Daily Digest

Microsoft Confirms 'RoguePlanet' Defender Zero-Day; FortiBleed Campaign Compromises 70K Firewalls; INC Ransomware Surges

Microsoft Confirms 'RoguePlanet' Defender Zero-Day; FortiBleed Campaign Compromises 70K Firewalls; INC Ransomware Surges

June 19, 2026
11 articles (7 new, 4 updated)
33 min read

Summary

This cybersecurity brief for June 19, 2026, covers several critical developments. Microsoft is urgently patching 'RoguePlanet' (CVE-2026-50656), a high-severity zero-day in Defender that allows full system control. A massive campaign dubbed 'FortiBleed' has compromised credentials for over 70,000 Fortinet devices globally through password spraying and offline cracking. Meanwhile, the INC ransomware group has surged, claiming over 830 victims since 2023 by exploiting known vulnerabilities and filling the void left by LockBit's disruption. Other major incidents include a supply chain attack on JetBrains Marketplace stealing AI developer keys and a data breach at Kodak orchestrated by the ShinyHunters group.

Filter by Category

New Articles (7)

‘FortiBleed’ Campaign: Over 70,000 Fortinet Firewalls Compromised in Global Credential Heist

CRITICAL

Massive "FortiBleed" Campaign Compromises Credentials for over 70,000 Fortinet Devices

A large-scale, automated credential harvesting campaign dubbed 'FortiBleed' has compromised administrative and VPN credentials for at least 73,932 Fortinet FortiGate firewalls across 194 countries. A Russian-speaking threat group is believed to have conducted over a billion credential stuffing and brute-force attempts, intercepting SSL VPN authentication hashes and cracking them offline using a 45-GPU cluster. Fortinet has clarified that the campaign does not exploit a new vulnerability but rather leverages weak or reused passwords on devices lacking multi-factor authentication. The attack has impacted a wide range of sectors, including government, critical infrastructure, and finance. Fortinet is urging all customers to reset credentials, enable MFA, and upgrade firmware immediately.

June 19, 2026
5 min read
FortiBleedFortinetFortiGateCredential StuffingBrute Force +2 more
‘FortiBleed’ Campaign: Over 70,000 Fortinet Firewalls Compromised in Global Credential Heist

Supply Chain Attack: Malicious JetBrains Plugins Steal AI Provider API Keys from Developers

HIGH

Malicious Plugins on JetBrains Marketplace Steal AI Provider API Keys

A software supply chain attack on the JetBrains Marketplace has been uncovered, involving at least 15 malicious plugins that masqueraded as legitimate AI coding assistants to steal API keys. Active since October 2025, the plugins exfiltrated credentials for services like OpenAI, Anthropic, and Google AI from developers' IDEs. The malware, which had tens of thousands of downloads, sent the stolen keys in plaintext to an attacker-controlled server. JetBrains has since removed the plugins, blocked the publisher, and remotely disabled the malware in affected IDEs, while also planning to enhance its plugin vetting process.

June 19, 2026
5 min read
JetBrainsSupply Chain AttackAPI KeysMalwareOpenAI +2 more
Supply Chain Attack: Malicious JetBrains Plugins Steal AI Provider API Keys from Developers

Gamers Beware: Hackers Abuse Steam's Wallpaper Engine to Distribute Infostealers and Ransomware

MEDIUM

Hackers Abuse Steam's Wallpaper Engine to Distribute Malware

Cybercriminals are exploiting the Steam Workshop by hiding malware within animated desktop backgrounds for the popular 'Wallpaper Engine' application. A report from Kaspersky details how attackers are using the app's ability to run executables to deploy a variety of malware, including the Lumma and Vidar infostealers, the DarkKomet backdoor, and ransomware. The campaign, which has resulted in thousands of downloads, primarily targets users in China and Russia. The malicious wallpapers often appear functional, sometimes even including mini-games, to deceive users while the malware infects their system in the background. Valve has removed the identified items, but new malicious uploads persist.

