CTI Daily Brief — 2026-06-18

Typedaily

Date2026-06-18

GeneratorAnthropic Claude (specific model not determined)

ClassificationTLP:CLEAR

LanguageEnglish

Promptv2.60

Items8

CVEs7

On this page

0. TL;DR
1. Active Threats, Trending Actors, Notable Incidents & Disclosures
2. Trending Vulnerabilities
3. Research & Investigative Reporting
4. Updates to Prior Coverage
5. Deep Dive — Mastra npm supply-chain compromise (easy-day-js)
6. Action Items
7. Verification Notes

References (25)

0. TL;DR

FortiBleed: ~73,000 internet-facing FortiGate devices across 194 countries under active credential abuse. A dataset of 73,932 unique FortiGate URLs (≈75,000 devices) with valid VPN/admin credentials — assembled from brute-force campaigns and reshared prior-incident data, not a new vulnerability per Fortinet — is being actively worked by a Russian-speaking group that has cracked credentials and moved laterally into Active Directory at multiple victims (BleepingComputer, 2026-06-17). Any org with an internet-exposed FortiGate should treat its admin/VPN credentials as potentially exposed and rotate.
Oracle June 2026 Critical Security Patch Update ships 245 fixes, ~100 remotely exploitable without authentication. The standouts: CVE-2026-46978 (Solaris 11.4 Remote Administration Daemon, CVSS 10.0) and CVE-2026-35278 (PeopleSoft PeopleTools Performance Monitor, CVSS 9.8), both unauthenticated (SecurityWeek, 2026-06-17 · Oracle, 2026-06-17). No confirmed exploitation yet — patch internet-facing tiers first.
Rockwell FLEX I/O adapters: unauthenticated web-interface password reset (CVE-2026-0647, CVSS 9.4), flagged by NCSC-CH. A crafted HTTP GET resets the admin password on 1794-AENTR/AENTRXT EtherNet/IP adapters; companion CVEs crash Logix controllers via malformed CIP (CISA ICS-CERT, 2026-06-16). Fixed in firmware 2.013; segment OT now.
Deep dive: the Mastra AI framework's entire npm namespace was backdoored. A trojanised easy-day-js look-alike dependency was swept as a production dependency into 140+ @mastra/* packages in under 90 minutes, delivering a cross-platform credential/wallet stealer; the publishing-account access vector is not disclosed by the primaries (JFrog, 2026-06-17).
ScarCruft (APT37) deploys NarwhalRAT behind fake Microsoft OTP alerts; China arrests 67 Silver Fox/ValleyRAT operators. North Korean spearphishing impersonating Microsoft MFA notices delivers a compiled-Python RAT with a pCloud dead-drop resolver (Genians, 2026-06-16); separately, Chinese police dismantled the supply chain behind the Winos/ValleyRAT operator network.

1. Active Threats, Trending Actors, Notable Incidents & Disclosures

FortiBleed — 73,932 internet-facing FortiGate devices exposed, Russian-speaking group cracking credentials into Active Directory

A dataset branded "FortiBleed" surfaced on 2026-06-17 containing 73,932 unique FortiGate management URLs — roughly 75,000 devices across 194 countries and 21,632 domains — paired with valid VPN and administrative credentials (BleepingComputer, 2026-06-17). Fortinet's position is that this is not a new vulnerability: the corpus is a reshare of data from previous incidents combined with large-scale brute-forcing, and the credentials were validated as working. Per BleepingComputer, a Russian-speaking actor is performing systematic credential validation, offline password cracking and onward lateral movement into Active Directory at fully-compromised organisations in several countries (BleepingComputer, 2026-06-17); Arctic Wolf is separately tracking the FortiBleed campaign's reach across 194 countries (Arctic Wolf, 2026-06-17). The technique class is valid-account abuse (T1078) following credential access, not exploitation of a fresh CVE.

