Hello all,
FortiBleed is still leaking electrons all over the place necessitating a monumental cleanup by organizations worldwide as they race to lock down their Fortinet firewalls before threat actors do more than just steal and harvest credentials. There were several excellent takedowns by Operation Endgame and some other good news items. The Klue Salesforce third-party supply-chain attack has had a few interesting developments. And it seems that Anthropic’s Mythos may be rolling back out to some organizations in a limited release.
Headline NEWS:
- US government gives Anthropic green light for limited re-release of Mythos 5. Two weeks ago, after reports of Anthropic Fable 5’s guardrails being breached, the US Government instructed Anthropic to remove access to all but US clients to their new models. Unable to comply with the narrow requirement, Mythos 5 and Fable 5 were completely taken offline. This week the US Government gave permission for Anthropic to restore access to around 100 companies in a staged roll out.
- The White House is asking OpenAI to slow roll the release of its new model over safety concern In a move like what happened to Anthropic two weeks ago, OpenAI was instructed to limit GPT 5.6 to a set of partners that must be approved by the US Government. While the threat is real, until it and rival Mythos 5 and/or Fable 5 experience wider distribution, we truly won’t know the true scope of the danger. However, I appreciate the reins being pulled back by the government, because once this horse is out of the metaphorical barn, it won’t go back in, and it will breed like a rabbit.
In Ransomware, Malware, and Vulnerabilities News:
- Klue was breached two weeks ago via their “Battlecards app”. The saga has gotten interesting as it appears that Klue has been in negotiations with the dirtbags named Icarus, since the threatened leaks haven’t happened, and Icarus’ site is now offline. A new wrinkle emerged this past week where a second criminal group claims to have the Icarus stolen data and is also demanding extortion money. According to this new group there were 195 victims of this Salesforce third-party breach. We already know of some, such as LastPass, Huntress, HackerOne, Jamf, Recorded Future, Tanium, Gong, Sprout Social, Insurity, and Kudelski Security. Via a briefly exposed N-Able support page I learned that Sentinel One was also exposed and some site tokens need to be regenerated. That page has since been taken offline.
In Other News Events of Note and Interest:
- Microsoft adds another year to Windows 10 extended update program. Apparently, in response to slow migration to Microsoft’s AI-laden operating system, which requires many to upgrade their hardware, Microsoft has graciously extended security updates until October of 2027 for personal use devices.
Musings
The comedians Abbott and Costello performed a famous skit entitled “Who’s on First” in a 1945 film named “The Naughty Nineties”. This week I’ve been living a minor version of this while working on an incident response. Significant time was spent identifying “who’s on first”. It really highlighted that knowing the roles and responsibilities, the chain of accountability, is a critical component to any incident response plan. Make sure that you take the time to list that out and revisit it at least annually to keep it current. Knowing Who’s on first is critical.
Keep the shields up!
Viscount Jan Broucinek
Red Dot Security News
Headline NEWS
- US government gives Anthropic green light for limited re-release of Mythos 5
- The White House is asking OpenAI to slow roll the release of its new model over safety concerns
Ransomware, Malware, and Vulnerabilities News
- Good News, Government News, and Interesting
- CISA Adds Exploited PTC Windchill RCE Flaw to KEV as Web Shell Attacks Continue
- CISA Warns Critical Lantronix EDS5000 Flaw Is Being Actively Exploited
- CISA sets urgent deadline to fix Cisco flaw exploited in attacks
- Canada’s Spy Agency Used First-of-Its-Kind Warrant to Clean Botnet-Infected Devices
- Amadey, StealC malware operations disrupted in Operation Endgame action
- Amadey and StealC Malware Network Disrupted, 27M Stolen Credentials Recovered
- One-two punch delivered in global operation disrupts cybercrime “assembly line”
- Poland busts SIM-swapping gang tied to millions in crypto theft
- Montenegro arrests Iran-linked hacker wanted by US
- Vulnerabilities and Exploits
- Fortinet Responds to FortiBleed Campaign
- FortiBleed: 86,000 Fortinet Device Credentials Compromised
- FortiBleed Campaign Uses FortigateSniffer to Harvest 110 Million Credentials From Fortinet Firewalls
- FortiBleed Targeted FortiGate Firewalls in 110 Million-Credential Harvesting Operation
- An update on FortiBleed — what’s happening with victim orgs | by Kevin Beaumont
- Critical Ubiquiti Vulnerabilities in Attackers’ Crosshairs
- Chrome 149 Update Resolves 18 Severe Vulnerabilities
- ChromeOS 149 is rolling out with new features and a massive security patch
- FFmpeg fixes PixelSmash flaw in widely used video decoder
- Critical security flaw found in popular SSH library libssh2
