Three stories on the table this week. A Cisco flaw went from disclosure to full root-level exploitation in under twenty-four hours. An initial access broker turned a diagnostic command built into more than 430,000 FortiGate firewalls into a 110-million-credential harvesting operation. And Fable came back online on a shorter leash just as an open-weight Chinese model matched its offensive edge. We also sit down with Bishop Fox's Shad Malloy ahead of his Summercon session to talk about building the first open-source Sparkplug B fuzzer for ICS environments and where AI actually helped. Here's what stood out from the operator chair.
A pre-disclosure heads-up didn't buy defenders time. It bought attackers a scanning window. Cisco flagged a coming patch for Unified Communications Manager days before SSD Secure Disclosure published the technical write-up, but once that proof of concept landed for CVE-2026-20230 (an unauthenticated SSRF in the WebDialer service that chains to root), Defused watched live exploitation begin within 24 hours. The advance warning was a good instinct, but it mostly just told attackers where to start fingerprinting. Defenders were left to guess whether they were even exposed, since WebDialer ships on by default for click-to-call and off everywhere else.
If your org runs Unified CM with WebDialer enabled, treat "we got advance notice" and "we've already been scanned" as the same sentence.
Stale credentials are the vulnerability now, not the CVE. SC Media reported that an initial access broker has harvested more than 110 million credentials from upwards of 430,000 internet-facing FortiGate firewalls since February, using nothing but exposed management interfaces, brute force, and FortiOS's own diagnostic sniffer command. There's no CVE here and no zero-day, just tools operating exactly as documented against devices nobody rotated credentials on in months. The advice (rotate credentials, enforce MFA, pull management planes internal) isn't new. What's new is that parts of the workflow were reportedly built with an open-source, autonomous pen testing agent, which means the distance between "run the tool the vendor documented" and "operate this against half a million devices" just got a lot shorter.
What happens when you hand an AI your fuzzer code, and it tells you to start over? Ahead of his Summercon talk, we caught up with Bishop Fox's Shad Malloy about building the first open-source fuzzer for Sparkplug B, the MQTT-based protocol running smart factories and cold-chain systems. Shad and a colleague put a rough version together in a week, then handed it to Claude Code, which flagged that the original only covered a quarter of the spec and needed rebuilding. The tool that came out of it covers all nine Sparkplug message types, and AI-generated diagrams of the protocol's birth-and-death-certificate handshake made the device-discovery logic legible in a way code review alone hadn't. Shad's bringing the physical hardware lab to Summercon on July 10–11 if you want to put it through its paces yourself.
Pulling one model offline didn't slow the offense-AI arms race. It just handed the pace to someone with no export controls. Forbes reported that within weeks of the U.S. government forcing Fable and Mythos offline over jailbreak concerns, China's Zhipu released GLM-5.2, an open-weight model that reportedly rivals top U.S. frontier models on vulnerability discovery, while Fable's return came with usage caps and a shortened runway that left subscribers furious. The lesson isn't about any one vendor's guardrails. Offensive-AI capability is diffusing whether or not the country that built it agrees to sell it, and an open-weight model with no vetting layer doesn't respect an export control. Defenders now have to assume the attacker's tooling is roughly as capable as the best defensive AI they can license, not months behind it.
Security Headlines:
Subscribe to our PODCAST
Real talk on the threats, trends, and tactics shaping security today
Recommened Resources