Why it matters to us: FortiGate is ubiquitous on Swiss and EU public-sector perimeters. Treat any internet-exposed FortiGate's local admin and VPN credentials as potentially in the corpus regardless of patch level — patching does not rotate an already-leaked credential. Force admin and VPN password resets, enforce MFA on all administrative and VPN logins, restrict the management interface off the WAN, and review FortiGate admin-login audit events and downstream domain-controller authentication (Windows EID 4624/4768) for logins from unexpected source addresses.

ScarCruft (APT37) delivers NarwhalRAT behind fake Microsoft OTP "security alert" lures

Genians Security Center attributed a new campaign to ScarCruft / APT37 (North Korea nexus) deploying a previously-undocumented RAT it calls NarwhalRAT (Genians, 2026-06-16). The lure is a spearphishing email impersonating a Microsoft multi-factor authentication / OTP security alert; the attached ZIP carries a Windows shortcut (LNK) that launches PowerShell with -ExecutionPolicy Bypass to pull a batch loader, which establishes persistence via a scheduled task running on a one-minute interval (T1053.005). The payload is a compiled-Python binary loading obfuscated bytecode and providing keylogging (T1056.001), screenshot and audio capture, USB collection and remote command execution; C2 resilience comes from a pCloud dead-drop resolver (T1102.001) that hands out current relay addresses, defeating static domain/IP blocking (The Hacker News, 2026-06-17).

Why it matters to us: APT37 targets government, diplomatic, policy-research and Korean-diaspora organisations, including in Europe. The behavioural chain is hunt-friendly without IOCs: alert on schtasks.exe creating tasks under an unusual Microsoft…-style name from a non-installer parent, on LNK→PowerShell -ExecutionPolicy Bypass execution trees, and on compiled-Python process images making outbound calls to consumer cloud-storage APIs. Treat the cloud dead-drop pattern as the durable detection surface — blocking one relay does not break C2.

China arrests 67 members of the Silver Fox (Winos/ValleyRAT) cybercrime network

Chinese police arrested 67 suspects across five provinces in a June 2026 operation against Silver Fox — also tracked as Void Arachne, UTG-Q-1000 and TA4922 — assessed as one of the most active crimeware operations targeting Chinese-speaking users (Risky Biz News, 2026-06-17). The arrests reportedly span the full criminal supply chain: the primary developer/seller of the Silver Fox (Winos) trojan, a variant developer, phishing-site operators, and fake-app download-site operators, with secondary RATs including ValleyRAT used for credential theft. A CNCERT/CC security alert issued on 2026-05-22 preceded the operation (CNCERT/CC, 2026-05-22).

2. Trending Vulnerabilities

CVE-2026-46978 / CVE-2026-35278 — Oracle June 2026 CSPU: unauthenticated Solaris RAD flaw (CVSS 10.0) and PeopleSoft RCE (9.8)

Oracle's June 2026 Critical Security Patch Update shipped 245 fixes on 2026-06-17, ~100 of them remotely exploitable without authentication (SecurityWeek, 2026-06-17 · Oracle, 2026-06-17). The two standouts for this audience are both pre-auth: CVE-2026-46978 (CVSS 10.0) in the Oracle Solaris 11.4 Remote Administration Daemon (RAD), reachable by an unauthenticated attacker over its default HTTPS management interface, and CVE-2026-35278 (CVSS 9.8), a missing-authentication RCE in PeopleSoft PeopleTools 8.61/8.62 Performance Monitor (T1190). Oracle reports no in-the-wild exploitation at publication; the unauthenticated network vectors warrant emergency prioritisation. Patch internet-facing PeopleSoft and middleware tiers first; as interim hardening, scope the Solaris RAD daemon to localhost where remote administration is not required.

