TL;DR
FortiBleed campaign harvested 110 million credentials from 430,000 firewalls globally; GitHub patches pwn-request attacks in CI/CD workflows; Cisco Unified CM SSRF (CVE-2026-20230) now actively exploited in the wild.
Executive Summary
- A Russian-speaking initial access broker has conducted a sustained credential-harvesting campaign against Fortinet firewalls, with malware collecting 110 million credentials across 430,000+ devices since February 2026.
- GitHub has deployed mitigations in its actions/checkout tool to block exploitation of the pwn-request attack pattern, which abuses pull_request_target workflows to execute malicious code with elevated privileges.
- Cisco Unified Communications Manager is under active attack via CVE-2026-20230, a high-severity server-side request forgery (SSRF) vulnerability, with no indication of patch availability. ⚠
- Two members of the Scattered Spider cybercriminal group pleaded guilty in UK courts for their role in the August 2024 Transport for London attack.
- Multiple AI security disclosures highlight emerging threats: fake AI agent skills bypass all tested security scanners, and vulnerabilities in the Dify platform allow attackers to exfiltrate chat histories and sensitive documents.
Top Threats Today
1. FortiBleed: Massive Credential Harvesting from 430,000 Firewalls
Severity: HIGH Affected: Technology
A Russian-speaking initial access broker (IAB) driven by financial motivation has conducted FortiBleed, a large-scale credential-harvesting operation targeting over 430,000 FortiGate firewalls globally, active since February 2026 [1][2]. Threat actors engineered a Golang-based sniffer to extract and identify approximately 110 million credentials from vulnerable devices [2]. The campaign represents a systematic effort to harvest authentication material at scale for use in downstream breaches and account takeovers [1][2].
Sources:[1] The Hacker News[2] Dark Reading
Recommended Action
- Audit Fortinet firewall configurations for unauthorized outbound traffic or unexpected process execution.
- Rotate credentials for any administrative accounts that may have been exposed through FortiGate devices.
- Check Fortinet security advisories for patched firmware versions and apply immediately.
- Implement network segmentation to isolate firewall management traffic from production systems.
2. CVE-2026-20230 Cisco Unified CM SSRF Under Active Exploitation
Severity: HIGH Affected: Technology
A high-severity server-side request forgery (SSRF) vulnerability in Cisco Unified Communications Manager Server, tracked as CVE-2026-20230, is now being actively exploited in attacks [1]. This vulnerability allows attackers to make unauthorized requests to internal resources on behalf of the vulnerable server [1].
Sources:[1] BleepingComputer
Recommended Action
- Check the Cisco security advisory for CVE-2026-20230 and apply patched versions if available.
- If patching is delayed, implement network-layer access controls to restrict outbound requests from Unified CM servers.
- Enable audit logging on Unified CM to detect unusual internal request patterns.
- Monitor for indicators of compromise related to this CVE in your security information and event management (SIEM) platform.
3. AI Agent Skills Bypass All Security Scanners; 26,000 Agents Reached
Severity: HIGH Affected: Technology
Security firm AIR demonstrated that a fake AI agent skill, designed with a malicious payload, passed every security scanner tested and reached approximately 26,000 agents, including those deployed on corporate accounts, after being pushed through a popular skill marketplace and promoted via Instagram advertising [1]. The campaign highlights a critical gap in AI agent security tooling: every tested security scanner marked the malicious skill as safe [1].
Sources:[1] The Hacker News
Recommended Action
- Audit deployed AI agent skills within your organization and verify their source and publishing date.
- Disable or remove any agent skills from unverified or newly-added marketplaces pending security review.
- Implement additional runtime monitoring and sandboxing for AI agent execution environments.
- Report suspicious agent skills to the marketplace operators and your threat intelligence team.
4. GitHub Patches pwn-request Attack Pattern in actions/checkout
Severity: MEDIUM Affected: Technology
GitHub has updated its "actions/checkout" tool to block pwn-request attacks that exploit the risky use of the "pull_request_target" workflow trigger to execute malicious code with the workflow's full privileges [1]. The mitigation became effective on June 18, 2026 [1].
Sources:[1] The Hacker News
Recommended Action
- Update all GitHub Actions workflows to use the latest version of actions/checkout.
- Audit any existing workflows that use pull_request_target triggers and apply additional code-review controls.
- Consider restricting who can open pull requests in sensitive repositories.
5. Dify AI Platform Vulnerabilities Expose Chat Histories and Documents
Severity: MEDIUM Affected: Technology
Four vulnerabilities in Dify, a platform for AI application building and management, allow attackers to exploit multi-tenant isolation to silently access and exfiltrate sensitive data, including private chat histories and preview of other tenants' documents [1][2]. The platform is used by over 1 million applications [2].
Sources:[1] Dark Reading[2] SecurityWeek
Recommended Action
- Check for available security patches from Dify and apply immediately.
- Review access logs in Dify instances for unauthorized tenant-to-tenant data access.
- Isolate production Dify instances from the internet pending security updates.
- Audit what sensitive data is stored in Dify applications and consider temporary migration if patches are delayed.
Today’s Action Checklist
- ☐ URGENT: Patch or isolate Cisco Unified Communications Manager servers; CVE-2026-20230 is actively exploited and no patch timeline is yet confirmed.
- ☐ URGENT: Rotate any administrative credentials that may have transited Fortinet firewall devices; cross-reference exposed credential lists with your account inventory.
- ☐ Check GitHub Actions workflows for pull_request_target usage and apply the latest actions/checkout version.
- ☐ Audit deployed AI agent skills in your organization and disable those from unverified sources.
- ☐ If you use Dify: check for patches, review multi-tenant access logs, and verify no cross-tenant data exfiltration has occurred.