Cyber Security News

Hacking Editorial Brief — June 24, 2026

FortiBleed Campaign Harvests 110 Million Credentials from FortiGate Firewalls

Threat actors exploited FortiGate firewalls in a large-scale credential harvesting operation dubbed "FortiBleed," compromising 110 million credentials through systematic targeting. The campaign utilized a Go-based scanner that cycled through target lists, with actors reloading and revalidating inputs from files including "EU.txt" during ongoing operations. The scale of the credential theft represents one of the year's largest single-campaign compromises of authentication data, with FortiGate appliances serving as the primary attack vector. Separately, researchers discovered an exposed database containing 24 billion stolen credential records aggregated from multiple sources including data breaches, phishing campaigns, and infostealer malware infections, underscoring the accumulating volume of compromised authentication credentials in circulation.

Active Exploitation of Cisco Unified CM Zero-Day and Microsoft Defender Flaw

Attackers are actively exploiting CVE-2026-20230, a vulnerability in Cisco Unified Communications Manager for which proof-of-concept code became available before patches were released in early June. Cisco confirmed ongoing exploitation targeting the flaw, which affects critical enterprise communications infrastructure. Microsoft formally disclosed CVE-2026-50656, codenamed RoguePlanet, a privilege escalation vulnerability in Windows Defender with a CVSS score of 7.8 that requires local access to exploit. The company confirmed a patch is under development but has not provided a release timeline. In supply chain incidents, LastPass confirmed customer contact and support data was stolen through a compromise at third-party vendor Klue, marking another breach for the password manager following previous security incidents. Tata Electronics, which manufactures approximately one-third of Apple's iPhones in India, acknowledged a cyberattack after extortion group World Leaks posted over 200,000 files containing confidential Apple and Tesla data stolen from the facility.

Sources: The Hacker News · Malwarebytes · SecurityWeek · AppleInsider · Techpp