Cybersecurity Developments: Fortinet Breach, Botnet Takedown & AudiA6 Dismantled - June 22, 2026

CybersecMonday, June 22, 2026

50 articles analyzed by AI / 276 total

Key points

Audio player

0:00 / 0:00

•The FortiBleed campaign exploiting vulnerabilities in Fortinet firewalls and VPN gateways has been ongoing since early 2023, leading to the compromise of thousands of Fortinet credentials globally. This critical flaw has prompted urgent advisories from both CISA and global cybersecurity agencies to harden affected devices and prevent broader network intrusions.[Cybersecurity Dive][Industrial Cyber]
•Canada’s spy agency has performed a landmark operation with judicial approval to neutralize two foreign-controlled botnets targeting national networks. This legal cyber countermeasure, as revealed in a June 15 court ruling, represents a new frontier in government-authorized offensive cybersecurity activities.[The Hacker News RSS]
•Law enforcement dismantled the AudiA6 ransomware crypto laundering operation responsible for approximately $380 million in illicit funds, marking a significant achievement in disrupting ransomware-associated financial crime and the laundering of cryptocurrency at scale.[Cybersecurity Insiders]
•A data breach impacting more than 3 million Texas hunting and fishing license customers exposed sensitive personal information, exposing weaknesses in public sector cybersecurity protections and emphasizing the need for stronger data privacy controls in government services.[Houston Public Media]
•Supply chain attacks targeting popular WordPress plugins by ShapedPlugin inserted backdoors, exposing countless websites to unauthorized access. This incident highlights ongoing risks in software supply chains and the need for stronger integrity verification mechanisms.[The Hacker News RSS]
•A cyberattack on Klue resulted in the compromise of OAuth tokens, causing sensitive data breaches across multiple cybersecurity companies. This incident reveals critical trust and security issues within the cybersecurity industry’s own infrastructure.[CyberSecurityNews]
•Security researchers uncovered four critical vulnerabilities in the open-source AI platform Dify that could allow attackers to access chat data between tenants. This discovery underscores increasing security and privacy challenges posed by shared AI workflow solutions.[The Hacker News RSS]
•Thousands of D-Link routers have been commandeered by the AryStinger botnet, showcasing the continued exploitation of IoT devices to build large-scale malicious networks. This wide-reaching infection threatens consumer network security and highlights the growing botnet threat landscape.[Malwarebytes]
•A new cyber campaign delivers CastleStealer malware using OXLOADER distributed via malicious Google Ads, exploiting advertising platforms as an infection vector to compromise user credentials. This novel method indicates the increasing sophistication of malware distribution through widely trusted third-party services.[The Hacker News RSS]

Relevant articles

CISA urges device hardening after thousands of Fortinet credentials compromised - Cybersecurity Dive

9/10

The Cybersecurity and Infrastructure Security Agency (CISA) warned organizations to harden device security after thousands of Fortinet credentials were compromised, raising serious risks. The alert follows the exposure of sensitive access data that could lead to further attacks.

Cybersecurity Dive · 6/22/2026, 4:04:57 PM

Global cybersecurity agencies warn of credential exposure in FortiBleed campaign targeting Fortinet firewalls, VPN gateways - Industrial Cyber

9/10

Global cybersecurity agencies issued warnings about the FortiBleed campaign exploiting vulnerabilities in Fortinet firewalls and VPN gateways since early 2023. This campaign risks exposing thousands of credentials worldwide, raising concerns about widespread network compromise.

Industrial Cyber · 6/22/2026, 10:51:18 AM

Canada’s Spy Agency Used First-of-Its-Kind Warrant to Clean Botnet-Infected Devices

9/10

Canada's spy agency obtained a groundbreaking warrant to legally access and neutralize two foreign-controlled botnets spreading malware within Canadian networks. This operation, revealed in a June 15 court ruling, marks a first in authorized cyber countermeasures on national soil.

The Hacker News RSS · 6/22/2026, 9:11:37 AM

Authorities Dismantle AudiA6, the Ransomware Crypto Laundering Service Behind $380M - Cybersecurity Insiders

9/10

Law enforcement dismantled AudiA6, a ransomware crypto laundering service that handled approximately $380 million in illicit funds. This takedown is a major blow against ransomware-related financial crime and crypto laundering infrastructures.

Cybersecurity Insiders · 6/21/2026, 7:10:55 PM

Texas Cyber Command detects data breach affecting more than 3 million hunting, fishing license customers - Houston Public Media

8/10

The Texas Cyber Command announced a data breach compromising personal data of more than 3 million hunting and fishing license customers. This breach highlights significant vulnerabilities in public-sector cybersecurity affecting citizen data privacy.

Houston Public Media · 6/22/2026, 8:12:02 PM

ShapedPlugin WordPress Pro Plugins Backdoored in Supply Chain Attack

8/10

Multiple WordPress plugins by ShapedPlugin were compromised through a supply chain attack, injecting backdoors into legitimate plugin releases. This tampering exposed users to potential unauthorized access and wider web security risks.

The Hacker News RSS · 6/22/2026, 6:00:48 PM

Klue Hack Leads to Data Breach Across Multiple Cybersecurity Companies - CyberSecurityNews

8/10

A cyberattack on Klue resulted in data breaches impacting several cybersecurity companies by compromising OAuth tokens. This incident underscores vulnerabilities within the cybersecurity sector itself and raises concerns over sensitive intelligence exposure.

CyberSecurityNews · 6/22/2026, 4:32:17 PM

Researchers Detail DifyTap Flaws in Dify That Could Expose AI Chats Across Tenants

8/10

Researchers disclosed four security flaws in Dify, an open-source AI workflow platform, that could expose AI chat conversations across tenants. These vulnerabilities present a serious privacy and data security risk in collaborative AI environments.

The Hacker News RSS · 6/22/2026, 4:13:28 PM

Thousands of D-Link routers under control of AryStinger botnet - Malwarebytes

8/10

Malwarebytes revealed that thousands of D-Link routers were taken over by the AryStinger botnet, indicating a large-scale malware infection exploiting Internet of Things devices. The infection threatens network security and user privacy on a broad scale.

Malwarebytes · 6/22/2026, 3:24:06 PM

New OXLOADER Loader Uses Malicious Google Ads to Deliver CastleStealer

8/10

Cybersecurity researchers found a new campaign using OXLOADER malware to deliver the CastleStealer trojan via malicious Google Ads. This innovative infection vector exploits popular advertising platforms to spread credential-stealing malware.

The Hacker News RSS · 6/22/2026, 1:20:12 PM