CyberSecurity Updates

Fortinet says the large-scale credential-harvesting campaign currently targeting its customers’ firewalls and VPNs does not exploit new vulnerabilities. As part of the campaign, tracked as FortiBleed, threat actors have compiled a database of over 86,000 confirmed working credentials for Fortinet devices in 194 countries. “Based on our initial analysis, we believe the activity involves threat actors reusing credentials from previous incidents and employing brute-force techniques against devices with weak password hygiene and no multi-factor authentication…

Read More

French President Emmanuel Macron on Wednesday urged the world’s wealthy democracies to work together on regulating advanced artificial intelligence systems, speaking at a high-level meeting that included top AI executives. OpenAI CEO Sam Altman issued a similar plea at the Group of Seven summit of major industrialized nations in France, saying an “international forum” is needed for countries to draw up AI guardrails. He said the task of AI safety should not be left to…

Read More

SecurityWeek’s weekly cybersecurity news roundup offers a concise overview of important developments that may not receive full standalone coverage but remain relevant to the broader threat landscape. This curated summary highlights key stories across vulnerability disclosures, emerging attack methods, policy updates, industry reports, and other noteworthy events to help readers maintain a well-rounded awareness of the evolving cybersecurity environment. Here are this week’s highlights: 10-year-old phpBB flaw enables session hijacking Researchers uncovered a critical authentication…

Read More

Cisco on Thursday announced an agreement to acquire identity lifecycle security company WideField Security to strengthen the capabilities of Splunk’s Agentic SOC.  No financial details have been publicly disclosed. WideField raised more than $11 million in Series A funding last year.  WideField has developed technology that enables organizations to discover human and non-human identities, map exposures across accounts and roles, and assess hygiene gaps.  The company’s platform also enables users to detect misconfigurations in authentication…

Read More

Live Webinar: June 17, 2026 at 1PM ET – Register to Attend Today’s attackers are no longer breaking in — they’re logging in. Threat actors are increasingly using sophisticated social engineering, MFA fatigue attacks, session hijacking, credential theft, and help desk impersonation to bypass traditional security controls and move undetected across enterprise environments. In this webinar, we’ll break down the modern identity attack chain and examine how recent breaches exploited weaknesses in authentication, identity verification,…

Read More