Monthly Threat Brief: June 2026
June 2026 Cyber Threat Brief June's headline incidents had almost nothing to do with clever code. FortiBleed harvested roughly 80,000 credentials from internet-facing FortiGate firewalls and VPNs across 194 countries, and it needed no zero-day to do it. Attackers used weak passwords, exposed configs, and sessions that were still valid. Around the same time, an 8.3 TB dump of 24 billion records surfaced, most of it infostealer logs, carrying live session cookies and MFA tokens. That combination lets an attacker skip the login entirely and walk in as you. The defenses didn't get bypassed this month. They got used. Every one of those logins was technically legitimate, which is exactly why so much of this activity slid past detection built to look for something broken. That is the throughline worth your time. Attackers Stopped Breaking In and Started Logging In When the biggest campaigns of the month run on valid…