CVE-2026-0647 et al. — Rockwell Automation FLEX I/O unauthenticated password reset (CVSS 9.4) and Logix CIP denial-of-service, flagged by NCSC-CH

Rockwell Automation disclosed five ICS CVEs on 2026-06-16, consolidated by NCSC-CH on 2026-06-17 (NCSC-CH Security Hub, 2026-06-17). CVE-2026-0647 (CVSS 9.4) lets an unauthenticated attacker reset the admin password on 1794-AENTR / 1794-AENTRXT FLEX I/O EtherNet/IP adapters (firmware ≤ V2.012) by sending a crafted HTTP GET to the adapter's embedded web server, enabling full takeover and I/O disruption (T0866) (CISA ICS-CERT, 2026-06-16). Companion CVE-2026-0646 (CVSS 7.5) is a CIP-handling DoS on the same adapter requiring a manual reset; CVE-2026-11317 (CVSS 7.5) causes a major non-recoverable fault on CompactLogix/ControlLogix 5370/5570 controllers via a crafted CIP message, requiring a full program download to recover (T0814) (CISA ICS-CERT, 2026-06-16); and CVE-2025-13036 (CVSS 7.7) is an authentication bypass in FactoryTalk Historian Site Edition. FLEX I/O fixes ship in firmware 2.013 (Rockwell SD1775); exploitation status is unknown for all. Where firmware cannot be applied immediately, restrict CIP and HTTP/HTTPS access to these devices to engineering workstations via OT segmentation.

BSI flags 13 vulnerabilities patched in Zammad 7.1 — admin privilege escalation in a DACH public-sector helpdesk platform

BSI CERT-Bund advisory WID-SEC-2026-1981 (2026-06-17) rates the aggregate severity of the Zammad 7.1 release as "hoch" (high): an attacker can chain the patched flaws to gain administrator privileges, bypass security controls, manipulate or disclose data, or trigger denial-of-service (BSI CERT-Bund, 2026-06-17). Zammad — a widely-deployed open-source helpdesk/ticketing system common in German, Austrian and Swiss public-sector IT service desks — released version 7.1 on 2026-06-16 addressing 13 issues now tracked exclusively as GitHub Security Advisories (Zammad, 2026-06-16); individual CVE identifiers are not yet enumerated in public NVD/CSAF records. Any admin-privilege path in a ticketing system exposes internal IT operations data and staff credentials; internet-exposed instances behind a reverse proxy are highest risk. Upgrade to 7.1 and hunt Zammad audit logs for unexpected role escalations and admin-API calls (e.g. to role/user-management endpoints) from unprivileged sessions.

CVE Summary Table

CVE	Product	CVSS	EPSS	KEV	Exploited	Patch	Source
CVE-2026-46978	Oracle Solaris 11.4 — Remote Administration Daemon	10.0	n/a	No	Not reported	June 2026 Solaris SRU	Oracle
CVE-2026-35278	Oracle PeopleSoft PeopleTools 8.61 / 8.62 — Performance Monitor	9.8	n/a	No	Not reported	June 2026 CSPU	Oracle
CVE-2026-0647	Rockwell 1794-AENTR / 1794-AENTRXT FLEX I/O (≤ V2.012)	9.4	n/a	No	Not reported	Firmware 2.013 (SD1775)	CISA ICS-CERT
CVE-2026-11317	Rockwell CompactLogix / ControlLogix 5370 / 5570	7.5	n/a	No	Not reported	SD1772 firmware	CISA ICS-CERT

3. Research & Investigative Reporting

15 malicious JetBrains Marketplace plugins exfiltrate AI provider API keys on "Apply"

Aikido Security documented a coordinated campaign of at least 15 IDE plugins published under seven vendor accounts on the JetBrains Marketplace between October 2025 and June 2026, posing as AI coding assistants (built on DeepSeek, OpenAI, SiliconFlow) with roughly 70,000 combined installs (Aikido Security, 2026-06-16). The plugins function as advertised but hook the plugin settings-save handler so that the moment a user enters an AI provider API key and clicks Apply, the credential is exfiltrated to an attacker-controlled server; stolen keys are then resold as discounted "paid-tier" access while the legitimate owner pays the bill (Infosecurity Magazine, 2026-06-17). The two largest plugins (CodeGPT AI Assistant, DeepSeek AI Assist) account for most of the ~70,000 installs. Maps to T1195.001 and T1552.001 (credentials in IDE storage). Defenders should not assume the plugins have been removed from the Marketplace — inventory JetBrains plugin installs across developer fleets, rotate any AI provider keys entered into an AI-assistant plugin since October 2025, and move to IDE plugin allowlisting where possible.

