Home / Bulletins

Security Bulletins & Threat Advisories

Plain-language alerts on major incidents and actively exploited vulnerabilities — what happened, who is affected, and what to do.

Get Advisory Support
Critical 2026-06-20 CVE-2026-24858

FortiBleed — Mass Fortinet FortiGate Credential Exposure

A large-scale campaign is extracting FortiGate configuration files and cracking stored credential hashes, yielding working admin credentials for tens of thousands of devices across 194 countries — linked to a FortiCloud SSO SAML auth-bypass flaw now in CISA KEV.

Recommended action: Update FortiOS to a fixed release, force-reset all FortiGate admin/local passwords, disable internet-exposed management/SSO where possible, enforce MFA, and review configs/logs for unauthorized accounts.
Sources: Arctic Wolf, CSO Online, BitSight, CISA KEV.
High 2026-06 CVE-2026-20245

Cisco Catalyst SD-WAN Manager Zero-Day Under Active Attack

Cisco warned of a high-severity, actively exploited zero-day in Catalyst SD-WAN Manager enabling root privilege escalation.

Recommended action: Apply Cisco's mitigations, restrict management-interface exposure, and monitor for anomalous activity.
Source: BleepingComputer / Cisco.
High 2026-06 CVE-2026-28318

SolarWinds Serv-U Flaw Exploited in the Wild

CISA added a high-severity SolarWinds Serv-U vulnerability to KEV amid active exploitation — an unauthenticated DoS bug (CVSS 7.5) that can crash the service.

Recommended action: Patch to Serv-U 15.5.4 Hotfix 1 or later immediately and reduce internet exposure.
Source: The Hacker News / CISA KEV.
Advisory 2026-06-11

Microsoft June 2026 Patch Tuesday — 200 Flaws, Multiple Zero-Days

Microsoft's June 2026 Patch Tuesday addressed 200 vulnerabilities, including multiple zero-days — two granting SYSTEM privileges on fully patched Windows.

Recommended action: Prioritize deployment of June updates across Windows endpoints and servers; validate patch coverage with your RMM/patch tooling.
Source: BleepingComputer.

Bulletins summarize publicly reported information for awareness and are not a substitute for vendor advisories or a tailored assessment.

Worried about a bulletin above?

We can assess your exposure to FortiBleed and other active threats and help you remediate quickly.

Request an Exposure Check