FortiBleed, Urgent Joomla Fix, And AI-Driven Security Updates

A major credential leak targeting Fortinet VPNs and an urgent Joomla plugin fix headline the day, alongside a dense wave of AI-agent and security platform updates from hyperscalers. Organizations face immediate exposure risks on internet-facing assets while also gaining new options to automate, harden, and observe complex cloud and cross-cloud environments.

FortiBleed Exposes Fortinet VPN Credentials

The FortiBleed leak reportedly contains credentials tied to roughly 73,932 unique Fortinet/FortiGate VPN firewall URLs across 194 countries, including usernames, email addresses, and plaintext or cracked passwords spanning 21,632 domains. Researchers attribute the trove to large-scale brute-force and interception activity, with over a billion credential attempts and GPU-based cracking of intercepted hashes. Independent analysts who reviewed samples assessed portions of the data as authentic, and many listed devices remain reachable online. Recommended actions include immediate rotation of Fortinet VPN and administrative passwords, enabling multi-factor authentication, reviewing gateway logs for suspicious activity, and scanning internal environments for lateral movement. The provenance of exported configurations is still being evaluated.

CISA Orders Rapid Joomla JCE Patching

Under Binding Operational Directive 26-04, federal agencies were instructed to quickly remediate an actively exploited, maximum-severity RCE in the Widget Factory Joomla Content Editor plugin, tracked as CVE-2026-48907, with details covered by BleepingComputer. The flaw allows unauthenticated creation of malicious editor profiles to upload and execute PHP. A fix shipped in JCE Pro 2.9.99.6, and the vulnerability has been added to CISA’s Known Exploited Vulnerabilities list. Administrators should prioritize internet-exposed assets, update to the patched version, remove attacker-created profiles, rotate all credentials, and perform comprehensive malware scans, noting that patching does not clean pre-existing compromises.

AI Agents And Security Automation Advance

AWS introduced AWS Continuum, focused on automating vulnerability discovery, validation, and remediation, as outlined in the AWS blog. The system reasons over structured AWS data and organizational context, uses multiple models, begins with human-in-the-loop learn modes, and can progress to enforced automation. It consolidates prior capabilities (pen testing and code scanning under Continuum branding) and adds threat modeling that generates STRIDE-format models from design documents or source code. In parallel, AWS expanded AWS Security Agent—now part of Continuum—with IDE-centered enhancements and simulated validations that generate proof-of-exploit to reduce false positives, as detailed in an AWS update.

AWS made the managed agent harness within Amazon Bedrock AgentCore generally available, providing a runtime and orchestration layer to define agents via configuration and execute tools, manage context, and persist state, with the option to export to code on the same primitives. Details are in the AgentCore harness announcement.

To strengthen runtime safety, Bedrock Guardrails are now enforceable at the AgentCore gateway perimeter, evaluating outputs of authorized actions and inputs to targets to detect and block prompt injection, harmful content, and possible exposure of sensitive information. Audit trails are integrated via observability, and policy authoring supports natural language and policy-as-code, as described in the Guardrails in policy release.

For continuous improvement, AgentCore now surfaces failure, intent, and trajectory insights across sessions to identify recurring and silent failures, and provides data-grounded recommendations with batch evaluation and A/B testing to validate changes before rollout. These capabilities are covered in the optimization capabilities announcement.

Retrieval for agents also matured. Knowledge Base GA brings a fully managed RAG service with native connectors, hybrid search, document ranking, and agentic retrieval, integrated with AgentCore for permissions and observability. Complementing this, a preview for Glue Data Catalog adds business context and semantic search so users and agents can discover datasets by trusted glossary terms and enriched metadata, improving grounding and reducing ambiguity.

Cross-Cloud Visibility And Zero Trust Migrations

Google Cloud announced general availability of Cloud Network Insights, providing end-to-end observability across multi-cloud and hybrid environments using lightweight monitoring points and active synthetic probes for network and digital experience metrics. Telemetry feeds into Cloud Monitoring and Cloud Logging with alerting integrations, auto-baselining, and SLA validation, and visibility extends into major ISPs and other clouds, per the Google Cloud blog.

Cloudflare introduced the Cloudflare One stack, a packaged set of agent skills to simplify deployment and migration to Cloudflare One, including configuration translation from other SASE vendors, typed API-driven changes, network diagram generation, and troubleshooting workflows. The goal is to accelerate Zero Trust adoption and operations, as detailed in the Cloudflare blog.