🔴 Breaking
Squidbleed CVE-2026-47729 — Claude Mythos finds 29-year-old Heartbleed-style memory leak in every Squid Proxy version, patch NOT in 7.6, disable FTP now  •  FortiBleed CISA advisory — 86,644 devices, free Hudson Rock lookup tool  •  UNC6508 — Chinese state-sponsored, 26 months in US/Canadian research labs  •  CVE-2026-20253 Splunk CVSS 9.8 — CISA 3-day federal deadline  •  FortiBleed original — 30,791 credentials, 194 countries    Squidbleed CVE-2026-47729 — Claude Mythos finds 29-year-old Heartbleed-style memory leak in every Squid Proxy version, patch NOT in 7.6, disable FTP now  •  FortiBleed CISA advisory — 86,644 devices, free Hudson Rock lookup tool  •  UNC6508 — Chinese state-sponsored, 26 months in US/Canadian research labs  •  CVE-2026-20253 Splunk CVSS 9.8 — CISA 3-day federal deadline  •  FortiBleed original — 30,791 credentials, 194 countries   
Threat Briefs
32
Active Threats
13
CISA KEV Listed
10
No Patch Yet
4
Latest

Threats & Attacks

Proxy Security · AI Discovery · 29-Year Bug
Squidbleed (CVE-2026-47729): Claude Mythos Found a 29-Year-Old Heartbleed-Style Leak in Every Squid Proxy Version — Patch NOT in 7.6

A quirk of C’s strchr, a 1997 FTP parser, and a heap overread that leaks other users’ passwords. Found by Calif.io using Claude Mythos in under an hour. The patch is coming in 7.7. Disable FTP in Squid now.

June 23, 2026
 🚨 CISA Advisory · 86,644 Devices
FortiBleed Update: CISA Issues Formal Advisory — Scope Jumps to 86,644 Devices in 48 Hours, Free Lookup Tool Now Available

+181% in 48 hours. Five CISA-mandated actions. 35% generic admin, 28.3% built-in Fortinet accounts compromised. Hudson Rock free lookup tool live. FortiSandbox also exploited.

June 20, 2026
 Network Security · Critical · 194 Countries
FortiBleed: 30,791 Verified Fortinet Credentials Compromised Across 194 Countries — The Self-Feeding Attack Nobody Can Find the Source Of

Scan, stuff, sniff, feed. A Turkish NATO defense contractor confirmed fully compromised. Initial access vector still unconfirmed.

June 18, 2026
 Nation-State Espionage · China-Nexus
UNC6508: 26 Months Inside US and Canadian Research Labs — Hidden in a Misspelled Gmail Rule

REDCap legacy exploitation, INFINITERED malware, domain admin escalation, weaponized Google Workspace compliance rule. Defense, AI, and medical research data.

June 16, 2026
 SIEM Security · CVSS 9.8 · CISA Deadline
CVE-2026-20253: Splunk Enterprise CVSS 9.8 — Unauthenticated RCE, CISA 3-Day Federal Deadline Issued

No credentials. No interaction. PostgreSQL Sidecar reachable through port 8000 proxy. AWS out of the box. watchTowr exploit chain published.

June 14, 2026
 ERP Security · CVSS 9.8 · Zero-Day
CVE-2026-35273: Oracle PeopleSoft Zero-Day — ShinyHunters, 14 Days, 300 Installations

No credentials. No interaction. 14 days before Oracle said a word. 68% universities. 500,000 student records from University of Nottingham.

June 12, 2026
Analysis

Intelligence & Deep Dive

01
AI Discovery
$1,000 AI Agent Finds 21 Zero-Days in FFmpeg — Some Undetected for 23 Years, One RCE Primitive
June 10, 2026  ·  Analysis
02
AI Policy
White House AI EO: Classified Benchmark, 30-Day Pre-Release Window — AI Is Now a Formal Cyber Weapon
June 4, 2026  ·  Policy
03
APT Strategy
From Perimeter Defense to Continuous Trust: Enterprise Strategies for Managing APT Risk
Feb 25, 2026  ·  Deep Dive
04
AI Risk
AI-Powered Cyberattacks: How Generative AI & Autonomous Threats Are Reshaping Enterprise Security
Feb 18, 2026  ·  Investigation
More

Further Coverage

Patch Tuesday · Record 200 CVEs
Microsoft June 2026 Patch Tuesday: Record 200 CVEs, Wormable CVSS 9.8 — RoguePlanet Drops Unpatched Hours Later

Largest Patch Tuesday ever. Wormable HTTP.sys. MiniPlasma patched. RoguePlanet now CVE-2026-50656 — Microsoft confirms patch in development.

June 10, 2026
 Network Security · CISA KEV
CVE-2026-0257: Palo Alto PAN-OS Auth Bypass — Active Exploitation Confirmed

Unauthenticated attackers forge GlobalProtect cookies, bypass MFA. CVSS 9.1. Active exploitation confirmed. June 19 CISA deadline passed.

June 2, 2026
 Intelligence Report
Verizon DBIR 2026: Exploitation Is the #1 Breach Vector

22,052 incidents. Ransomware in 44%. Supply chain attacks doubled. Median exploit timeline 5 days vs 43-day patch time.

May 26, 2026
 Network Infrastructure · No Patch
CVE-2026-20245: Cisco’s 7th SD-WAN Zero-Day — Unpatched Root Escalation

Command injection in SD-WAN Manager CLI. Root via crafted file upload. No patch. Chains after CVSS 10.0 auth bypass.

June 5, 2026
 AI Security · CI/CD
Claude Code Prompt Injection — Hidden HTML Comment Stole CI/CD Secrets

Microsoft documented how a hidden GitHub issue comment tricked Claude into reading /proc/self/environ. Patched in v2.1.128. “Comment and Control” class affects all major AI agents.

June 8, 2026
 Fraud & Social Engineering · FBI Warning
FIFA World Cup 2026: 19,000 Fake Domains, Banking Malware, $474M Fraud

GHOST STADIUM phishing. Banking trojans in fake streaming apps. FBI, Group-IB, Kaspersky all warning.

June 8, 2026

The DataWater Intelligence Brief

Weekly CISO-level threat analysis — breaking vulnerabilities, technical depth, zero noise. Trusted by enterprise and government security leaders.