) [https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-54411] [Vulnerability Disclosures] * Microsoft Edge Chromium CVE Batch [https://msrc.microsoft.com/update-guide/] [Vulnerability Disclosures] CVES REFERENCED CVE-2026-11640, CVE-2026-11645, CVE-2026-11662, CVE-2026-11668, CVE-2026-11677, CVE-2026-11684, CVE-2026-11685, CVE-2026-11688, CVE-2026-11693, CVE-2026-12010, CVE-2026-12012, CVE-2026-12016, CVE-2026-12019, CVE-2026-20262, CVE-2026-2441, CVE-2026-35273, CVE-2026-3909, CVE-2026-3910, CVE-2026-42824, CVE-2026-5281, CVE-2026-54411, CVE-2026-54420 INDICATORS OF COMPROMISE IP Addresses: 20.9.9.2, 20.12.7.2, 20.15.4.5, 20.15.5.3, 20.18.3.1, 26.1.1.2, 5.3.2.0 Read the full brief [https://carolinacleartech.com/brief/2026-06-16/]

2026-06-15: Palo Alto GlobalProtect VPN suffers active exploitation with CISA KEV deadline passed

SHOW NOTES - 2026-06-15 STORIES COVERED * Today: [June 15, 2026] * Palo Alto PAN-OS GlobalProtect VPN Authentication Bypass (CVE-2026-0257) [https://thehackernews.com/2026/06/palo-alto-warns-of-active-exploitation.html] [Critical Alerts] * Arch Linux Supply Chain Attack Hijacks 1,900+ AUR Packages [https://news.risky.biz/risky-bulletin-arch-linux-supply-chain-attack-spreads-to-1-900-aur-packages/] [Critical Alerts] * FBI Dismantles Chinese Phishing-as-a-Service Platform (Outsider Enterprise) [https://www.bleepingcomputer.com/news/security/fbi-disrupts-massive-ai-powered-phishing-service-using-a-million-urls/] [Business & Infrastructure Threats] * WordPress Plugin Supply Chain Attack (Awesome Motive) [https://news.risky.biz/risky-bulletin-arch-linux-supply-chain-attack-spreads-to-1-900-aur-packages/] [Business & Infrastructure Threats] * Maine Attorney General Disables Data Breach Portal Due to Fake Submissions [https://news.risky.biz/risky-bulletin-arch-linux-supply-chain-attack-spreads-to-1-900-aur-packages/] [Business & Infrastructure Threats] * Sniper Dz Phishing-as-a-Service Platform Targets MENA Region [https://thehackernews.com/2026/06/sniper-dz-scams-target-mena-users-via.html] [General Security News] * Hotel Chain Data Breach (BWH Hotels) [https://databreaches.net/2026/06/14/uk-hotel-guests-issued-urgent-check-alert-as-personal-details-stolen-from-major-chain/?pk_campaign=feed&pk_kwd=uk-hotel-guests-issued-urgent-check-alert-as-personal-details-stolen-from-major-chain] [General Security News] * Novo Nordisk Clinical Trial Patient Data Breach [https://databreaches.net/2026/06/14/novo-nordisk-reports-data-breach-tells-clinical-trial-patients-to-remain-vigilant/?pk_campaign=feed&pk_kwd=novo-nordisk-reports-data-breach-tells-clinical-trial-patients-to-remain-vigilant] [General Security News] * ShinyHunters Lists New Victims [https://news.risky.biz/risky-bulletin-arch-linux-supply-chain-attack-spreads-to-1-900-aur-packages/] [General Security News] * CVE-2026-11526 (Perl GD Library Command Injection) [https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-11526] [Vulnerability Disclosures] CVES REFERENCED CVE-2026-0257, CVE-2026-11526 INDICATORS OF COMPROMISE IP Addresses: 23.128.228.6, 104.207.144.154, 146.19.216.119, 146.19.216.120, 146.19.216.125, 179.43.172.213, 185.195.232.139, 198.12.106.60, 202.144.192.47 Read the full brief [https://carolinacleartech.com/brief/2026-06-15/]