In the ever-evolving landscape of cybersecurity, recent developments have highlighted persistent vulnerabilities and emerging threats that organizations must address to safeguard their digital assets.
FortiBleed Campaign Targets Fortinet Devices
A large-scale cyber campaign, dubbed FortiBleed, has been systematically compromising Fortinet FortiGate firewalls and SSL VPN gateways globally. Since at least February 2026, over 80,000 devices have been identified with valid credentials tested by suspected Russian-speaking threat actors using continuous automated tools. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has urged Fortinet customers to secure their FortiGate appliances against this ongoing malicious activity. Fortinet attributes the campaign to the reuse of credentials from previous incidents and brute-force attacks on devices with weak passwords and lacking multi-factor authentication (MFA).
Salesforce Disables Klue App Integration Amid Security Incident
Salesforce has disabled the Klue Battlecards app integration following a security incident affecting the competitive intelligence company on June 11, 2026. Unusual activity involving the app may have led to unauthorized access to a subset of customer data through its connection to Salesforce. The issue is specific to Klue’s app connection and does not stem from a vulnerability within the Salesforce platform. An extortion group named Icarus compromised and exfiltrated data from Klue’s customers by exploiting a compromised legacy credential associated with an integration service. Several companies have acknowledged the incident, noting limited impact.
The Gentlemen Ransomware Group Develops EDR-Killing Suite
The Gentlemen ransomware-as-a-service (RaaS) operation is actively developing and distributing a suite of tools designed to disable endpoint detection and response (EDR) products before deploying ransomware. The primary tool, GentleKiller, is an in-house developed framework with eight variants, each impersonating different legitimate products and exploiting various vulnerable or malicious kernel drivers. GentleKiller targets over 400 processes associated with 48 security products, including those from CrowdStrike, SentinelOne, Microsoft Defender, Sophos, Kaspersky, and ESET.
Splunk Vulnerability Exploited in the Wild
A critical vulnerability in Splunk’s software has been actively exploited in the wild. Organizations using Splunk are advised to apply the latest patches and review their security configurations to mitigate potential risks associated with this flaw.
These incidents underscore the importance of proactive cybersecurity measures, including regular software updates, robust password policies, and the implementation of multi-factor authentication. Organizations must remain vigilant and adapt to the evolving threat landscape to protect their systems and data effectively.
