FortiGate Credential Harvesting, Cisco Unified CM Flaw, and AI Security Tools Top Weekly Cybersecurity Roundup

A credential harvesting campaign dubbed Fortibleed has compromised thousands of FortiGate firewalls, exposing organizations to network intrusion. Concurrently, a critical Cisco Unified Communications Manager flaw CVE-2026-20230 is being exploited to drop webshells. The attacks underscore persistent threats to edge infrastructure and unified communications platforms.

According to Help Net Security, the FortiGate campaign involved attackers leaving a trove of tools, scripts, and harvested credentials exposed on an unsecured server, giving researchers an unusually detailed view of the operation. The vulnerable Cisco Unified CM system allows server-side request forgery leading to remote code execution.

Russian Intelligence SMS Phishing Campaign Against Ukraine

Ukraine's Security Service (SSU) and the U.S. FBI uncovered a Russian intelligence campaign using fake SMS support messages to steal messaging account credentials from Ukrainian government officials, military personnel, politicians, and activists in Ukraine, Europe, and the U.S. The attack targeted popular messaging platforms used for sensitive communications.

• FortiGate firewalls: Credential harvesting campaign exposed thousands of organizations to potential network compromise.
• Cisco Unified CM flaw CVE-2026-20230: SSRF vulnerability being exploited to drop webshells for remote code execution.
• Russian intelligence SMS campaign: Targeted messaging credentials of government and military personnel.
• GTA VI early access scams: Fake beta programs demanding cryptocurrency payments are stealing bank details.
• Open-source security updates: YARA-X 1.18.0/1.19.0 released with bugfixes; Praxen tool verifies AI agent behavior against policies.

New Open-Source Tools for AI Security and DNS Defense

The security community released several tools this week. IP Crawl maps live open webcams accessible via public internet. Beacon from Asymptote Labs provides open-source telemetry for AI agents. EVOHUNT, a $1,400 experiment, outperformed OpenAI's Codex Security by teaching AI agents to hunt bugs via written playbooks. FrontierCyber benchmark from Irregular tests AI models on real systems without pre-documented vulnerabilities.

Looking ahead, organizations must patch Cisco Unified CM promptly and review FortiGate configurations. The FortiGate campaign and GTA VI scams highlight the need for user awareness and multi-factor authentication. As AI security auditing tools mature, expect more automated vulnerability discovery but also increased sophistication in attacks targeting communication platforms.