- Cisco Unified Communications Manager Server SSRF vulnerability
192.168.1.1Originating IP address observed in attacks
The threat landscape continues to intensify as critical vulnerabilities across enterprise infrastructure, supply chain systems, and emerging AI platforms face active exploitation. Today's briefing covers active attacks against Cisco communications infrastructure, a massive credential harvesting campaign targeting firewall deployments, CI/CD pipeline vulnerabilities affecting major open source projects, and data exposure risks in widely-deployed AI platforms.
A high-severity Server-Side Request Forgery (SSRF) vulnerability tracked as CVE-2026-20230 in Cisco Unified Communications Manager is now being actively exploited in the wild. The vulnerability enables attackers to bypass security controls and access sensitive systems through the affected communications infrastructure. Organizations running vulnerable versions of Cisco Unified CM should prioritize patching immediately to prevent unauthorized access and lateral movement within their networks. Source: Cisco Unified CM flaw CVE-2026-20230 now exploited in attacks
A Russian-speaking initial access broker has orchestrated a large-scale credential harvesting operation dubbed FortiBleed that has targeted over 430,000 FortiGate firewalls globally since February 2026. The financially-motivated campaign collects credential lists, searches for exposed services, brute-forces accessible systems, and deploys custom malware including forticheck, FortigateSniffer, FortiProbe-fast, and HASHBOT. This operation represents one of the largest credential harvesting efforts targeting network security infrastructure, putting organizations worldwide at risk of compromise through their perimeter defenses. Source: FortiBleed Targeted FortiGate Firewalls in 110 Million-Credential Harvesting Operation
Novee Security has disclosed Cordyceps, a critical vulnerability in GitHub Actions workflows that allows anonymous users to poison software builds and expose authentication tokens across major repositories including those from Microsoft, Google, and Apache. The vulnerability exploits misconfigurations in continuous integration and continuous deployment pipelines, enabling attackers to inject malicious code directly into build processes and compromise the integrity of widely-used open source projects. Source: Cordyceps CI/CD Flaw Exposes Microsoft, Google, Apache Repos to Pipeline Hijacking
Multiple data exposure vulnerabilities in the Dify AI platform threaten the security of over one million applications relying on its multi-tenant cloud service. Attackers could exploit these flaws to read private conversations, preview other tenants' documents, and access internal APIs, creating significant privacy and security risks across the AI application ecosystem. The vulnerabilities include CVE-2024-5846, CVE-2026-41947, CVE-2026-41948, CVE-2026-41949, and CVE-2026-41950, affecting organizations across multiple industries that depend on this widely-deployed platform. Source: Data Exposure Flaws Threaten Dify AI Platform Used by 1 Million Apps
Security teams should prioritize patching these vulnerabilities across their infrastructure, reviewing access logs for signs of compromise, and implementing additional monitoring around critical systems. The convergence of active exploitation, supply chain attacks, and emerging platform vulnerabilities underscores the need for comprehensive threat management strategies across all technology layers.
Source articles and extracted indicators (defanged where appropriate).
192.168.1.1