Splunk Exploited, FortiBleed Widens, Apple BootROM Hack, AWS AI
Coverage: 19 Jun 2026 – 21 Jun 2026 (UTC)
< view all daily briefs >Urgent patch orders, large-scale credential abuse, and new research into low-level exploits shaped today’s security landscape. Cloud platform developments also featured, with new AI-driven vulnerability management and expanded edge capacity aimed at shrinking response times and improving governance. The mix underscores a dual track: actively exploited flaws and credential theft pushing defenders to move faster, while vendors introduce tools and capacity to tighten prevention and speed remediation.
AWS Expands AI Security and Edge Footprint
AWS Continuum was introduced as a platform to manage the full lifecycle of code vulnerabilities from discovery to remediation. It ingests structured and unstructured context, prioritizes and enriches findings, validates issues (including sandboxed exploit examples), and proposes mitigations spanning network, policy, and code changes. Continuum starts in a human-in-the-loop learn mode, offering reasoning for each recommendation, with the option to move to automated enforcement for defined categories and risks. It also includes the AWS Security Agent, powered by frontier AI models, to support penetration testing, code scanning, and threat modeling, with outputs delivered in STRIDE format. Early pilots are underway in financial services, automotive, and technology sectors in a gated preview.
AWS Local Zone availability in Hanoi, Vietnam, adds metro-area compute and storage with single-digit millisecond latency. The zone supports Amazon S3 and Amazon EBS Local Snapshots for data residency, C7i/M7i/R7i EC2 instances, S3 One Zone-IA, multiple EBS volume types, and container/networking services including Amazon ECS, Amazon EKS, Amazon VPC, AWS Direct Connect, and Application Load Balancer. Targeting low-latency and AI/ML inference workloads, customers can enable ap-southeast-1-han-1a via AWS Global View or API, with pricing and technical details provided by AWS.
Actively Exploited Flaws and Patch Priorities
CISA: Splunk ordered rapid remediation for CVE-2026-20253 in Splunk Enterprise by Sunday, citing active exploitation. The flaw in versions 10.2.0–10.2.3 and 10.0.0–10.0.6 lets unauthenticated attackers create or truncate arbitrary files through an unauthenticated PostgreSQL sidecar endpoint. Splunk shipped updates after limited exploitation was observed, researchers published a proof-of-concept, and Shadowserver identified over 1,400 internet-exposed instances. Splunk’s temporary mitigation is to disable the PostgreSQL sidecar, noting functional impacts on data pipelines, while CISA tied its directive to prioritized patching requirements.
Oracle patches delivered 245 high-priority fixes outside the regular quarterly cycle, spanning products such as Enterprise Manager, JD Edwards, Fusion Middleware, MySQL, PeopleSoft, and WebLogic. Highlights include unauthenticated remote execution issues in WebLogic Server and Oracle Coherence, and CVE-2026-35273 in PeopleSoft PeopleTools, which has been observed exploited. Analysts warn that exposed Fusion Middleware components can be reached without authentication and sit in trust layers, complicating control planes and remediation decisions amid end-of-support timelines.
Gravity SMTP for WordPress is under active exploitation (CVE-2026-4020), exposing a REST API endpoint that returns a comprehensive system report without authentication. The response can disclose server details and live third-party API keys and tokens (Amazon SES, Google, Mailjet, Resend, Zoho), enabling email impersonation and reducing effort for follow-on intrusions. Wordfence blocked over 17 million exploit attempts and observed spikes in early June. A patch shipped in version 2.1.5; administrators should update, rotate exposed credentials, and review logs for requests to the vulnerable endpoint.
Apple Beats Studio Buds received firmware 1B211 to fix CVE-2025-20701 (CVSS 8.8) in the Airoha Bluetooth SDK. Incorrect authorization allowed attackers in Bluetooth range to pair with devices seeking pair requests, enabling unauthorized microphone access and privilege escalation without user interaction. The update closes the authorization gap; researchers previously warned similar Airoha SoC issues affected other vendors, with potential for RAM/flash access and trust hijacking via BR/EDR or BLE.
