Threat Advisories

Researchers have recently disclosed a large-scale campaign, referred to as “FortiBleed,” involving the compromise and exposure of credentials associated with Fortinet FortiGate firewalls and SSL VPN devices across global environments.

A critical vulnerability (CVE-2026-20253) has been identified in Splunk Enterprise that allows unauthenticated attackers to perform arbitrary file operations and achieve remote code execution (RCE). The flaw stems from missing authentication controls in a PostgreSQL sidecar service endpoint.

A recent security incident involving ServiceNow highlights a significant risk to enterprises relying on cloud workflow and IT service management platforms. ServiceNow disclosed that a software flaw affecting certain customer instances allowed unauthenticated access to data via a vulnerable API endpoint. This condition effectively bypassed authentication controls, enabling external parties to query stored data without valid credentials.

Organisations using Check Point Remote Access VPN, Mobile Access, or Spark Firewall solutions are advised to take immediate action following confirmed active exploitation of CVE-2026-50751, a critical authentication bypass vulnerability. This flaw, rated with a high severity score of 9.3, affects environments configured to use the deprecated IKEv1 key exchange protocol and allows unauthenticated attackers to gain VPN access without valid user credentials.

CISA added three vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog on May 27, 2026, confirming that they are actively exploited in real‑world attacks.

While these vulnerabilities affect different technologies, they share a common theme: compromise of trusted software distribution and development pipelines. Unlike traditional vulnerabilities targeting exposed services, these issues enable attackers to distribute malicious code through legitimate channels such as software installers, npm packages, and development tools.

GitHub has confirmed the unauthorized access and exfiltration of approximately 3,800 of its internal development repositories. The breach was orchestrated by the financially motivated cybercrime group TeamPCP, who exploited a trojanized Microsoft Visual Studio Code (VS Code) extension installed on a privileged employee's device.

A critical vulnerability, tracked as CVE-2026-42945 and codenamed "NGINX Rift," has been identified in the ngx_http_rewrite_module of the NGINX web server. Discovered by researchers at DepthFirst AI, this flaw has existed within the NGINX codebase for approximately 18 years. The vulnerability is a heap buffer overflow that occurs due to inconsistent state handling within NGINX's internal script engine during the processing of rewrite directives.

Microsoft’s May 2026 Patch Tuesday update for Windows 10, KB5087544, reflects the current reality of the platform. Now firmly in its Extended Security Updates phase, Windows 10 is no longer evolving through features, but it is still being actively secured and maintained. This update combines a large set of vulnerability fixes with targeted changes to Remote Desktop and Secure Boot that reveal how Microsoft is tightening control over endpoint trust and stability.

Fortinet has disclosed two critical vulnerabilities affecting FortiSandbox and FortiAuthenticator that could enable unauthenticated remote code execution (RCE) on exposed systems.

Trellix has announced that internal source code for portions of its product portfolio was accessed without authorisation. The affected material relates to product development code only and does not include customer environments or customer data. There is no indication of malicious modification to released software artifacts.