- Microsoft discovers new lightweight backdoor that steals cryptocurrency
- Password manager maker LastPass says hackers stole customer support case data during Klue breach
- 7,000 Langflow servers are under attack. LangGraph and LangChain have the same holes
- Decades-Old Squid Proxy Flaw ‘Squidbleed’ Can Expose User Data
- The hits keep on coming for Cisco vulnerabilities
- Cisco Catalyst SD-WAN Zero-Day CVE-2026-20245 Exploited to Gain Root Access
- Cisco Unified CM flaw CVE-2026-20230 now exploited in attacks
- 25-Year-Old Vulnerability Patched in Curl
- Microsoft scrambles to patch a Defender security flaw called RoguePlanet
- New DirtyClone Linux Kernel Flaw Lets Local Users Gain Root via Cloned Packets
- New Linux pedit COW Exploit Enables Root Access by Poisoning Cached Binaries
- Synology issues critical fix for MailPlus Server vulnerabilities
- It’s looking like a hot, messy summer for security teams as AI finds countless previously hidden vulns
- Phishing, Malware, and Similar
- AryStinger Malware Infects 4,300 Legacy Routers to Build Reconnaissance Proxy Network
- WhatsApp phishing attack uses fake business docs to hack PCs
- Huntress: Device-code phishing attacks jump nearly 15-fold in 2026
- New macOS ClickFix attack silently mounts DMGs to push infostealer
- Gizmodo readers hit with ClickFix malware prompts after account compromise
- Nearly Half of LG Smart TV Apps Contain Residential Proxy SDKs
- Securing the service desk: Why social engineering attacks keep succeeding
- Microsoft Teams Impersonation Campaign Enables Unauthorized Access Through RMM Abuse
- Bluekit phishing kit adopts browser-in-the-middle for login theft
- Malicious Edge extension abuses Native Messaging as bridge to malware
- New SharkLoader Malware Deploys Cobalt Strike in StrikeShark Cyberattacks
- Cybersecurity firms targeted by fraudulent OpenAI organization invites
- LokiBot Campaign Uses JScript Attachment, .NET Injector, and Process Injection to Steal Credentials
- Breaches, Leaks, and Ransomware
- Hacked Klue says criminals are deleting stolen customer data, but now other hackers are making threats
- Klue says hackers stole credential from 2022 that led to customer data breaches
- Klue Supply Chain Incident & LastPass Response
- Scope of Salesforce Attacks Expands as Icarus Leaks Data
- Meta Pauses Employee-Tracking Program Following Internal Data Leak
- Texas Data Breach Hits 3 Million: Driver’s Licenses, Passport Numbers Stolen From Hunting Vendor
- India’s Bajaj Auto says ransomware attack hits systems
- Tata Electronics, a major tech supplier to Apple and Tesla, confirms data breach
- Apple working with supplier Tata after sensitive files leak online
- Stealthy Mistic backdoor linked to ransomware access broker KongTuke
- Healthtech firm Xolis suffers data breach impacting 1.4 million people
- ModeloRAT and Mistic Backdoor Activity Linked to Ransomware Initial Access Broker
- France’s statistics department reports cyberattack on staff data
Other News Events of Note and Interest
- Cool Tool – Ventoy now supports Windows 11’s mandatory update, fixes major boot bug
- Google hits 50% IPv6
- AMD releases hotfix for driver install issues on Windows 10 PCs
- FCC plans ID mandate that could block anonymous use of prepaid burner phones
- New website names and shames companies that still don’t offer passkeys to users
- IBM claims world’s first sub-1 nanometer chip technology
- IBM, Red Hat, Palo Alto team to secure open-source software
- Ex-Huntress analyst claims company insider fed info to a ransomware crim. Social media drama ensues
- Digital sovereignty at the UN: Inside the global push to replace US cloud giants with open-source tech
- We Can Still Stop California’s 3D Printer Surveillance Scheme
- AI, LLM’s, and Skynet
- Anthropic Wants Claude to Be Your New Slack Coworker
- Anthropic says Claude may want to see your ID
- War by Other Means (Robotic Warfare) – by Palladium Editors
- Dawn of the Apex Agentic Adversary
- No-One Escapes the Permanent Underclass
- OpenAI Releases GPT‑5‑Cyber With Full Automation for Vulnerability Detection and Patching
- OpenAI prepares bidirectional voice mode for rollout
- Getty Images accused AI of wholesale theft. It’s now an official ChatGPT image partner
- AI models capable of devastating attacks on governments and business months away, rare Five Eyes statement warns
- AI coding will soon get pricier than human developers
- After Fable 5 ban, Anthropic and 19 organizations launch open source security body
- Microsoft
- Microsoft Teams Introduces Office Attendance Tracking via Wi-Fi Connection
- Microsoft to end support for Office 2021 this year
- A new SharePoint Look and Feel: What’s Changing and Why It Matters
- Windows 11 KB5095093 update rolls out new Point-in-Time restore feature
- Point-in-time restore for Windows 11 is now generally available
- Windows 11 Secure Boot update released to all, hours ahead of expiry
- Fix USB-C problems in Windows | Microsoft Support
- Microsoft adds another year to Windows 10 extended update program
- Manage your saved passkeys | Microsoft Support