June 19, 2026
5 min read
SteamWallpaper EngineMalwareKasperskyLumma +3 more
Gamers Beware: Hackers Abuse Steam's Wallpaper Engine to Distribute Infostealers and Ransomware

New 'GodDamn' Ransomware Targets Windows Systems With Stealthy Approach

MEDIUM

New Ransomware "GodDamn" Targets Windows Systems with Stealthy Approach

Security researchers at CYFIRMA have identified a new ransomware variant named 'GodDamn' that targets Windows operating systems. The malware, discovered on underground forums, encrypts files and appends a '.God8Damn' extension. It then drops a ransom note ('README.TXT') providing multiple communication channels for negotiation, including email and a messaging ID, suggesting a structured extortion process. The operators emphasize stealth, designing the malware to mimic legitimate software behavior to prolong its presence on a system before detection. This focus on evasion is a growing trend among modern ransomware operations.

June 19, 2026
5 min read
GodDamn RansomwareRansomwareMalwareWindowsCYFIRMA +1 more
New 'GodDamn' Ransomware Targets Windows Systems With Stealthy Approach

FCC Reviews Telecom Supply Chain Security Reporting to Counter Espionage Threats

INFORMATIONAL

FCC Seeks Comment on Telecom Supply Chain Security Reporting

The U.S. Federal Communications Commission (FCC) is reviewing its information collection requirements for supply chain security programs aimed at enhancing oversight of telecommunications infrastructure. A notice published in the Federal Register on June 18 invites public comment on the rules governing programs like the Secure and Trusted Communications Networks Reimbursement Program. This program funds the removal and replacement of insecure network equipment from vendors deemed a national security risk. The review, mandated by the Paperwork Reduction Act, seeks to ensure the data collected from telecom providers is necessary, accurate, and effective in protecting U.S. networks from cyberattacks and espionage.

June 19, 2026
4 min read
FCCRegulationPolicySupply Chain SecurityTelecommunications +1 more
FCC Reviews Telecom Supply Chain Security Reporting to Counter Espionage Threats

Texas Data Breach Exposes Personal Info of 3 Million Hunting & Fishing License Holders

HIGH

Data Breach Hits Texas Hunters and Anglers, Exposing 3 Million Records

The Texas Parks and Wildlife Department has announced a data breach that may have exposed the personal information of more than 3 million Texas hunting and fishing license holders. The breach originated from an unnamed third-party vendor that manages the state's license sales system. The incident, detected by Texas Cyber Command, may have exposed sensitive data including full names, addresses, phone numbers, driver's license numbers, and passport numbers. Officials have stated that Social Security numbers, dates of birth, and financial information were not compromised in the incident. An investigation is ongoing.

June 19, 2026
5 min read
Data BreachSupply Chain AttackTexasPIIGovernment
Texas Data Breach Exposes Personal Info of 3 Million Hunting & Fishing License Holders

Defense Contractor LOGZONE Pays $507K to Settle Claims of Falsifying Cybersecurity Compliance

MEDIUM

Defense Contractor LOGZONE Settles False Claims Act Case for $507K

LOGZONE, an Alabama-based defense contractor, has agreed to pay $507,144 to settle allegations that it violated the False Claims Act by knowingly misrepresenting its compliance with Pentagon cybersecurity requirements. The Department of Justice alleged that from 2021 to 2025, LOGZONE claimed to meet NIST SP 800-171 standards for protecting Controlled Unclassified Information (CUI) on its U.S. Navy contracts. However, a 2024 government assessment found the company had a deeply negative compliance score of -170. This case highlights the DOJ's increasing use of the False Claims Act to enforce cybersecurity standards in the defense industrial base.

June 19, 2026
4 min read
False Claims ActNIST SP 800-171CMMCComplianceDefense Industrial Base +1 more
Defense Contractor LOGZONE Pays $507K to Settle Claims of Falsifying Cybersecurity Compliance

Updated Articles (4)

Splunk Scrambles to Patch Critical 9.8 CVSS Flaw Allowing Unauthenticated RCE

CRITICAL

Critical Splunk Enterprise Vulnerability (CVE-2026-20253) Allows Unauthenticated Remote Code Execution

Update:

The critical Splunk Enterprise RCE vulnerability, CVE-2026-20253, is now confirmed to be under active exploitation in the wild. CISA has added this flaw to its Known Exploited Vulnerabilities (KEV) catalog, marking it as the first Splunk vulnerability to receive this designation. Federal agencies are mandated to patch internet-exposed systems by June 21, 2026. This development significantly increases the urgency for all organizations to apply the available patches immediately, as threat actors are actively weaponizing the vulnerability.

