2026-06-22 00:00
← BackThis week’s threat list looks painfully familiar: abused integrations, fake tools, poisoned websites, ransomware crews trying to shut down security tools, and mobile malware asking for way too much control. The annoying part is how little of this feels new. Weak credentials, sketchy downloads, browser extensions with too much access, and WordPress sites are used to push more attacks. Nothing clever. Just sloppy, cheap, and effective. Here’s the Monday recap. Let’s get into the week’s mess. FortiBleed Campaign Identifies Over 80K Targets— A large-scale campaign codenamed FortiBleed has systematically targeted and compromised Fortinet FortiGate firewall and SSL VPN gateway devices worldwide.
According to SOCRadar, it has been running since at least February 2026, with over 80,000 devices identified with working usernames and passwords that have been tested by suspected Russian-speaking threat actors using automated tools running around the clock. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) urged Fortinet customers with FortiGate appliances to take steps to secure against ongoing malicious activity aimed at thousands of internet-accessible devices. Fortinet also said the campaign likely involves the threat actors reusing credentials from previous incidents, such as CVE-2026-24858, CVE-2025-59718, and CVE-2025-59719, along with employing brute-force techniques against devices with weak password hygiene and no multi-factor authentication (MFA). Reactive...
This week’s threat list looks painfully familiar: abused integrations, fake tools, poisoned websites, ransomware crews trying to shut down security tools, and mobile malware asking for way too much control. The annoying part is how little of this feels new. Weak credentials, sketchy downloads, browser extensions with too much access, and WordPress sites are used to push more attacks. Nothing clever. Just sloppy, cheap, and effective. Here’s the Monday recap. Let’s get into the week’s mess. FortiBleed Campaign Identifies Over 80K Targets— A large-scale campaign codenamed FortiBleed has systematically targeted and compromised Fortinet FortiGate firewall and SSL VPN gateway devices worldwide.
According to SOCRadar, it has been running since at least February 2026, with over 80,000 devices identified with working usernames and passwords that have been tested by suspected Russian-speaking threat actors using automated tools running around the clock. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) urged Fortinet customers with FortiGate appliances to take steps to secure against ongoing malicious activity aimed at thousands of internet-accessible devices. Fortinet also said the campaign likely involves the threat actors reusing credentials from previous incidents, such as CVE-2026-24858, CVE-2025-59718, and CVE-2025-59719, along with employing brute-force techniques against devices with weak password hygiene and no multi-factor authentication (MFA). Reactive network operations slow teams down and increase business risk. Join Tines and Netskope to discover a practical five-step framework for improving visibility, accelerating response, and creating secure, reliable operations across modern hybrid environments. Bugs drop weekly, and the gap between a patch and an exploit is shrinking fast. These are the heavy hitters for the week: high-severity, widely used, or already being poked at in the wild.
Check the list, patch what you have, and hit the ones marked urgent first —CVE-2026-20262(Cisco SD-WAN Manager),CVE-2026-54420(LiteSpeed cPanel Plugin),CVE-2026-48907(Widget Factory Joomla Content Editor),CVE-2026-4020(Gravity SMTP WordPress Plugin),CVE-2026-47101, CVE-2026-47102, CVE-2026-40217,CVE-2026-49468(LiteLLM),CVE-2026-24190(NVIDIA Display Driver for Windows and Linux),CVE-2026-48558(SimpleHelp),CVE-2026-39449(Contact Form to Any API WordPress plugin),CVE-2026-39849,CVE-2026-44693(Pi-hole FTL),CVE-2026-49980,CVE-2026-41179,CVE-2026-41176(Rclone),CVE-2026-54157(@lobehub/lobehub),CVE-2026-48746(vllm),CVE-2026-48519(Langflow),CVE-2026-38329(Bludit CMS),CVE-2026-39949(Cacti),CVE-2026-8444(WP Review Slider Pro WordPress plugin),CVE-2026-52697(Taskbuilder WordPress plugin),CVE-2026-52700(WCMultiShipping WordPress plugin),CVE-2026-3326(XStore WordPress theme),CVE-2026-2418(Login with Salesforce WordPress plugin),CVE-2026-6379(WP Photo Album Plus WordPress plugin),CVE-2026-2446(PowerPack for LearnDash WordPress plugin),CVE-2025-15445(Restaurant Cafeteria WordPress theme),CVE-2026-8443(WP Review Slider Pro WordPress plugin),CVE-2026-6933(Premmerce Dev Tools WordPress plugin),CVE-2026-9848(WP Ticket Customer Service Software & Support Ticket System WordPress plugin),CVE-2026-52707(Kastell WordPress theme),CVE-2026-52703(FastDup WordPress plugin),CVE-2026-52706(JetEngine WordPress plugin),CVE-2026-27429(Nifty WordPress theme),CVE-2025-69129(WordPress & WooCommerce Scraper WordPress plugin),CVE-2026-27400(BookPro WordPress plugin),CVE-2026-8713(Avada Builder WordPress plugin),from CVE-2026-12437 through CVE-2026-12443(Google Chrome),CVE-2026-12326, CVE-2026-12327, CVE-2026-12328(Mozilla Firefox),CVE-2026-8049, CVE-2026-8050(SignalRGB kernel driver),CVE-2026-20266(Splunk AI Toolkit),CVE-2026-41293, CVE-2026-43512, CVE-2026-42579, CVE-2026-42584, CVE-2026-43515(Atlassian Confluence Data Center and Server),CVE-2026-20181, CVE-2026-20190(Cisco Identity Services Engine and ISE Passive Identity Connector),CVE-2026-48933, CVE-2026-48618(Node.js),CVE-2026-9862(Fortra Core Privileged Access Manager), andmultiple vulnerabilitiesin Crawl4AI Docker API (no CVEs). Disclaimer: This is strictly for research and learning. It hasn't been through a formal security audit, so don't just blindly drop it into production. Read the code, break it in a sandbox first, and make sure whatever you’re doing stays on the right side of the law. This week’s lesson: most attacks do not need a genius move. They need one trusted app, one stale login, one noisy plugin, or one user chasing a shortcut. The fix starts in the dull places. Cut access.
Clean old sites. Question helper tools. Watch the small cracks, because that is where the week usually starts leaking. Learn how to uncover hidden AI use, see what data it can access, map every AI action to a human owner, and apply practical governance without heavy infrastructure changes. Learn how to contain Mythos-style AI attacks with practical Zero Trust controls that reduce exposure, stop lateral movement, and limit risk. Get the latest news, expert insights, exclusive resources, and strategies from industry leaders, all for free.