Friday, July 3, 2026 | Jonathan Brown
Estimated reading time:
14 minutes


FortiBleed now looks like a ransomware access-broker pipeline

Priority: High

Intelligence Update: SOCRadar has linked the FortiBleed credential-harvesting campaign against FortiGate environments to INC Ransom and Lynx ransomware operations, with at least 12 ransomware deployments reportedly stemming from FortiBleed-derived access. Earlier SOCRadar reporting described a campaign targeting more than 430,000 FortiGate firewalls, exposing more than 110 million credentials across hundreds of harvest cycles.

Assessment: This is no longer just a firewall credential-exposure story. FortiBleed now appears to be a structured initial-access operation with a direct path from appliance compromise to domain compromise to ransomware deployment. SOCRadar reports admin-level access on 409 targets and completion of the full attack chain on 354, including VPN compromise, domain-controller access, and domain-admin control. That places FortiBleed squarely in the same strategic category as prior edge-device mass exploitation campaigns: compromise the perimeter appliance, harvest identity material, then monetize the access through extortion.

Operational Impact: FortiGate exposure should be treated as a ransomware precursor with an active clock running. Organizations with exposed Fortinet infrastructure should assume the next 30–60 days carry elevated ransomware risk unless they can prove credentials, sessions, and downstream domain access were not captured or abused.

Operational Notes:

  • Relevant ATT&CK: T1040 Network Sniffing; T1110 Brute Force; T1078 Valid Accounts; T1003 Credential Dumping; T1486 Data Encrypted for Impact.
  • FortigateSniffer reportedly abuses FortiOS diagnostic packet-sniffing functionality to passively collect authentication material across multiple protocols.
  • Review FortiGate, VPN, RADIUS, LDAP, NTLM, Kerberos, and domain-controller logs for abnormal authentication and post-VPN lateral movement.
  • Rotate all credentials that traversed FortiGate/VPN paths, not only firewall administrator accounts.
  • Hunt for unauthorized administrator accounts, session-cookie replay, new VPN profiles, suspicious domain-admin activity, and remote tooling staged after firewall login.

Assessment Confidence: High — SOCRadar’s published reporting provides the ransomware linkage, campaign scale, and operational model; some victim-specific and pending-whitepaper details remain less independently verifiable.

Sources:

  • SOCRadar Threat Research Unit
  • Orca Security
  • The Hacker News
  • Help Net Security
  • GovInfoSecurity

Google, FBI, and partners disrupt NetNut/Popa residential proxy infrastructure

Priority: High

Intelligence Update: Google Threat Intelligence Group says it coordinated with the FBI, Lumen, and other partners to disrupt NetNut, also known as Popa, a residential proxy network estimated at more than 2 million devices. Google says the action reduced the available device pool by millions and targeted accounts, services, SDKs, and backend C2 infrastructure tied to the operation.

Assessment: Residential proxy networks remain one of the most important forms of adversary infrastructure because they reduce the value of IP reputation and allow malicious traffic to appear as ordinary consumer activity. Google reports that in a single week in June 2026, 316 distinct threat clusters used suspected NetNut exit nodes, including criminal and espionage actors. This disruption matters because it targets the connective tissue used for password spraying, origin masking, C2 access, fraud, and reconnaissance.

Operational Impact: Defenders should not treat residential ISP traffic as inherently lower risk. Identity controls, device fingerprinting, impossible-travel detection, and behavior analytics matter more than blocklists when adversaries can route through consumer IP space.

Operational Notes:

  • Relevant ATT&CK: T1090 Proxy; T1110 Password Spraying; T1584 Infrastructure; T1071 Application Layer Protocol.
  • Monitor authentication attempts from residential ASN ranges where device fingerprint, session behavior, or geography does not match the user.
  • Investigate sudden source-IP churn, low-and-slow login attempts, new sessions from consumer networks, and repeated access attempts against SaaS and VPN portals.
  • Consumer-device risk includes smart TVs, streaming boxes, and apps bundling proxy SDKs.

Assessment Confidence: High — Google’s primary reporting provides the partner list, technical disruption actions, estimated scale, and observed threat-cluster usage.

Sources:

  • Google Threat Intelligence Group
  • Reuters
  • SecurityWeek
  • The Hacker News

CISA adds Microsoft SharePoint Server CVE-2026-45659 to KEV after active exploitation

Priority: High

Intelligence Update: CISA added CVE-2026-45659, a Microsoft SharePoint Server deserialization remote-code-execution vulnerability, to the Known Exploited Vulnerabilities catalog after evidence of active exploitation. NVD describes the flaw as deserialization of untrusted data allowing an authorized attacker to execute code over a network.

Assessment: SharePoint remains a high-value enterprise target because compromise can expose sensitive documents, internal workflows, identity-adjacent data, and privileged collaboration environments. The vulnerability requires authentication, but in SharePoint that requirement is not reassuring: many organizations grant broad low-privilege access across large user populations, partners, and legacy groups. Authenticated RCE in SharePoint is therefore a practical intrusion route, not a theoretical edge case.

Operational Impact: Patch affected SharePoint Server deployments immediately and review for suspicious authenticated activity before assuming remediation is complete. Prioritize internet-facing, partner-facing, and hybrid SharePoint environments with complex legacy permissions.

Operational Notes:

  • Relevant ATT&CK: T1190 Exploit Public-Facing Application; T1059 Command and Scripting Interpreter; T1078 Valid Accounts; T1005 Data from Local System.
  • Affected products include SharePoint Server Subscription Edition, SharePoint Server 2019, and SharePoint Enterprise Server 2016.
  • Review web logs, ULS logs, authentication records, unexpected service behavior, newly modified workflows, and anomalous file access.
  • Confirm patching and forensic triage requirements under CISA KEV/BOD guidance where applicable.

Assessment Confidence: High — CISA KEV placement confirms known exploitation, and Microsoft/NVD records define the vulnerability class and affected product family. Actor attribution and exploitation volume remain unclear.

Sources:

  • CISA KEV catalog
  • Microsoft Security Response Center
  • NVD
  • The Hacker News
  • SecurityWeek

JADEPUFFER shows agentic ransomware can become accidental data destruction

Priority: High

Intelligence Update: Sysdig reports JADEPUFFER, which it assesses as the first documented end-to-end ransomware operation driven by an LLM agent. The operation exploited an internet-facing Langflow instance via CVE-2025-3248, pivoted into a production database environment, encrypted 1,342 Nacos configuration items, and dropped ransom notes.

Assessment: The most important detail is not merely that “AI did a hack.” Sysdig found that the AES key was generated randomly, printed once to stdout, and never persisted or transmitted, meaning the victim could not recover the encrypted configurations even if payment were made. The agent also inserted self-narrating comments claiming high-value data had already been backed up to an external IP, but Sysdig found no evidence that the data was actually backed up there. This is the sharper risk: agentic extortion may produce destructive outcomes even when the nominal operator intends recoverable ransomware.

Operational Impact: AI workflow hosts must be treated as production application servers with privileged access, not experimental tooling. Organizations running Langflow or similar platforms should patch, remove internet exposure, isolate agent environments, strip stored secrets, and apply egress controls before these systems become automated pivots into databases and internal services.

Operational Notes:

  • Relevant ATT&CK: T1190 Exploit Public-Facing Application; T1059.006 Python; T1552 Unsecured Credentials; T1018 Remote System Discovery; T1486 Data Encrypted for Impact; T1485 Data Destruction.
  • Initial access reportedly used CVE-2025-3248 in Langflow.
  • Payloads were delivered as Base64-encoded Python through the vulnerable endpoint.
  • Sysdig observed machine-speed troubleshooting, including a failed login followed by a corrected multi-step fix within 31 seconds.
  • Monitor for scheduled outbound beacons, unusual database schema drops, Nacos configuration-table modification, and self-narrating Python payloads.

Assessment Confidence: High on observed behavior; Moderate on the “first documented” characterization — Sysdig provides rich technical evidence, but global precedence claims are inherently difficult to prove.

Sources:

  • Sysdig Threat Research Team
  • The Hacker News
  • SecurityAffairs

Oracle E-Business Suite CVE-2026-46817 exploitation targets payment infrastructure

Priority: High

Intelligence Update: Defused observed in-the-wild exploitation of CVE-2026-46817 against Oracle E-Business Suite decoys on June 27, 2026. The critical Oracle Payments File Transmission flaw affects EBS versions 12.2.3 through 12.2.15, carries a CVSS 9.8 score, and can allow unauthenticated HTTP access to compromise Oracle Payments.

Assessment: This is a serious enterprise risk because Oracle Payments sits directly inside financial workflow infrastructure. Help Net Security reports that the observed exploit targeted the /OA_HTML/ibytransmit endpoint and redirected an internal Oracle Java function to read /etc/passwd; the same technique could potentially expose configuration files, database credentials, encryption keys, or payment processor API keys. The exploitation appears targeted rather than broad scanning, which makes absence of noisy telemetry a poor reassurance.

Operational Impact: Patch immediately and review logs for suspicious POST requests to /OA_HTML/ibytransmit, especially on internet-facing EBS systems left unpatched after Oracle’s May 2026 security update. If evidence of exploitation exists, rotate credentials and keys stored on the host and conduct full forensic review of the EBS, application, and database tiers.

Operational Notes:

  • Relevant ATT&CK: T1190 Exploit Public-Facing Application; T1005 Data from Local System; T1552 Unsecured Credentials; T1041 Exfiltration Over C2 Channel.
  • Affected component: Oracle Payments, File Transmission.
  • Affected versions: Oracle E-Business Suite 12.2.3 through 12.2.15.
  • Key log artifact: suspicious POST requests to /OA_HTML/ibytransmit.
  • Review whether EBS web interfaces require any public internet exposure at all.

Assessment Confidence: High — Oracle’s advisory defines the affected versions, component, exploitability, and CVSS score; Defused/Help Net Security provide observed exploitation date, endpoint, and log-review guidance.

Sources:

  • Oracle Critical Patch Update / Security Alert materials
  • Defused Cyber
  • Help Net Security
  • NVD
  • BleepingComputer

Microsoft removes 119 malicious Edge extensions tied to StegoAd campaign

Priority: Medium

Intelligence Update: Microsoft removed 119 malicious Edge extensions associated with the StegoAd campaign, which hid malicious payloads in image and font files and reportedly reached approximately 2.6 million downloads. Microsoft also suspended more than 90 developer accounts linked to the activity.

Assessment: Browser extensions remain a deceptively powerful enterprise attack surface because they operate adjacent to identity sessions, SaaS applications, cookies, and user browsing data. StegoAd is notable because it combined ordinary-looking extension functionality with delayed execution, steganographic payload delivery, disposable developer accounts, and command-and-control logic. Marketplace trust and static code review are not enough when malicious behavior can arrive after installation.

Operational Impact: Enterprises should audit managed-browser extension inventories, remove unapproved extensions, and enforce allowlists for browser add-ons. Browser telemetry should be reviewed for credential access, unauthorized redirects, affiliate manipulation, suspicious extension updates, and delayed post-install execution.

Operational Notes:

  • Relevant ATT&CK: T1176 Browser Extensions; T1027 Obfuscated Files or Information; T1059.007 JavaScript; T1555 Credentials from Password Stores.
  • Extension categories reportedly included ad blockers, VPNs, translators, video downloaders, and PDF utilities.
  • StegoAd hid malicious JavaScript in PNG, SVG, and font files.
  • Delayed execution reduces the value of short sandbox detonation windows.

Assessment Confidence: Moderate to High — Microsoft’s takedown and campaign description are clear; install count should not be treated as confirmed compromise count.

Sources:

  • Microsoft reporting on StegoAd
  • Malwarebytes
  • The Hacker News
  • SC Media
  • TechRadar

Mustang Panda abuses Zoho WorkDrive in India-focused espionage campaigns

Priority: Medium

Intelligence Update: Acronis reports that Mustang Panda is running two concurrent campaigns against Indian government and hydropower-sector targets, using new malware implants and abusing Zoho WorkDrive for command-and-control, data exfiltration, and remote task execution.

Assessment: This is classic espionage tradecraft adapted to local cloud trust. By abusing Zoho WorkDrive, a legitimate service commonly used in Indian government-sector environments, the operators make malicious traffic harder to distinguish from normal business activity. The targeting — hydropower initiatives and India-Taiwan cooperation themes — aligns with strategic intelligence collection rather than indiscriminate cybercrime.

Operational Impact: Indian government, energy, water, infrastructure, and defense-adjacent organizations should inspect Zoho WorkDrive traffic for unusual automation, rare endpoints, and file movement inconsistent with user roles. Legitimate cloud services should be inspected behaviorally, not blindly allowlisted.

Operational Notes:

  • Relevant ATT&CK: T1204.002 Malicious File; T1574.002 DLL Side-Loading; T1102 Web Service; T1071.001 Web Protocols; T1041 Exfiltration Over C2 Channel.
  • Reported malware/tooling includes SHARDLOADER, MINIRECON, and ZOHOMURK.
  • ZOHOMURK reportedly uses Zoho WorkDrive for C2, exfiltration, and tasking.
  • Lure themes include Indian hydropower and government cooperation with Taiwanese institutions.

Assessment Confidence: High — Acronis provides detailed technical reporting, targeting analysis, malware names, and a high-confidence espionage assessment.

Sources:

  • Acronis Threat Research Unit
  • The Hacker News
  • SecurityBoulevard

libssh2 CVE-2026-55200 creates client-side RCE risk in embedded and developer tooling

Priority: Medium

Intelligence Update: CVE-2026-55200 is a critical out-of-bounds write vulnerability in libssh2 through version 1.11.1. NVD describes the flaw as allowing remote attackers to send crafted SSH packets with excessively large packet-length values, corrupt heap memory, and achieve remote code execution.

Assessment: This is a client-side supply-chain problem, not a simple “patch the SSH server” issue. libssh2 is embedded in many tools and products, including developer utilities, backup software, automation platforms, PHP components, Git-related clients, and appliances. The highest-risk scenario is a vulnerable client connecting to an attacker-controlled or compromised SSH server, especially from CI/CD, backup, administrative, or embedded workflows.

Operational Impact: Security teams should identify libssh2 usage through SBOMs, package inventories, static linking review, container scans, and vendor advisories. Patch directly where possible and pressure vendors for updated builds where libssh2 is bundled.

Operational Notes:

  • Relevant ATT&CK: T1195 Supply Chain Compromise; T1204 User Execution; T1210 Exploitation of Remote Services.
  • Vulnerability: out-of-bounds write in ssh2_transport_read().
  • Attack condition: malicious or attacker-positioned SSH server interacting with a vulnerable client.
  • Prioritize build systems, backup jobs, SSH automation, Git clients, administrative tools, and embedded/IoT devices.

Assessment Confidence: High on vulnerability impact; Moderate on near-term exploitation prevalence — public technical detail raises risk, but exploitation depends on vulnerable clients connecting to malicious or compromised SSH services.

Sources:

  • NVD
  • Red Hat
  • Ubuntu Security
  • Arctic Wolf Labs
  • VulnCheck

AirDrop and Quick Share research exposes proximity protocol attack surface across billions of devices

Priority: Medium

Intelligence Update: CISPA researchers disclosed six vulnerabilities across Apple AirDrop and Google/Samsung Quick Share, including three pre-authentication AirDrop issues, two Samsung Quick Share protocol flaws, and a Google Quick Share for Windows heap use-after-free.

Assessment: This is not an internet-wide emergency, but it is relevant for high-risk users because proximity-transfer services run privileged background components designed to respond to nearby devices. The research shows that convenience protocols can expose complex parsers and protocol state machines before strong identity or trust boundaries are enforced. The realistic risk is local proximity abuse in offices, conferences, hotels, airports, border crossings, and other hostile physical environments.

Operational Impact: High-risk users should disable open discovery modes and restrict sharing to contacts or trusted devices. Enterprises should include proximity-sharing settings in mobile-device and endpoint baselines, especially for executives, government personnel, journalists, and traveling staff.

Operational Notes:

  • Vulnerabilities include AirDrop pre-authentication DoS issues, Samsung Quick Share pre-authentication OfflineFrame dispatch, Samsung D2D encryption bypass, and a Google Quick Share for Windows heap use-after-free.
  • Exposure depends on device visibility, platform, patch level, and proximity.
  • The research affects application-layer proximity-transfer protocols, not only Bluetooth or Wi-Fi radio-layer behavior.
  • Restrict “Everyone” or public discovery modes by policy where possible.

Assessment Confidence: High — the CISPA/arXiv research is technically detailed and includes responsible-disclosure status; no confirmed real-world exploitation has been publicly reported.

Sources:

  • CISPA Helmholtz Center for Information Security
  • arXiv: “Protocol Prying”
  • Help Net Security
  • The Hacker News

Microsoft’s MCP tool-poisoning research turns AI agents into a supply-chain security problem

Priority: Medium

Intelligence Update: Microsoft published new guidance describing how poisoned Model Context Protocol tool descriptions can manipulate AI agents into leaking enterprise data while appearing to operate within approved workflows. The attack pattern targets tool metadata rather than the model itself.

Assessment: This is strategically important because agents are moving from reading content to taking action. In Microsoft’s example, a tool description is silently modified so that an otherwise approved enterprise agent retrieves sensitive invoice data and sends it as part of a normal-looking external tool call. The vulnerability is not one broken product; it is the new trust boundary created when natural-language tool descriptions become operational instructions inside business workflows.

Operational Impact: Organizations piloting MCP or agentic workflows should treat tools, descriptions, schemas, and plugin metadata as supply-chain assets. Agent deployments require inventory, publisher review, metadata change control, scoped permissions, audit logs, human approval for sensitive actions, and egress/DLP enforcement.

Operational Notes:

  • Relevant risk categories: tool misuse, agentic supply-chain vulnerability, indirect prompt injection, data exfiltration through trusted workflows.
  • Treat tool descriptions as system prompts.
  • Disable “allow all” tool access and grant only the specific tools an agent needs.
  • Separate read, write, execute, and external-send permissions.
  • Log agent tool calls with user identity, data touched, destination, and justification.

Assessment Confidence: High — Microsoft’s guidance is primary-source and aligns with earlier Invariant Labs and OWASP work on MCP tool poisoning.

Sources:

  • Microsoft Security Blog
  • Invariant Labs
  • OWASP MCP Tool Poisoning guidance
  • The Hacker News

BCG Assessment

Today’s threat picture is dominated by three converging trends: edge infrastructure becoming an identity-harvesting platform, enterprise applications moving rapidly from patch issue to exploitation issue, and AI agents turning trusted tools into new attack control planes.

FortiBleed is the day’s most operationally urgent story because it connects exposed FortiGate environments to a ransomware access-broker pipeline, with credential theft, domain compromise, and extortion now visibly joined. JADEPUFFER is the most strategically important story because it shows that agentic intrusion does not merely accelerate existing ransomware playbooks; it can also make them less predictable, less recoverable, and more destructive. Oracle EBS and SharePoint reinforce the same lesson: business-critical platforms are now exploited on timelines that leave little room for slow patch cycles or “monitor only” response.

The defender call to action is direct: validate Fortinet exposure, rotate credentials, hunt for post-VPN domain compromise, patch and investigate Oracle EBS and SharePoint, isolate AI workflow tooling, and bring browser extensions, cloud-service abuse, residential proxy traffic, and MCP tool metadata under active governance. The standard for July 2026 should be simple: exposed systems are already being automated against, credentials are already in motion, and trusted tools now require continuous verification.


Jonathan Brown is a cybersecurity researcher and investigative journalist at bordercybergroup.com.

If you would like to support our work — useful, well-researched, ad-free cybersecurity intelligence — subscribe, comment, or buy us a coffee! Thanks.