Credential and OAuth Abuse: Fortinet Targets and SaaS Exposure
FortiBleed is a global campaign that CISA warned has compromised 86,644 internet-accessible FortiGate devices by June 19, 2026. Attackers mass-scanned remote login endpoints, sprayed leaked and reused credentials, and harvested additional valid logins from intercepted traffic. Analyses point to default and built-in Fortinet accounts and legacy hashing behaviors persisting until users reauthenticate after upgrades. CISA recommends terminating active sessions, resetting passwords, enforcing strong policies, migrating to PBKDF2 credential hashing, enabling phishing-resistant MFA, and reducing management interface exposure.
Unit 42 is tracking large-scale credential attacks that began with Fortinet devices and expanded to MSSQL and potentially Sophos. Actors conduct internet-wide scanning and password spraying with curated lists augmented by harvested credentials, pursue privilege escalation to extract configurations, and crack stolen credentials offline to deepen access. Recommendations include auditing for suspicious successful logins after bursts of failures, enforcing MFA, changing defaults, disabling unused accounts, adopting Zero Trust (e.g., jump boxes, ZTNA), and maintaining patch currency.
Klue breach investigations found an attacker abused a compromised legacy integration credential to obtain OAuth tokens, then queried connected platforms, notably Salesforce. Klue revoked tokens and credentials, removed unauthorized code, disabled impacted integrations, engaged CrowdStrike, and notified law enforcement. Responders reported automated queries exfiltrated CRM records, including business contacts and sales communications. The Icarus group claimed responsibility and is pressuring victims; several organizations disclosed related Salesforce data theft and warn of downstream phishing and social engineering risks.
Texas breach at the Parks and Wildlife Department’s external license system vendor exposed records for 3,087,721 hunting and fishing license customers. Data includes driver’s license details, passport numbers, and contact information; sensitive financial data and Social Security numbers were not found compromised. The agency is collaborating with the vendor on safeguards and offering one year of credit monitoring, advising affected individuals to watch for targeted phishing and consider credit freezes or fraud alerts.
Evasion, Agents, and Low-Level Threats
Microsoft research detailed AutoJack, an attack chaining three flaws in AutoGen Studio’s Model Context Protocol WebSocket implementation to achieve host-level remote code execution in development builds. Malicious web content rendered by a local agent inherited a localhost origin, bypassed an allowlist, and accessed MCP endpoints excluded from normal authentication; URL-supplied server_params were decoded and passed to process spawning without an executable allowlist. Fixes removed URL parameter injection, routed MCP paths through standard authentication, and tied parameters to session IDs. Microsoft highlighted the broader pattern: web-enabled agents reaching privileged localhost services require stronger containment, authentication, and governance.
usbliter8 is a SecureROM exploit for Apple A12/A13 that abuses a hardware flaw in the Synopsys DWC2 USB controller to enable arbitrary code execution in DFU mode. By manipulating DMA handling of USB Setup packets and leveraging DART/IOMMU configuration, attackers can overwrite SRAM and seize control, including bypassing PAC on A13. A dedicated microcontroller board is required, and exploitation completes in under two seconds before the signed boot chain loads. The flaw is unpatchable in affected hardware; researchers recommend treating impacted devices as custody and retirement risks in high-security environments.
GentleKiller, an EDR-killer framework distributed by The Gentlemen ransomware-as-a-service platform, supports bring-your-own vulnerable driver techniques to reach kernel privileges and target endpoint security drivers. ESET linked the toolset to evasions against roughly 400 EDR processes from 48 vendors and use across an estimated 300 attacks. Recommended defenses include enforcing HVCI and KMCI, strict driver allow/block policies, and continuous auditing and removal of unnecessary or vulnerable drivers.
Prinz Eugen is a new hands-on-keyboard ransomware operation that gains access largely via stolen RDP credentials and manually deploys a Go-based payload. The encryptor prioritizes recently modified files to maximize disruption, uses ChaCha20-Poly1305 with Argon2id/SHA-256/HKDF-SHA256 for keying, and can self-delete after overwriting keys. The group leaves no on-disk ransom note, handling communications out-of-band to reduce forensic artifacts.
SearchLeak demonstrated parameter-to-prompt injection against M365 Copilot Enterprise, where the Copilot Search ?q= parameter was treated as a prompt. Researchers combined this with a sanitization race and a permissive CSP to proxy content via Bing Image Search, leaking sensitive items by inheriting victim access. Microsoft patched server-side; researchers caution the pattern could recur as AI-enabled apps accept prompts in URLs, recommending stricter input controls and render-time sanitization.