June 14, 2026
Updated: June 19, 2026
5 min read
SplunkCVE-2026-20253RCEVulnerabilityPostgreSQL +2 more
Splunk Scrambles to Patch Critical 9.8 CVSS Flaw Allowing Unauthenticated RCE

Microsoft Scrambles to Patch 'RoguePlanet' Zero-Day in Defender After Public Exploit Release

HIGH

Microsoft Acknowledges 'RoguePlanet' Zero-Day (CVE-2026-50656) in Defender, Patch in Development

Update:

Further analysis of the 'RoguePlanet' zero-day (CVE-2026-50656) confirms the public proof-of-concept exploit remains effective even when Microsoft Defender's real-time protection is disabled or in passive mode, highlighting the vulnerability's insidious nature. While the exploit's success is reportedly inconsistent due to timing, it has been independently validated by security firms. The disclosing researcher, 'Chaotic Eclipse,' has now released seven zero-days since March 2026. Organizations are advised to consider implementing application control solutions like Windows Defender Application Control (WDAC) as an additional remediation step until a patch is released.

June 18, 2026
Updated: June 19, 2026
5 min read
Zero-DayPrivilege EscalationMicrosoft DefenderWindowsRace Condition +2 more
Microsoft Scrambles to Patch 'RoguePlanet' Zero-Day in Defender After Public Exploit Release

DragonForce Ransomware Hides C2 Traffic in Microsoft Teams to Evade Detection for Months

HIGH

DragonForce Ransomware Group Abuses Microsoft Teams TURN Servers for Covert Command and Control

Update:

New analysis from Symantec and Carbon Black provides further insight into the DragonForce ransomware group's 'Backdoor.Turn' operations. A key finding indicates that the Go-based backdoor is not always solely for initial C2, but is sometimes deployed *after* the ransomware payload. This suggests a strategic shift towards maintaining long-term persistence on compromised networks, potentially for future attacks or to sell access to other threat actors. This expands the understanding of the threat actor's intent and the lifecycle of the backdoor, highlighting a more entrenched and persistent threat model. Additional MITRE ATT&CK techniques (T1134.001, T1059.006, T1486) and refined detection/mitigation strategies, including assuming trusted channels can be abused and restricting outbound QUIC, have also been identified.

June 18, 2026
Updated: June 19, 2026
5 min read
DragonForceRansomwareBackdoor.TurnMicrosoft TeamsC2 +3 more
DragonForce Ransomware Hides C2 Traffic in Microsoft Teams to Evade Detection for Months

Kodak Confirms Data Breach After ShinyHunters Threatens to Leak 2.2M Records

HIGH

Kodak Acknowledges Security Breach as ShinyHunters Extortion Group Claims Theft of 2.2 Million Records

Update:

Eastman Kodak Company officially confirmed the data breach on June 18, the deadline set by ShinyHunters for data release. The company reiterated that unauthorized access was limited and contained. Kodak has notified law enforcement and is now also working with external cybersecurity experts to investigate the incident, providing more detail on their incident response efforts.

June 18, 2026
Updated: June 19, 2026
4 min read
KodakShinyHuntersData BreachExtortionPII +1 more
Kodak Confirms Data Breach After ShinyHunters Threatens to Leak 2.2M Records

📢 Share This Publication

Help others stay informed about cybersecurity threats

📅 Daily Edition

Curated and deduplicated every day from dozens of trusted sources — giving you one clean, consolidated view of what matters in cybersecurity.

🔢 Deduplication Applied

Related stories are merged into a single evolving article rather than repeated as separate entries — cutting through noise so you only read what's new.

🔗 Full Articles Linked

Every entry links to its full enriched article — complete with MITRE ATT&CK mappings, extracted IOCs, and actionable detection and mitigation guidance.