Crypto clipboard-hijacker campaign weaponises VirusTotal community reputation to suppress detection

Check Point Research detailed a Rust-based clipboard-hijacker campaign against cryptocurrency users whose distinguishing feature is the systematic manipulation of security-tool reputation signals (Check Point Research, 2026-06-17). The operator runs a network of GitHub ghost accounts, SourceForge pages with inflated download counts, AI-narrated YouTube channels and Telegram channels advertising fake crypto "edge" tools (Solana/Pump.fun sniper bots, Aviator predictors), funnelling victims through a WordPress phishing site to download the Rust payloads for Windows and macOS. Critically, the actor submits fake benign community votes and comments on VirusTotal to lower the apparent threat score, so triage analysts relying on community reputation see the sample as pre-vetted. The payload watches the clipboard for wallet-address patterns and silently substitutes attacker addresses. The operational takeaway for SOC triage: VirusTotal community votes/comments are not a trust signal for this malware class — weight first-party engine verdicts and behaviour, and add clipboard-modification (T1115) hooks plus Rust binaries executing from user Downloads/Temp without code-signing to hunt hypotheses.

4. Updates to Prior Coverage

No updates this run — no in-window material delta on previously-covered stories. Section intentionally empty.

5. Deep Dive — Mastra npm supply-chain compromise (easy-day-js)

On 2026-06-17 the entire npm namespace of Mastra — an open-source JavaScript/TypeScript framework for building AI applications, with roughly 1.1 million combined weekly downloads — was backdoored through a single poisoned transitive dependency (JFrog, 2026-06-17 · Socket, 2026-06-17). This is a clean worked example of the failure mode that matters most for any organisation consuming open-source AI tooling: trust in a transitive dependency turns one compromised publishing path into ecosystem-wide code execution on developer and CI machines.

Access vector. The malicious easy-day-js and the wave of @mastra/* republishes were pushed through the project's npm publishing chain; the cited primaries (JFrog, Socket) document the result but do not disclose how the publishing account was obtained, so the brief makes no claim about the initial-access vector (JFrog, 2026-06-17). What matters operationally is downstream regardless of vector: a trusted scope published code that executed on every consumer at install time.

The dependency-substitution chain. Rather than poisoning a Mastra package directly, the attacker moved the malicious behaviour one level down into a new dependency named easy-day-js — a trojanised look-alike of the popular dayjs date library. A clean version was published first so the semver caret range looked benign, then the malicious easy-day-js@1.11.22 was published; an automated wave added it as a production dependency across 140+ @mastra/* packages, with the malicious versions published between roughly 01:15 and 02:36 UTC — under 90 minutes (Socket, 2026-06-17). The two-stage timing is a deliberate attempt to defeat naive dependency-pinning checks. Maps to T1195.002 (Compromise Software Supply Chain) layered on T1195.001 (Compromise Software Dependencies and Development Tools).

Execution and second stage. The malicious package carries a postinstall lifecycle hook (node setup.cjs) that runs automatically during npm install / npm ci (T1059.007 — JavaScript). The stage-1 loader disables TLS certificate validation (NODE_TLS_REJECT_UNAUTHORIZED=0), writes marker files to the OS temp directory, downloads a stage-2 Node.js payload, spawns it as a detached hidden process, and deletes setup.cjs to frustrate static analysis (JFrog, 2026-06-17). The stage-2 is a cross-platform (Windows / macOS / Linux) backdoor that beacons host identity and enumerates installed crypto-wallet browser extensions and saved-credential stores, then polls a C2 for follow-on shell/Node commands (T1071.001 — Application Layer Protocol: Web).

