IT News Roundup: FortiBleed, Microsoft Patch Tuesday, NGINX RCE - June 21, 2026

This week in IT news brings a mix of urgent security alerts and significant technology developments. CISA issued an emergency warning over the FortiBleed credential leak compromising nearly 74,000 Fortinet devices worldwide. Microsoft delivered its largest-ever Patch Tuesday update addressing 206 vulnerabilities including multiple zero-days. F5 released out-of-band patches for critical remote code execution flaws in NGINX Open Source. Meanwhile, device code attacks have surged 37x this year, and the open-source AI landscape continues to evolve with DeepSeek-V4 and Google Cloud Next announcements.

CISA Warns of FortiBleed: 74,000 Fortinet Credentials Exposed

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency alert on June 18 urging all Fortinet customers to immediately secure their devices after nearly 74,000 firewall and VPN credentials were exposed in a data leak dubbed FortiBleed.

The breach was discovered by security researcher Volodymyr "Bob" Diachenko on an exposed server containing usernames, email addresses, and plaintext passwords for 73,932 firewall URLs. According to SOCRadar data, generic admin accounts (35%) and built-in Fortinet system accounts (28.3%) make up the majority of compromised credentials.

CISA confirmed that threat actors are actively exploiting these leaked credentials against internet-facing FortiGate firewalls and SSL VPN gateways across both government and private sector organizations worldwide. The agency recommends immediate credential rotation, enforcement of multi-factor authentication, restriction of administrative access to internal networks only, and deployment of intrusion detection rules for unauthorized login attempts.

Source: CISA Alert, BleepingComputer

Microsoft Patch Tuesday June 2026: Record 206 Vulnerabilities Patched

On June 9, Microsoft released its largest-ever Patch Tuesday update, addressing 206 vulnerabilities across Windows, Office, Azure, and other products. Of these, 39 were rated Critical and 167 Important — the highest volume in a single monthly release.

The update notably includes fixes for three publicly disclosed zero-day vulnerabilities: CVE-2026-49160 (a denial-of-service flaw in web servers), CVE-2026-45586 (an elevation of privilege issue in the Windows Collaborative Translation framework), and CVE-2026-50507. Additionally, three critical remote code execution vulnerabilities with CVSS scores of 9.8 were patched — requiring no authentication for exploitation.

The broad scope of this update also covers fixes across HTTP.sys, Exchange Server, Azure infrastructure components, and the Windows kernel. Microsoft is urging administrators to prioritize deployment immediately given the severity and active exploitation status of several vulnerabilities in this release.

Source: CrowdStrike, CyberSecurityNews

F5 Patches Critical NGINX RCE Vulnerabilities (CVE-2026-42530)

F5 released out-of-band security patches on June 17 addressing two critical vulnerabilities in NGINX Open Source that could allow unauthenticated remote attackers to execute arbitrary code or cause denial of service. NGINX powers approximately 33% of all websites worldwide, making these flaws particularly impactful.

The primary vulnerability, CVE-2026-42530 (CVSS v4 score: 9.2), is a use-after-free flaw in the ngx_http_v3_module — NGINX HTTP/3 module. This data-plane-only vulnerability can be exploited purely through network traffic without requiring authentication or credentials, making it especially dangerous for internet-facing deployments.

A second critical flaw, CVE-2026-42055, affects the proxy and gRPC modules. F5 also addressed two high-severity vulnerabilities in NGINX Gateway Fabric alongside these patches. Organizations running affected versions of NGINX Open Source or NGINX Plus are advised to apply the out-of-band updates immediately.

Source: The Hacker News, CyberSecurityNews

Device Code Attacks Surge 37x Year-over-Year

Researchers have documented a dramatic surge in device code attacks targeting OAuth authorization flows, with incidents up 37 times compared to the same period last year. More than 18 distinct attack kits are now known to be circulating in the wild.

Device code attacks exploit the OAuth device authorization flow — commonly used for logging into services on devices without full browser capabilities, such as smart TVs and command-line tools. Attackers trick users into entering legitimate-looking codes on phishing pages that capture credentials instead of completing the intended authentication.

The surge is largely attributed to AI-powered automation tools that enable threat actors to generate convincing phishing pages at scale and harvest credentials more efficiently than traditional methods. Security teams are advised to implement enhanced monitoring for suspicious device code registrations, educate users about recognizing phishing attempts during authorization flows, and restrict which applications can request device codes within their organizations.

Source: The Hacker News

DeepSeek-V4 Released: Open-Source 1.6T MoE Model with 1M Context Window

DeepSeek officially released V4, its newest flagship open-source language model family, featuring two Mixture-of-Experts variants under the MIT license. The V4-Pro variant contains 1.6 trillion total parameters with 49 billion active per token, while V4-Flash offers a more efficient configuration at 284 billion total parameters with 13 billion active.

Both models support a 1-million-token context window with up to 384K tokens of output — among the largest publicly available context windows. The model weights are hosted on Hugging Face, and DeepSeek offers API access at competitive pricing (0.87 USD per million output tokens for V4-Flash). The models employ a novel architecture combining CSA+HCA attention mechanisms with Muon optimizer.

The release positions DeepSeek-V4 as one of the most capable open-weight models available, offering performance that competes with leading closed-source alternatives at significantly lower cost. This continues the trend of open-source AI narrowing the gap with proprietary systems in both capability and accessibility.

Source: OFOX, NYU RITS

Google Cloud Next 2026: Gemini Enterprise Agent Platform and TPU v8

At Google Cloud Next '26, Google unveiled its vision for the "Agentic Enterprise", centered around the new Gemini Enterprise Agent Platform — a unified AI stack that consolidates Vertex AI and Google Agentspace into a single product called Gemini Enterprise.

The platform is designed to help organizations build, deploy, and govern autonomous AI agents at scale. Key capabilities include multi-agent orchestration, enterprise knowledge grounding with built-in data governance controls, and integration with existing cloud infrastructure through the Cross-Cloud Lakehouse offering.

On the hardware front, Google announced its eighth-generation Tensor Processing Units (TPU v8), specifically optimized for large-scale AI agent workloads. Sundar Pichai noted that over half of Google's overall ML compute investment in 2026 will go toward cloud services to support this growing demand from enterprise customers.

Source: Google Cloud Blog, Virtualization Review