Last updated: July 6, 2026 at 12:53 AM UTC
All 559 Vulnerability 199 Breach 107 Threat 246 Defense 7

FortiBleed leak exposes VPN credentials for nearly 74,000 Fortinet firewalls

A newly surfaced dataset dubbed FortiBleed exposes what appear to be Fortinet and FortiGate VPN credentials tied to 73,932 firewall URLs at organizations around the world. Separately, researchers at SOCRadar report roughly 30,000 compromised Fortinet firewalls exposing networks to attack. Exposed VPN credentials are a direct route into corporate networks, letting attackers log in as legitimate users, bypass perimeter defenses, and stage ransomware or data theft. Fortinet gear is a perennial target, with many of these exposures stemming from past unpatched flaws and credential harvesting. Organizations cannot assume old Fortinet credentials are safe just because devices were later patched.

Check
Check whether your Fortinet or FortiGate VPN appliances appear in the exposed dataset, review VPN authentication logs for logins from unfamiliar locations, and confirm whether previously exposed devices were fully remediated.
Affected
Organizations running internet-facing Fortinet and FortiGate VPNs whose credentials appear among the 73,932 exposed firewall URLs; reused or never-rotated VPN passwords are most at risk.
Fix
Force-reset all Fortinet VPN credentials, enable phishing-resistant MFA on VPN access, restrict management interfaces, and fully patch or replace appliances, treating any potentially exposed device as compromised until verified.

Malicious JetBrains plugins steal developers' AI API keys on entry

Aikido Security uncovered a coordinated campaign of at least 15 malicious plugins on the JetBrains Marketplace that pose as AI coding assistants but secretly steal the AI provider API keys developers enter. The plugins offer real features like chat, code review, and commit messages, so they work as advertised, but the moment a user pastes in an OpenAI, DeepSeek, or SiliconFlow key and clicks Apply, the key is silently sent to an attacker server over plain HTTP, with no prompt. The campaign has run since late October 2025, with new plugins as recent as June 10, and uses inflated downloads and fake reviews. Separately, malicious Chrome extensions were found capturing chatbot conversations.

Check
Review which JetBrains IDE plugins and browser extensions developers have installed, especially AI-assistant tools, and check whether any AI provider API keys were entered into third-party plugins rather than official integrations.
Affected
Developers who installed the malicious JetBrains AI-assistant plugins and entered OpenAI, DeepSeek, or SiliconFlow API keys; users of malicious Chrome extensions that harvest chatbot conversations are also exposed.
Fix
Remove untrusted AI plugins and extensions, rotate any AI provider API keys that were entered into them, restrict key permissions and spend limits, and source AI tooling only from vetted, official publishers.

144 Mastra AI-framework npm packages backdoored via hijacked account

Attackers hijacked the npm account of a former contributor to Mastra, a popular open-source framework for building AI applications, and in an 88-minute automated burst republished 144 packages under the @mastra scope with a hidden malicious dependency. The poisoned dependency, a fake clone of a date library, runs at install time: it disables TLS checks, downloads a second-stage cryptocurrency-stealing trojan, runs it as a detached process, and deletes itself. Because @mastra/core alone sees over 900,000 weekly downloads and the payload fires on install, anyone who installed an affected version since June 16 could be compromised before importing anything. npm has pulled the malicious versions.

Check
Check whether any developer machine, CI runner, or build system installed an @mastra package on or after June 16, and scan for the malicious easy-day-js dependency and install-time persistence artifacts.
Affected
Developers and pipelines that installed any @mastra package (including @mastra/core) on or after June 16, 2026; the malicious easy-day-js dependency ran code automatically at install time.
Fix
Roll affected packages back to pre-incident versions, treat affected hosts as compromised, rotate all credentials, tokens, and AI keys, move any crypto wallet funds from a clean device, and require signed-package installs.

Kodak confirms breach as ShinyHunters claims 2.2 million stolen records

Eastman Kodak has confirmed that an unauthorized third party gained temporary access to a limited amount of company data, after the extortion group ShinyHunters listed the firm on its dark-web leak site. ShinyHunters claims it stole more than 2.2 million records containing customer personal information and internal corporate data, and set a leak deadline of June 18, though it has released no proof and Kodak has not verified the figure. Kodak, now mainly a B2B manufacturing and technology company, says it engaged outside experts and law enforcement and sees no threat to operations. The breach fits ShinyHunters' prolific 2026 data-theft campaign.

