IT News Roundup: FortiGate Exploits, Chrome 0-Day, AI Infrastructure Spending - June 22, 2026

The past few days have brought a dense cluster of security alerts alongside major hardware announcements. CISA issued urgent guidance for Fortinet customers, a Chrome zero-day was confirmed in the wild, ServiceNow acknowledged unauthorized access to customer instances, and device code attacks surged 37x year-over-year. On the infrastructure side, Nvidia unveiled its RTX Spark Superchip at Computex, while industry analysts project $650 billion in global AI infrastructure spending for 2026.

CISA Urges Fortinet Customers to Secure FortiGate Appliances Against Active Exploitation

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an urgent advisory on June 19, urging all Fortinet customers running FortiGate appliances to take immediate steps to defend against ongoing malicious activity targeting thousands of internet-accessible devices worldwide.

The alert highlights that threat actors are actively scanning for vulnerable FortiGate installations and exploiting known weaknesses to gain unauthorized network access. Organizations relying on FortiGate firewalls should verify their firmware versions, apply the latest security patches, and review firewall rules to restrict unnecessary external exposure.

Source: The Hacker News

Chrome Zero-Day and UniFi Network Exploits Surface in Mid-June Attack Wave

A weekly security recap from The Hacker News documented a cluster of critical vulnerabilities discovered across multiple platforms. A Chrome zero-day exploit was confirmed being actively used by threat actors, with the earliest observed exploitation dating back to May 7. The vulnerability allows attackers to execute arbitrary code through crafted web pages without user interaction.

The same period saw exploits targeting Ubiquiti's UniFi network management platform, which could allow remote attackers to compromise network infrastructure devices including access points and switches. Google has since released emergency patches for the Chrome vulnerability, and Ubiquiti issued firmware updates addressing the UniFi flaws.

Source: The Hacker News

ServiceNow Confirms Security Incident Affecting Customer Instances

ServiceNow acknowledged a security incident in early June after researchers submitted bug bounty reports detailing unauthorized access to customer instances. On June 3-4, two separate security researchers filed reports with the company's bug bounty program describing vulnerabilities that allowed unauthenticated access to certain ServiceNow environments.

The company noted these submissions were similar to ones received on April 22 and confirmed it had detected "unattributed activity" on a subset of customer instances during early June. ServiceNow stated it is conducting an investigation into the scope and impact, advising affected customers to review their instance access logs and rotate credentials as a precaution.

Source: CyberNews

Oracle WebLogic Two-Year-Old Patch Now Actively Exploited in the Wild

CISA added a vulnerability in Oracle WebLogic Server to its Known ExploVED Vulnerabilities catalog, marking it as actively exploited by threat actors. The flaw had been patched by Oracle two years prior, yet many organizations have yet to apply the fix — leaving enterprise middleware environments exposed.

The vulnerability affects widely deployed Oracle WebLogic installations and can be exploited remotely without authentication. CISA set a 90-day remediation deadline for federal systems, while strongly recommending all enterprises audit their WebLogic deployments and ensure the patch is applied immediately.

Source: DIESEC

Device Code Attacks Surge 37x Year-Over-Year With 18+ Attack Kits Circulating

Security researchers reported a dramatic 37-fold increase in device code attacks compared to the previous year, with more than 18 distinct attack kits now circulating in underground forums. Device code attacks target OAuth 2.0's device authorization flow — commonly used for signing into services on devices without full browsers, such as smart TVs and IoT gadgets.

The surge is attributed to improved automation tools that make it easier for attackers to harvest valid session tokens at scale. Organizations should enforce multi-factor authentication on all OAuth flows, monitor for anomalous device code grant patterns, and consider restricting device authorization endpoints to trusted networks where possible.

Source: The Hacker News

Nvidia Unveils RTX Spark Superchip at Computex — Full AI PC Silicon Arrives

At Computex, Nvidia introduced the RTX Spark Superchip, a new system-on-chip that combines Blackwell RTX graphics with Grace CPU technology into a single package designed specifically for AI-powered personal computers. The chip represents Nvidia's push beyond discrete GPUs into complete AI PC silicon solutions.

The RTX Spark Superchip is expected to appear in Windows laptops and mini-PCs from major OEMs later this year, bringing desktop-class AI inference capabilities to consumer devices. This move positions Nvidia to compete directly with custom AI accelerators from Apple, Qualcomm, and Intel in the growing AI PC market.

Source: Tech Startups

F5 Patches Critical NGINX Open Source Vulnerabilities Allowing Remote Code Execution

F5 released emergency security updates for NGINX Open Source addressing two critical vulnerabilities that could allow remote attackers to achieve arbitrary code execution on affected systems. The flaws, tracked as CVE-2026 entries, affect widely deployed web server and reverse proxy installations.

System administrators running NGINX should update immediately to the latest patched version. The vulnerabilities are particularly concerning for internet-facing deployments where untrusted input reaches the server without sufficient filtering. F5 recommended enabling additional request validation layers as a defense-in-depth measure alongside patching.

Source: The Hacker News