Persistence — platform-specific, NVM/Node-masquerading. Stage-2 installs persistence tailored to the OS: a per-user LaunchAgent on macOS (T1543.001 — Launch Agent), a systemd user service on Linux (T1543.002 — Systemd Service), and an HKCU\…\CurrentVersion\Run key on Windows (T1547.001 — Registry Run Keys). The labels masquerade as Node Version Manager / Node tooling — a useful hunt concept rather than a hardcoded indicator: persistence entries that look like NVM/Node housekeeping but point at scripts under a user profile or ProgramData path are the tell.

Detection concepts (no IOCs). Hunt for node processes spawned from the OS temp directory (Sysmon EID 1 with parent node/npm/npx and an image path under %TEMP% or /tmp); for new per-user persistence (LaunchAgent / systemd user unit / HKCU Run key) created by a node parent immediately after a package install; and for npm/node processes making outbound TLS where certificate validation has been disabled. Reputable package-security tooling flagged easy-day-js within minutes of publication, so dependency-scanning telemetry is a high-signal early-warning surface.

Hardening. Run npm ls easy-day-js across all workspaces and CI runners and remove the dependency; treat any host that installed an affected @mastra/* version in the exposure window as compromised and rotate all secrets, tokens and wallet material present on it. Structurally: enforce --ignore-scripts (or vetted allowlists) for install-time lifecycle hooks in CI, require lockfile hash/integrity verification and npm provenance attestation, and as general supply-chain hygiene audit npm org membership so publish/maintainer rights stay scoped to active maintainers.

6. Action Items

Treat every internet-exposed FortiGate's admin/VPN credentials as exposed and rotate now (§ 0, § 1 FortiBleed). Force admin and VPN password resets, enforce MFA on all administrative/VPN logins, take the management interface off the WAN, and review FortiGate admin-login events plus domain-controller authentication (Windows EID 4624/4768) for logins from unexpected source addresses. Patching does not rotate a leaked credential.
Patch the Oracle June 2026 CSPU, internet-facing tiers first (§ 2). Prioritise the unauthenticated Solaris RAD flaw (CVE-2026-46978, CVSS 10.0) and PeopleSoft Performance Monitor (CVE-2026-35278, CVSS 9.8); interim-scope the Solaris RAD daemon to localhost where remote admin is not needed.
Upgrade Rockwell FLEX I/O adapters to firmware 2.013 and segment OT (§ 2). For CVE-2026-0647 and the Logix CIP DoS CVEs, restrict CIP and HTTP/HTTPS to engineering workstations until firmware is applied.
Upgrade Zammad to 7.1 and hunt for admin-role escalation (§ 2). Review Zammad audit logs for unexpected role changes and admin-API calls from unprivileged sessions; gate internet-exposed instances behind VPN/mTLS.
Run npm ls easy-day-js across all workspaces and CI runners; treat affected hosts as compromised (§ 5). Remove the dependency, rotate secrets/tokens/wallet material on any host that installed an affected @mastra/* version, enforce --ignore-scripts + lockfile integrity in CI, and automate publish-access revocation on contributor offboarding.
Inventory JetBrains plugins and rotate AI provider API keys entered into any AI-assistant plugin since October 2025 (§ 3); move toward IDE plugin allowlisting.
Stop treating VirusTotal community votes/comments as a trust signal in SOC triage for fake-tool malware (§ 3); weight first-party engine verdicts and behaviour.

