Cisco, Fortinet Exploits Escalate; Ransomware Surges in Europe
Summary
This daily cybersecurity brief highlights critical vulnerabilities and active exploitation campaigns. Cisco Catalyst SD-WAN and Cisco Unified CM are under scrutiny, with zero-day flaws in the former actively exploited for root access and SSRF vulnerabilities in the latter being used to deploy webshells. Fortinet FortiGate firewalls are also heavily impacted by the 'FortiBleed' campaign, which has compromised over 430,000 devices and stolen millions of credentials, primarily sold to ransomware gangs. CISA has mandated urgent patching for actively exploited flaws in Lantronix and Ubiquiti devices, emphasizing immediate risk to enterprise and OT networks.
Ransomware attacks in Europe have surged by 55.1%, with manufacturing being the most targeted sector. The Qilin ransomware group remains prolific, and geographically concentrated campaigns are evident. A new, stealthy Windows backdoor named 'Mistic' has been identified, linked to initial access brokers who supply major ransomware groups. In the AI space, critical 'DifyTap' flaws in the Dify AI platform could expose cross-tenant data in over a million applications. Tata Electronics has confirmed a cyberattack, with hackers claiming to have leaked sensitive data related to Apple and Tesla, underscoring significant supply chain risks.
Finally, Google Chrome version 149 has been released, patching four Critical and fourteen High-severity vulnerabilities, including use-after-free bugs in core components. While not actively exploited, these updates are crucial for user security.
Today New Articles
CISA Mandates Urgent Patching for Actively Exploited Flaws in Lantronix and Ubiquiti Devices
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added four critical vulnerabilities affecting Lantronix EDS5000 device servers and Ubiquiti UniFi OS to its Known Exploited Vulnerabilities (KEV) catalog. The flaws, including a 9.8 CVSS comm...
Attackers Actively Exploit Critical Cisco Unified CM Flaw to Deploy Webshells
A critical Server-Side Request Forgery (SSRF) vulnerability in Cisco Unified Communications Manager (Unified CM), tracked as CVE-2026-20230, is being actively exploited in the wild. Attackers are leveraging the flaw, which carries an 8.6 CVSS score, to write a...
Ransomware Attacks in Europe Skyrocket by 55% as Supply Chains Become Prime Targets
A new report from cyber risk management firm Black Kite reveals a staggering 55.1% year-over-year increase in ransomware attacks across Europe in the first four months of 2026. The manufacturing sector was the most heavily targeted industry. Five countries—Ger...
Critical 'DifyTap' Flaws in Dify AI Platform Expose Cross-Tenant Data in 1M+ Apps
Four vulnerabilities, dubbed 'DifyTap,' have been discovered in the popular open-source AI application platform Dify. Two of the flaws are critical (CVE-2026-41947, CVE-2026-41948) and could allow attackers to break tenant isolation, enabling them to read priv...
Tata Electronics Confirms Cyberattack; Hackers Claim Leak of Apple and Tesla Data
Indian manufacturing giant Tata Electronics, a key supplier for Apple, has confirmed it sustained a cyberattack. The admission follows claims by a hacking group called 'World Leaks' that it stole and published over 630GB of sensitive data. The leaked files all...
Stealthy 'Mistic' Backdoor Linked to Ransomware IAB KongTuke in Pre-Attack Campaigns
A new and sophisticated Windows backdoor named 'Mistic' (or MLTBackdoor) has been identified in financially motivated attacks since at least April 2026. Researchers from Symantec and Carbon Black have linked the malware with low-to-moderate confidence to KongT...
Google Chrome 149 Update Patches 4 Critical and 14 High-Severity Flaws
Google has released a security update for its Chrome browser, version 149, to address 18 security vulnerabilities. The patch bundle includes fixes for four flaws rated Critical and fourteen rated High severity. A majority of the fixed vulnerabilities are use-a...
Article Updates
Cisco Catalyst SD-WAN Zero-Day Flaw Actively Exploited for Root Access
Update:New details from Mandiant reveal the Cisco Catalyst SD-WAN zero-day (CVE-2026-20245) was actively exploited for at least two months prior to its public disclosure on June 4, 2026. The attacks targeted a communications service provider, where threat actors gain...
‘FortiBleed’ Campaign Harvests Credentials from 86,000+ Fortinet Devices
Update:The 'FortiBleed' campaign has escalated significantly, now compromising over 430,000 Fortinet FortiGate firewalls and stealing more than 110 million credentials. Threat actors, identified as a Russian-speaking initial access broker, are deploying a custom Go-b...