Issue #010 · June 17, 2026
Cyber Threat Brief — Issue #010
What's active. What matters. What to do about it.
Priority Actions This Week
- 01If you run Fortinet's FortiSandbox product, update it immediately. Attackers are actively breaking into unpatched systems right now. Two of the flaws have had fixes available since April and the attacks started anyway. Do not wait for your next maintenance window.
- 02If your organization uses Fortinet's VPN product to let employees connect remotely, assume your login credentials have already been stolen. A criminal group has collected passwords from more than 30,000 organizations worldwide. Change your VPN passwords and turn on two-factor authentication if you haven't already.
- 03If your developers build AI applications using the Mastra framework, stop and check your code dependencies right now. Today, attackers slipped a malicious package into the tools developers use to build with Mastra. If anyone on your team installed a Mastra update today, change your AI service passwords and cloud access keys immediately.
- 04Ask your engineering team what AI coding assistant plugins they have installed in their code editors. If nobody knows, that is the problem. Attackers are hiding malware inside tools that look like legitimate coding helpers. Anything unused or unrecognized should be removed.
- 05If your Windows computers have not been updated since June 9, do it now. There is a serious flaw that could let an attacker take over any Windows machine on your network without a password. Nobody is actively exploiting it yet, but security researchers have had two weeks to figure out how.
Active Campaigns
A criminal group has been systematically collecting the login credentials of Fortinet VPN devices used by organizations worldwide. The operation, called FortiBleed, has targeted more than 73,000 Fortinet firewalls across 194 countries and confirmed stolen credentials from over 30,000 of them, including government agencies, corporations, and critical infrastructure operators. The group tried more than a billion password combinations against Fortinet devices and more than two billion against Microsoft database servers. When they find a match, they use the stolen credentials to get inside the organization's internal network, often without triggering any alarms. The attack does not require hacking anything in the traditional sense. It uses passwords that were already stolen in previous breaches and leaked online, tries them against internet-facing Fortinet devices, and walks through the door when one works. The size of this operation means that if your organization runs a Fortinet VPN and has not changed its passwords recently, there is a meaningful chance those credentials are already in this group's possession.
Attackers are actively breaking into Fortinet's FortiSandbox product through three separate security flaws simultaneously. FortiSandbox is the component that other Fortinet security products rely on to decide whether a file or website is dangerous. When it gets compromised, the entire security stack it supports can be blinded. Two of the three flaws had patches available since April. Attacks began in early June, two months after the fixes were released. The third flaw was patched only last week, and attackers were attempting to exploit it within days using code that appears to have been written with AI assistance. Researchers noted the AI-generated exploit was poorly written and likely faulty, but attacks still found partial success against unpatched systems. That detail matters: attackers are now using AI to write attack code faster than defenders can patch, and even broken AI-generated exploits are finding targets. If you run FortiSandbox and have not applied the latest updates, you are currently exposed to active attacks.
Today, attackers compromised a developer account and used it to publish 143 malicious software packages targeting developers who build AI applications with a popular tool called Mastra. The attack was subtle. The Mastra code itself was not changed. Instead, attackers added a single line to the package instructions that told any developer who installed Mastra to also download a hidden malicious package called easy-day-js. That hidden package was designed to steal AI service credentials, cloud access keys, and other sensitive information from the developer's machine and build environment. Because Mastra is a framework for building AI agents, the credentials it has access to are particularly valuable. They include the API keys that connect to services like OpenAI, Anthropic, and cloud providers. The attack was caught within hours by multiple security firms. But any developer who ran a Mastra installation today before the alert went out may have already had credentials stolen without knowing it.
CVE Watch
PRODUCT: Fortinet FortiSandbox (JRPC API)
WHAT IT MEANS:
This flaw lets an attacker get into FortiSandbox without a password by sending it a specially crafted request. Once inside, they can run any command they want on the system with full administrative control. FortiSandbox is the component that decides whether files and websites are safe or dangerous across the enterprise. An attacker who controls it can tell the rest of the security stack that malicious content is safe, effectively turning off threat detection without anyone noticing. The attack code to exploit this flaw has been publicly available since April. Active attacks were confirmed in early June, two months after the fix was released.
ACTION:Update FortiSandbox to version 5.0.6 or 4.4.9 immediately. If you cannot patch today, disconnect FortiSandbox management access from the internet until you can.