7. Verification Notes

Items dropped:
- A claimed Microsoft Defender Antivirus elevation-of-privilege zero-day ("RoguePlanet", with an alleged CVE id, public PoC and no patch) — surfaced by S1, but none of its cited URLs (BleepingComputer, MSRC, SecurityWeek) appear in this run's URL-liveness ledger, and a Phase 2 spot-check of the cited BleepingComputer article returned HTTP 404. Unable to confirm any source was actually fetched; treated as unverified / likely fabricated and dropped per the zero-LLM-knowledge rule. The CVE id is deliberately omitted here pending an independently verifiable advisory. If a genuine Defender EoP zero-day with public PoC is confirmed, it returns next run.
- DragonForce "Backdoor.Turn" (Microsoft Teams TURN-relay C2) — surfaced by S4 but already the 2026-06-17 deep dive; no in-window material delta beyond that coverage. Dropped (BYOVD/Teams-relay hardening retained as an action item in the prior brief).
- Sophos CTU "AI in the underground" — single-source trend/awareness item with no specific technique, CVE or detection hook; dropped under less-is-more.
Correction applied during verification (FortiBleed, § 1): S1's research draft over-stated the framing — describing FortiBleed as "73,932 FortiGate admin credential sets" leaked via an old FortiOS authentication-bypass vulnerability chain, and citing a fabricated Fortinet PSIRT URL (FG-IR-26-FortiBleed). Corrected against the primaries: it is a credential exposure of 73,932 device URLs (~75,000 devices, 194 countries) assembled from brute-force and reshared prior-incident data — not a new vulnerability (Fortinet's own statement). The fabricated PSIRT URL was removed and the item re-anchored to the two ledger-verified sources. Sourcing precision: the Russian-speaking-actor / Active-Directory-lateral-movement detail is supported by BleepingComputer; Arctic Wolf supports the 194-country campaign reach (Arctic Wolf separately describes a SHA-256→PBKDF2 password-hash-storage weakness and an associated FortiOS CVE, which this brief does not rely on).
Zammad (§ 2): individual CVE identifiers for the 13 June 2026 GitHub Security Advisories are not yet enumerated in public NVD/CSAF; the item is sourced to the BSI advisory and the Zammad release and carries no CVE pill by design.
Reduced confidence: China — Silver Fox arrests (§ 1) is MEDIUM confidence — the primary (Risky Biz News) summarises Chinese-language law-enforcement reporting, corroborated by the CNCERT/CC advisory; EU nexus is indirect (diaspora-targeting lures).
Single-source items: none beyond the national-CERT / primary-research carve-out.
Deliberate non-inclusion (Oracle / ShinyHunters): verification noted that SecurityWeek's June 2026 CSPU coverage also references the separately-tracked ShinyHunters exploitation of Oracle PeopleSoft/E-Business Suite (CVE-2026-35273) against many organisations. That campaign is an already-covered ongoing story (multiple prior briefs and the 2026-W24 weekly); no verified fresh in-window delta surfaced this run, so it is not re-reported here. The § 2 Oracle item intentionally covers the new June CSPU criticals (CVE-2026-46978, CVE-2026-35278), which are not yet exploited.
Contradictions: none material this run.
Source list: added aikido-security as a candidate (software supply-chain / IDE-security research; primary for the JetBrains plugin disclosure, § 3). One-candidate cap respected.
Sub-agents: all four (S1–S4) returned within budget; all reported Claude Sonnet 4.6.
Coverage gaps: inside-it-ch (Cloudflare challenge; no usable Wayback snapshot — Swiss regional IT news missed); enisa-news-rss (HTTP 404; ENISA EUVD bridge used, no in-window criticals); cert-fr-actu (feed stale since Nov 2025); databreaches-net (HTTP 403, no Wayback snapshot — covered via alternates); sophos-xops (fetched OK, one item used); oracle-cpu (HTTP 403 — covered via SecurityWeek/Oracle CSPU/NCSC-NL); projectzero, greynoise, elastic-seclabs, dfirreport, msft-secblog, compass-security, sec-disclosures-edgar, edpb, ico-uk — no in-window qualifying items.