FortiBleed campaign compromises 30k-75k Fortinet firewalls; other vulns highlighted

SOCRadar and Hudson Rock researchers reported a credential-harvesting campaign called FortiBleed that compromised between 30,000 and 75,000 Fortinet firewalls in 194 countries. Attackers locate exposed devices, use leaked passwords to gain access and repurpose each one to harvest further credentials from other targets. The campaign has impacted organizations including Accenture, Oracle, Samsung, Siemens and PwC, with Mexico ranking among the most affected countries. Microsoft Defender contains an unpatched zero-day vulnerability tracked as CVE-2026-50656 and called RoguePlanet. The issue grants SYSTEM-level control on fully updated Windows 10 and 11 systems, and a public proof-of-concept exploit exists. The flaw is the fourth consecutive Defender zero-day from the same researcher in a single year. CISA added Joomla vulnerability CVE-2026-48907, which carries a CVSS score of 10.0, to its Known Exploited Vulnerabilities catalog. The flaw allows unauthenticated attackers to upload and run arbitrary PHP code on affected sites. Group-IB identified GitBait, a phishing operation that targeted 24 Mexican banks for three years. The scheme hosts fake banking portals on GitHub Pages to steal credentials and card numbers, avoiding detection