PRODUCT: Fortinet FortiSandbox (JRPC API — authentication bypass)
WHAT IT MEANS:
This flaw lets an attacker access sensitive FortiSandbox system information without logging in, including configuration files, device identifiers, and version details that can be used to plan further attacks. It had never been exploited in the wild before June 15, 2026. The fact that attackers are now using it confirms a pattern: when Fortinet releases patches, threat actors work through the list of fixed vulnerabilities and eventually attempt to exploit each one against organizations that have not yet updated. The gap between patch release and attack is shrinking. This one took two months.
ACTION:Update FortiSandbox to version 5.0.6 or 4.4.9 immediately. The same update that fixes CVE-2026-39808 fixes this one too.
PRODUCT: Fortinet FortiSandbox, FortiSandbox Cloud, FortiSandbox PaaS
WHAT IT MEANS:
This flaw lets an attacker run commands on FortiSandbox through its web interface without needing a login. It affects the on-premise version, the cloud version, and the hosted service version. Fortinet patched it only last week. Within days, attackers were already attempting to exploit it using code that security researchers believe was written with AI assistance. The AI-generated exploit was flawed and did not always work, but it still found targets on unpatched systems. This is the clearest example yet of AI accelerating the time between a patch being released and attack attempts beginning. Defenders are patching on human timelines. Attackers are now generating exploit code on machine timelines.
ACTION:Update FortiSandbox to version 5.0.6 or 4.4.9 immediately. All three active flaws are fixed in the same update.
Threat Actor Activity
Confirmed to have collected stolen credentials from more than 30,000 Fortinet VPN devices across 194 countries using previously leaked passwords and infostealer logs. The group runs a 45-GPU password cracking operation and uses recovered credentials to get inside victim organizations without triggering alerts. Attribution to a specific named group has not been confirmed.
The Mastra npm supply chain attack today matches the pattern of prior TeamPCP operations, but formal attribution has not been confirmed by primary sources. Attribution pending.
Platform remains live and adding new victims daily. The blockchain-based infrastructure that hides the malware's command server remains active with no available mechanism for takedown.
Operation Olalampo continues across the Middle East, Southeast Asia, and Latin America. No new confirmed victims disclosed this week.
No new confirmed activity. Whether the group has been fully removed from US phone company networks remains unconfirmed. Congressional oversight continues.
No new confirmed activity. The group's previously reported access inside US critical infrastructure remains unresolved.
| Actor | Status | Activity |
|---|---|---|
| FortiBleed operators (Russian-speaking, unattributed) | [ ESCALATING ] | Confirmed to have collected stolen credentials from more than 30,000 Fortinet VPN devices across 194 countries using previously leaked passwords and infostealer logs. The group runs a 45-GPU password cracking operation and uses recovered credentials to get inside victim organizations without triggering alerts. Attribution to a specific named group has not been confirmed. |
| TeamPCP (UNC6780) | [ ACTIVE ] | The Mastra npm supply chain attack today matches the pattern of prior TeamPCP operations, but formal attribution has not been confirmed by primary sources. Attribution pending. |
| WeedHack operators | [ ACTIVE ] | Platform remains live and adding new victims daily. The blockchain-based infrastructure that hides the malware's command server remains active with no available mechanism for takedown. |
| MuddyWater (Mango Sandstorm) | [ ACTIVE ] | Operation Olalampo continues across the Middle East, Southeast Asia, and Latin America. No new confirmed victims disclosed this week. |
| Salt Typhoon | [ MONITORING ] | No new confirmed activity. Whether the group has been fully removed from US phone company networks remains unconfirmed. Congressional oversight continues. |
| Volt Typhoon | [ MONITORING ] | No new confirmed activity. The group's previously reported access inside US critical infrastructure remains unresolved. |
Key Takeaway
The story of this week is simple and uncomfortable. The tools organizations use to protect themselves are now the tools attackers are targeting first. Fortinet's sandbox product, the one that decides whether a file is safe or malicious, has three active vulnerabilities being exploited right now. Fortinet's VPN product, the one employees use to securely connect to the office, has had its passwords stolen from more than 30,000 organizations worldwide. The AI development tools that engineers use to build the next generation of software are being poisoned at the package level before the code even runs. None of this requires a sophisticated nation-state operation. It requires finding the thing an organization trusts most and attacking that. The question for any organization running Fortinet products this week is not whether they are a target. It is whether they patched faster than a threat group with 45 GPUs and a billion stolen passwords had time to find them.
Sources
- Help Net Security
- The Hacker News
- SecurityWeek
- CyberScoop
- Security Affairs
- SOCRadar
- Hudson Rock
- Defused Cyber
- VulnCheck
- Socket Security
- JFrog Security Research
- Cybersecurity News