Check
Kodak's business customers and partners should watch for targeted phishing and business email compromise referencing Kodak dealings, and verify any unexpected payment or account-change requests through known contacts.
Affected
Kodak customers and partners whose personal or corporate data may sit in the stolen records; ShinyHunters claims 2.2 million records, a figure Kodak has not confirmed and the group has not substantiated.
Fix
Watch for fraud and phishing tied to the breach, reset and stop reusing any Kodak-related credentials, and enable phishing-resistant MFA. Organizations should harden help-desk verification against social-engineering-driven data theft.

DragonForce ransomware hid command traffic inside Microsoft Teams for months

Symantec reports that DragonForce ransomware operators stayed hidden inside a major US services firm's network for up to two months by disguising their command-and-control traffic as ordinary Microsoft Teams activity. A new Go-based backdoor, Backdoor.Turn, grabs an anonymous Teams visitor token, routes through a legitimate Microsoft Teams relay server, and then tunnels to the attackers' real server, so defenders watching the network only see connections to genuine Microsoft infrastructure. It is the first known malware to abuse Teams relay servers this way. The attackers also used a custom malicious driver to disable defenses, and installed the backdoor after deploying ransomware, suggesting they kept access for a return visit or to resell.

Check
Hunt for anomalous QUIC and Teams-relay traffic and unexpected processes making Teams connections, and review hosts for suspicious drivers, new accounts, and weakened password or firewall settings.
Affected
Organizations targeted by DragonForce; because the backdoor blends into legitimate Microsoft Teams traffic, network monitoring alone may miss it, leaving internet-facing database servers and weak segmentation as entry points.
Fix
Patch internet-facing SQL and other servers, enforce least privilege and driver-signing controls, monitor for Teams-relay abuse and BYOVD activity, and maintain tested offline backups and network segmentation to limit ransomware impact.

HIBP confirms 248,000 accounts from ShinyHunters breach of advisory firm CFGI

Have I Been Pwned has added 248,235 accounts from the March breach of CFGI, a US accounting and financial-advisory firm that works closely with corporate finance teams at mid-market and Fortune 500 companies. The extortion group ShinyHunters claimed the intrusion, posting hundreds of thousands of records including names, emails, phone numbers, and home addresses, along with internal corporate documents and identity-system metadata. Because CFGI sits inside its clients' finance functions, the stolen contact and relationship data is unusually useful for convincing business email compromise and client-impersonation scams aimed at authorizing fraudulent payments.

Check
If you work with or for CFGI, check Have I Been Pwned for your email and watch for finance-themed phishing, fake wire instructions, or audit-document requests referencing CFGI.
Affected
CFGI employees, clients, and contacts whose personal and corporate data was exposed (248,235 accounts confirmed); the firm's finance-function clients face elevated business email compromise risk.
Fix
Reset and stop reusing CFGI-related credentials, enable phishing-resistant MFA, and verify any unexpected payment, wire, or account-change request through a known, pre-established voice channel rather than email links.

Exploited LiteSpeed cPanel plugin flaw lets hosting users gain root

CISA has added a LiteSpeed cPanel plugin flaw to its known-exploited list and given federal agencies until June 18 to patch. The bug (CVE-2026-54420, rated 8.5) lets a user who already has FTP or web-shell access on a shared hosting server escalate to root by abusing how the plugin follows symbolic links, on servers running CloudLinux or CageFS. On multi-tenant hosting that turns one compromised account into full control of the whole server and every site on it. Namecheap reported it after spotting suspicious activity, and LiteSpeed flagged active exploitation in early June. The fix is LiteSpeed WHM Plugin 5.3.2.1 with cPanel plugin 2.4.8.

