The systematic cyber attacks aimed at stealing sensitive
FortiBleed Targeted FortiGate Firewalls in 110 Million-Credential Harvesting Operation
The campaign, active since February 2026, involves collecting credential lists, searching for exposed services, brute-forcing accessible systems, and deploying bespoke
Hackers Exploit Gravity SMTP WordPress Plugin Bug to Expose API Keys
The vulnerability, tracked as CVE-2026-4020 (CVSS score: 5.3), is a medium-severity information disclosure flaw that can allow unauthenticated attackers to extract sensitive data, such as configuration data, API keys, secrets, and OAuth tokens
Unpatchable ‘usbliter8’ Exploit Breaks Apple A12 and A13 SecureROM Boot Chain
That code is burned into the silicon at manufacture. No software update can reach it. Affected devices will carry this flaw for as long as they stay in use.
This is not a remote attack. It requires
China-Linked JDY Botnet Expands to 1,500+ Devices for Cyber Reconnaissance
“The JDY botnet comprises over 1,500 SOHO [small office and home office] and IoT devices and operates as a centrally controlled, high-performance scanner used to discover, fingerprint, and continuously map exposed services at scale,” Lumen’s
Meta to Use Off-Site Business Data for Feed and AI Personalization
“Businesses often share information about people’s activity on their sites with us to make ads more relevant,” Meta said in a statement.
“We already use this data – like games you play
One-Character Linux Kernel Flaw Enables Local Root Access, Exploits Now Public
The flaw, CVE-2026-23111, sits in the kernel’s nf_tables packet-filtering code and was patched upstream on February 5, 2026. Exodus Intelligence released its full technical walkthrough on June 8, and it is not even
Cisco Patches CVE-2026-20230 in Unified CM as Exploit Code Goes Public
It is tracked as CVE-2026-20230, and proof-of-concept exploit code is already public. Cisco’s PSIRT says it has not seen the flaw used in attacks yet. The PoC shortens that runway.
The flaw is a server-side request forgery.
MuddyWater Uses DLL Side-Loading in Espionage Campaign Targeting 9 Countries
The activity targeted industrial and electronics manufacturing, education and public-sector bodies, financial services, and professional services, per the Threat Hunter Team from Symantec and Carbon Black.
⚡ Weekly Recap: Linux Flaws, Defender 0-Days, Router Botnets, and Supply Chain Chaos
A sketchy dev tool got people pwned, old bugs came back from the dead, and security products somehow needed protecting from themselves. A bunch of companies spent the week checking old boxes and forgotten servers they should’ve patched years ago. Good times.
Phishing crews are getting smarter too – less obvious scam junk, more targeted stuff that actually
