Jun 20, 2026

Header image for the Red Dot Weekly Cyber Security News https://reddotsecurity.news

Hello all,

Last weekend a LinkedIn post alerted the world to a database of Fortinet credentials on the internet. This week it exploded into a major issue now named FortiBleed. More on that in a moment. CISA issued orders that several products needed to be patched by Sunday June 21, 2026. At least they get the longest day of the year to get it done. Anthropic’s Claude Fable 5 is still shutdown word wide with no news as to when it, or a more secure variant, may reappear. And of course we have lots of other news items to skim and digest.

Headline NEWS:

  • F5 networks released an out-of-band patch for critical NGINX defects. The most severe can enable a threat actor to execute code on vulnerable systems. There is some mitigation guidance in case you can’t apply the update immediately. It would be wise to address this quickly since evil people are actively prowling for these types of vulnerabilities.
  • Fortinet FortiBleed exploded into the consciousness of most cybersecurity professionals this past week when the scope of this massive active credential harvesting and exposure began to be fully understood. There are over 21,000 different domain names listed along with over 84,000 credentials. Companies such as Chevron, Spotify, Samsung, Oracle, Lenovo, FedEx, ADP, Siemens, TP-Link, Netgear, DHL, and many more major brands are listed among the victims. Many have already had threat actors rummaging around doing nefarious things in their networks via these credentials, others are yet to be utilized. The race is now on for anyone with a Fortinet firewall to rotate credentials, enforce MFA, and follow additional vendor guidance to secure their firewalls. This is as critical as it gets. And if that wasn’t enough, Fortinet published that FortiSandbox is now under active exploitation. There is a patch available, so if you have this, patch it immediately.

In Ransomware, Malware, and Vulnerabilities News:

  • Klue an intelligence collection and analysis engine that ties into many companies’ Salesforce data was breached a little over a week ago via their “Battlecards app”. It is suspected that hundreds of companies, including at least seven security vendors, may have had data potentially harvested by the dirtbag group known as Icarus. Salesforce has shut down the integration, and forensic work is now underway to determine the scope of the breach. This will be one to follow since Klue also had integrations with other vendors such as HubSpot, Microsoft SharePoint, Zoom, and Google Drive.

In Other News Events of Note and Interest:

  • Broadcom continues to tick off longtime VMware clients with their inflexible egregious price increases. UK retail giant Tesco has had enough and is jumping ship with its 40,000 servers. For Broadcom’s part, their strategy is actually paying off to some degree, significantly fewer clients to support, but higher revenue is coming in. It will be interesting to see if that will sustain long-term, or are the ones paying the massively jacked up prices actively migrating and plan to drop VMware as soon as they’re able.

Musings

This coming Sunday, June 21, 2026, is Father’s Day in the US, and it is the longest day of the year, the Summer Solstice. I hope that the dad’s out there get a bit of extra sunshine to enjoy their day, their children and computers cooperate with them, and may they always…

Visc. Jan Broucinek

Keep the shields up!

Viscount Jan Broucinek
Red Dot Security News

Headline NEWS

Ransomware, Malware, and Vulnerabilities News

Other News Events of Note and Interest

 

Tags
Share this with: