Tuesday, 23 June 2026 ~ Jonathan Brown

Pattern of the Day: Two different vintages of trust failure are breaking at the same time.

At one end, attackers are exploiting infrastructure nobody has looked at in over a decade — 2013- and 2016-vintage router CVEs (Item 5), a WordPress plugin endpoint that should never have shipped unauthenticated (Item 2). At the other end, the frontier is moving fast enough that AI tooling is now showing up on both sides of discovery: surfacing a 29-year-old bug in hours (Item 1), and — per one named outlet's sourcing, not yet independently confirmed — possibly building the tool used to harvest 110 million credentials (Item 3). These are not the same story with two faces; they're two unrelated failure modes that happen to be peaking in the same week. Treating them as one narrative would be the convergence-thesis mistake this feed tries to avoid.

A 29-year-old Squid Proxy bug, "Squidbleed," got found by an AI model — and the discovery story is getting more attention than the bug

Researchers at Calif.io disclosed CVE-2026-47729 ("Squidbleed"), a heap buffer over-read in Squid Proxy's FTP directory-listing parser that has existed since 1997. The root cause is a one-line strchr edge case — searching for a null terminator succeeds when it shouldn't — that lets Squid read past a buffer boundary and leak another user's cleartext HTTP headers, including passwords and API keys, in shared-proxy environments. Calif.io says the bug was found with the assistance of Anthropic's Claude Mythos Preview model; a patch merged into Squid 8 in April and shipped in Squid 7.6 in June. The bug itself is confirmed and verified by SecurityWeek and Security Affairs independently of Calif.io's own framing. This is an analytical inference, not a vendor or named-firm finding: Calif.io is simultaneously a research outfit and a vendor with a commercial interest in "AI found this" being the story, and that doesn't make the underlying bug less real, but it's worth reading the discovery narrative with that in mind.

Watch for: whether Squidbleed gets weaponized in the wild given Squid's footprint in corporate and ISP proxy infrastructure, and whether Calif.io's next disclosure (they've also credited AI tooling with a recent OpenSSL finding and an HTTP/2 DoS technique) starts looking like a pattern worth its own piece.

Sources: Calif.io technical blog (June 2026); SecurityWeek (June 22, 2026); Security Affairs (June 23, 2026).

A WordPress email plugin shipped a REST endpoint that always says yes, and it's now eaten 17 million exploit attempts

CVE-2026-4020, a CVSS 5.3 flaw in the Gravity SMTP plugin (~100,000 active installs), stems from a permission_callback that unconditionally returns true — meaning any unauthenticated visitor can hit /wp-json/gravitysmtp/v1/tests/mock-data and pull a 365KB JSON dump of the site's full system report, including live API keys, secrets, and OAuth tokens for Amazon SES, Google, Mailjet, and Zoho integrations. Wordfence says the vendor patched quietly in March, public disclosure followed two weeks later, and exploitation has since been industrialized into background internet noise — over 17 million blocked attempts, peaking above 4 million requests in a single day in early June. No threat actor or group has been attributed; this reads as opportunistic, automated harvesting rather than targeted intrusion.

Watch for: whether harvested SMTP credentials start showing up as the launch point for outbound phishing campaigns abusing the compromised sites' own sending reputation.

Sources: Wordfence/Defiant (June 2026); SecurityWeek (June 22, 2026); The Hacker News (June 2026).

FortiBleed's actual scale just got quantified, and it's an order of magnitude bigger than first reported — plus one detail that needs a caveat

SOCRadar's full report on the FortiBleed campaign — a Russian-origin initial access broker abusing FortiOS's legitimate diagnose sniffer packet command to passively capture authentication traffic — now puts the total at over 110 million harvested credentials across 80,000+ compromised FortiGate firewalls, including a confirmed exfiltration of DFS backup data from a NATO-aligned defense contractor on June 15. That's a materially larger figure than the 73,932–86,000 confirmed working admin credentials in the original exposed dataset reported in mid-June — these are two different measurements (a discrete leaked credential set versus cumulative traffic-sniffing output) and BCG has not seen the two reconciled in any single source. Separately, SecurityWeek reports the sniffer tool was "likely built with the assistance" of an AI-powered penetration-testing agent called CyberStrike — that attribution is sourced to one outlet and is not independently confirmed; treat it as a developing signal, not a finding.

Watch for: whether Fortinet or CISA issues a unified casualty count reconciling the two FortiBleed figures, and whether the NATO-contractor breach gets a name attached to it.

Sources: SOCRadar Threat Research Unit (June 2026); SecurityWeek (June 22–23, 2026); BleepingComputer (June 2026); Security Affairs (June 2026).

Microsoft ties the Mastra npm supply-chain hit to North Korea's Sapphire Sleet, and it's the second time this year for the same playbook

Microsoft has attributed the June 17 compromise of 140+ npm packages in the Mastra AI framework's scope to Sapphire Sleet (aka BlueNoroff), a North Korean state actor focused on cryptocurrency theft. The attackers took over a former contributor's still-live publishing account and added a typosquatted dependency, "easy-day-js," which dropped a cross-platform credential stealer targeting 160+ cryptocurrency wallet extensions plus cloud and CI/CD secrets — all executing at install time, before any application code ran. Microsoft says the technique — a clean "bait" version published first, weaponized version published hours later, identical down to the typosquat-a-staple-library pattern — closely mirrors its own April attribution of a near-identical Axios npm compromise to the same actor. Two confirmed campaigns from one named actor in three months is no longer a one-off; it's a documented operating pattern against the JavaScript developer trust layer specifically.

Watch for: whether Sapphire Sleet's "publish-clean-then-poison" technique shows up against a third major npm scope before the pattern gets a name of its own in vendor reporting.

Sources: Microsoft Security Blog (June 17 and June 19, 2026); SecurityWeek (June 22, 2026); BleepingComputer (June 2026); Socket (June 2026).

4,300 routers nobody has logged into since 2015 just became someone's reconnaissance network

QiAnXin's XLab disclosed AryStinger, a malware family converting end-of-life routers — mostly D-Link DIR-850L units on Realtek RTL819X chips — into a distributed footprinting and proxy network via two ancient CVEs (2013 and 2016). Unlike a typical IoT botnet, AryStinger doesn't mine crypto or DDoS; infected devices scan, fingerprint services, enumerate subdomains, and tunnel traffic for an operator doing reconnaissance ahead of an actual intrusion. XLab has not attributed the campaign to any actor and says the investigation is ongoing. This is an analytical inference, not XLab's own conclusion: the architecture — compromised end-of-life edge devices used as relay-and-recon infrastructure — closely matches the "operational relay box" (ORB) network pattern Mandiant has documented in Chinese state-nexus campaigns like LapDogs, but resemblance to a known pattern is not attribution, and XLab's own report stops short of making that link.

Watch for: whether XLab or a Western threat-intel firm eventually attributes AryStinger, and whether the NAS-targeting Go variant (which can execute attacker-supplied Go, Java, or Python on demand) shows up tied to a specific intrusion downstream.

Sources: QiAnXin XLab (June 2026); The Hacker News (June 22, 2026); BleepingComputer (June 22, 2026); Security Affairs (June 22, 2026).

NCSC's chief says hostile states are now behind three-quarters of attacks on UK critical infrastructure

Speaking at RUSI's Annual Security Lecture on June 17, NCSC CEO Dr. Richard Horne said the agency handled more than 200 incidents affecting UK critical national infrastructure and its supporting ecosystem in the year to May 2026, with roughly 75% assessed as linked to state actors — Russia, China, and Iran named specifically. Horne argued cybersecurity should be treated as an ongoing contest rather than a risk to be managed down to an acceptable level, and the NCSC separately assesses it "highly likely" that AI-enabled tooling will be used to exploit known vulnerabilities in legacy UK infrastructure at scale by 2028. This is now six days old as a story, but BCG hadn't covered it and the underlying disclosure — a named, on-record figure from a government's top cyber agency — is solid enough to be worth a slot even past its first 48 hours.

Watch for: whether the figure gets cited in the UK's forthcoming National Cyber Action Plan, expected in early July, as justification for the Cyber Security and Resilience Bill currently before Parliament.

Sources: NCSC (June 17, 2026); The Record from Recorded Future News (June 17, 2026); Infosecurity Magazine (June 17, 2026).

A long-tracked phishing-kit seller finally faces a courtroom, and the case closes a five-year-old attribution loop

Federal prosecutors have charged 26-year-old Abdellah Belmili with operating the phishing-kit marketplaces Market0Day and Spoxy, facing up to 30 years if convicted, per SecurityWeek. Independent researcher Luke Leal had already publicly identified the operator behind the "Spox" persona as Dila Belmili back in 2021, based on the seller's own code comments and social-media activity — a rare case where open-source attribution work done years earlier lines up cleanly with a subsequent criminal charge. BCG has not been able to locate the underlying DOJ or U.S. Attorney press release independently; this item rests on SecurityWeek's reporting alone, and the charges are allegations only.

Watch for: whether the unsealed charging documents confirm Leal's 2021 identification or name a different individual — and whether Market0Day customers' own activity becomes a secondary thread in the case.

Sources: SecurityWeek (June 23, 2026); independent researcher Luke Leal, "Spox is Dila Belmili" (originally published 2021).

Jonathan Brown for Border Cyber Group - Support Independent Cybersecurity Journalism. Please Subscribe or Buy us a Coffee! Thanks.