Check
Identify shared-hosting servers running the LiteSpeed cPanel plugin on CloudLinux or CageFS, confirm the version, and review logs for unexpected privilege changes or suspicious command activity.
Affected
Shared hosting servers running the LiteSpeed cPanel user-end plugin before 2.4.8 on CloudLinux or CageFS (CVE-2026-54420); any account with FTP or web-shell access can escalate to root.
Fix
Upgrade to LiteSpeed WHM Plugin 5.3.2.1 (cPanel plugin 2.4.8) or later now. If you cannot patch immediately, remove the user-end plugin, then hunt for signs of prior root-level compromise.

Attackers now exploiting three critical FortiSandbox flaws, one with AI-built exploit

Threat-intelligence firm Defused reports that attackers are now exploiting three critical flaws in Fortinet's FortiSandbox, the appliance other Fortinet products rely on to judge whether files are malicious. Two (CVE-2026-39813, a JRPC API path traversal that bypasses authentication, and CVE-2026-39808, an unauthenticated command-injection that runs code as root) were patched in April; the third (CVE-2026-25089) only last week. All are unauthenticated and rated critical. Compromising a sandbox is especially dangerous because attackers can make it wave real malware through as clean. Notably, the exploit for one flaw appears to have been generated with AI and is likely faulty, yet attackers are trying it anyway.

Check
Identify FortiSandbox, FortiSandbox Cloud, and PaaS instances and their versions, confirm whether the web and JRPC API interfaces are reachable from untrusted networks, and review logs for unauthenticated command execution.
Affected
FortiSandbox, FortiSandbox Cloud, and FortiSandbox PaaS that are unpatched against CVE-2026-39813, CVE-2026-39808, or CVE-2026-25089, especially instances exposed to untrusted networks; all three need no authentication.
Fix
Upgrade FortiSandbox to the fixed releases for all three CVEs immediately, restrict management and API interfaces to trusted networks, and treat any unpatched appliance as potentially compromised pending review.

Google Vertex AI SDK flaw let attackers hijack model uploads across tenants

Palo Alto's Unit 42 disclosed a flaw, nicknamed Pickle in the Middle, in Google Cloud's Vertex AI SDK for Python that let an attacker with no access to a victim's project hijack their machine-learning model uploads and run code across tenant boundaries. When a model was uploaded without a custom staging bucket, the SDK generated a predictable storage bucket name from the project ID and region and failed to verify ownership, so an attacker could pre-create that bucket, receive the victim's model, and swap in a malicious one that executes on deployment. Google fully fixed it in SDK version 1.148.0 in April; Unit 42 saw no exploitation in the wild.

Check
Check the google-cloud-aiplatform SDK version everywhere it runs, including notebooks, CI jobs, and training pipelines, and confirm whether model uploads relied on default, auto-generated staging buckets.
Affected
Google Cloud Vertex AI users on google-cloud-aiplatform SDK versions before 1.148.0 who uploaded models without specifying their own staging bucket; no CVE was assigned and no exploitation was observed.
Fix
Update the Vertex AI SDK to 1.148.0 or later so bucket-ownership checks are active, and always set an explicit staging bucket pointing to Cloud Storage you control when uploading models.

Cardiac monitoring firm iRhythm says patient health data stolen in attack

iRhythm, the US digital-health company behind the Zio wearable heart monitor, has told regulators that attackers stole patient data in a breach it considers material. In an SEC filing, the company said it detected unauthorized activity on June 8 in third-party-hosted business applications, accessed through a social-engineering attack, and received an extortion demand the next day from a threat actor claiming to hold proprietary data, protected health information, and other personal data. iRhythm says its clinical systems, medical devices, patient safety, and operations were not affected, with no payment-card or financial data involved. No ransomware group has publicly claimed the attack, and the number of affected people is not yet known.

Check
Healthcare and other organizations should review how third-party-hosted business applications are secured and monitored, and confirm that help desks and staff can resist social-engineering attempts to grant access.
Affected
iRhythm patients and others whose protected health information and personal data sat in the affected third-party business applications; clinical systems, devices, and financial data were reportedly not involved.
Fix
Enforce phishing-resistant MFA and strong identity verification on third-party SaaS, limit and log access to systems holding health data, and rehearse social-engineering scenarios with staff and help-desk teams.