IT News Roundup: Splunk Vulnerability, FortiBleed Campaign, DeepSeek V4 Release - June 20, 2026

The past few days have brought urgent security alerts alongside major AI infrastructure developments. CISA has escalated response timelines for a critical Splunk Enterprise vulnerability now confirmed as actively exploited in the wild, while a massive credential harvesting campaign dubbed FortiBleed has compromised tens of thousands of Fortinet devices worldwide. On the AI front, DeepSeek released two powerful open-source MoE models under Apache 2.0, and Google unveiled its Gemini Enterprise Agent Platform at Cloud Next.

CISA Adds Splunk CVE-2026-20253 to KEV Catalog — Actively Exploited

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2026-20253, a critical missing-authentication vulnerability in Splunk Enterprise, to its Known Exploited Vulnerabilities (KEV) catalog on June 18, 2026. The flaw allows unauthenticated remote code execution, and CISA confirmed that threat actors are actively abusing it in ongoing attacks.

In response, CISA issued a Binding Operational Directive ordering all Federal Civilian Executive Branch agencies to patch their Splunk instances within three days — by Sunday, June 21. Organizations running Splunk Enterprise should immediately apply the available security update and review access logs for signs of unauthorized activity.

Source: CISA Alert, BleepingComputer

FortiBleed: 75,000 Fortinet Devices Compromised in Credential Harvesting Campaign

A major hack campaign targeting internet-accessible Fortinet firewall and VPN devices has compromised approximately 75,000 units, according to reports from June 17. The attack — dubbed "FortiBleed" by researchers — involved credential harvesting that allowed threat actors to penetrate deeper into victim networks. Prominent organizations across government and private sectors were affected.

CISA issued an alert urging all Fortinet device administrators to harden their deployments immediately. Devices running FortiOS versions older than 7.2.11, 7.4.8, or 7.6.1 are considered at risk. Recommended actions include rotating all administrative and VPN credentials, enabling multi-factor authentication, restricting management interface access to trusted internal networks, and upgrading to patched FortiOS versions.

Source: Reuters, CISA Alert

DeepSeek Releases V4-Pro and V4-Flash MoE Models Under Apache 2.0

DeepSeek has released a preview version of its V4 series, featuring two powerful Mixture-of-Experts (MoE) language models: DeepSeek-V4-Pro with 1.6 trillion parameters (49B activated per forward pass) and DeepSeek-V4-Flash with 284 billion parameters (13B activated). Both models support extended context windows of up to 1 million tokens.

The models are released under the Apache 2.0 license, continuing DeepSeek's open-source tradition. V4-Pro is designed for high-performance enterprise workloads, while V4-Flash targets efficiency-conscious deployments and can run on consumer hardware (dual RTX 4090 or single RTX 5090) when quantized. The release includes improved expert routing mechanisms that reduce redundant computation compared to the previous V3 architecture.

Source: Hugging Face, SitePoint

Google Cloud Next 2026: Gemini Enterprise Agent Platform and 8th Gen TPUs

At Google Cloud Next 2026, Google announced the Gemini Enterprise Agent Platform, a unified platform for building, scaling, governing, and optimizing AI agents at enterprise scale. The platform combines Vertex AI capabilities with new tools for orchestration, governance, observability, and agent identity management.

Key features include an Agent Designer for visual agent creation, an Inbox for managing agent activity, support for long-running agents, and a Knowledge Catalog that uses Gemini to autonomously tag and connect data across enterprise systems. Google also unveiled its 8th-generation Tensor Processing Units (TPUs), along with new storage and networking capabilities designed specifically for AI workloads.

Source: Google Cloud Blog, Cloud Next 26 Welcome

GSF Ransomware Attack Disrupts Schools Across Multiple Countries

A ransomware attack on GSF, an organization that operates schools across multiple countries, has encrypted critical systems and disrupted classes for tens of thousands of students. The June 2026 incident highlights the growing threat of cyberattacks targeting educational infrastructure.

The attack underscores a broader trend of ransomware groups increasingly targeting education sectors worldwide, where security budgets are often limited and operational continuity is essential. IT professionals managing school or university networks should review their incident response plans, ensure offline backups are current, and verify that network segmentation isolates critical systems from general-purpose endpoints.

Source: Tech Startups