Cyber Security News

Hacking Editorial Brief — June 17, 2026

China-Linked Actors Exploit Legacy REDCap Research Infrastructure

Chinese threat actors are conducting an active espionage campaign against U.S. and Canadian research institutions by exploiting legacy REDCap deployments. Attackers compromised REDCap upgrade processes to install persistent malware on systems used by academic, healthcare, and defense research networks. REDCap is widely deployed across research environments for data collection and survey management, making it a high-value target for intelligence gathering on ongoing research programs. The campaign demonstrates systematic exploitation of research infrastructure where security patching often lags due to operational constraints and limited IT resources in academic environments.

Rapid Exploitation of Fortinet FortiSandbox Vulnerabilities

Threat actors exploited three critical FortiSandbox vulnerabilities—CVE-2026-39813, CVE-2026-39808, and CVE-2026-25089—within 24 hours of public disclosure. CVE-2026-39813 was patched just last week, indicating attackers maintained prepared exploit chains awaiting patch release to reverse-engineer vulnerabilities. The immediate weaponization timeline underscores the speed at which sophisticated actors are developing and deploying exploits for enterprise security infrastructure, particularly appliances positioned at network perimeters. FortiSandbox devices analyze suspicious files and URLs, making them strategic targets for threat actors seeking to bypass detection mechanisms.

FulcrumSec Escalates Novo Nordisk Extortion with Data Leaks

Cybercrime group FulcrumSec has begun releasing samples from what they claim is 1.3 terabytes of data stolen from pharmaceutical manufacturer Novo Nordisk, escalating a $25 million extortion demand. The breach represents a significant compromise of a major pharmaceutical company amid ongoing attacks on healthcare and pharmaceutical targets. Meanwhile, digital healthcare provider iRhythm disclosed a separate breach where attackers exfiltrated patient protected health information and proprietary data from third-party-hosted applications. Separately, malicious JetBrains Marketplace plugins deployed in a coordinated campaign since October 2025 have achieved nearly 70,000 installations, exfiltrating AI provider API keys from developer environments—a supply chain attack targeting the software development toolchain itself.

Sources: CSO Online · The Hacker News · GovInfoSecurity · Bleeping Computer