“Immediately inventory all Fortinet FortiGate and Palo Alto PAN-OS devices across your entire client base and flag them for emergency patching/credential rotation before end of business today.”
Microsoft Outlook Outage Reported by Users — 16 June 2026
Outlook was reported down for a subset of users on 16 June 2026, with a spike in Downdetector reports around 9:29 AM Eastern. The issue appeared to affect Outlook Web Access login for some accounts. MSPs should confirm client access is restored and check the M365 Service Health dashboard for any residual impact.
Read more →June 2026 Patch Tuesday: Record 206 CVEs Including Actively Exploited Microsoft Defender Zero-Day (CVE-2026-41091)
Microsoft's June 9 Patch Tuesday — the largest ever — fixed 206 vulnerabilities with 39 rated Critical. CVE-2026-41091, a Defender elevation-of-privilege zero-day dubbed 'RedSun' disclosed by researcher 'Nightmare Eclipse', is confirmed as actively exploited in the wild; Defender auto-updates in most environments but isolated or manually managed deployments must update immediately. Five additional publicly disclosed zero-days were also patched, including BitLocker bypasses (CVE-2026-45585 'YellowKey', CVE-2026-50507 'Bitskrieg') rated Exploitation More Likely.
Read more →CISA Adds Cisco Catalyst SD-WAN Manager Path Traversal (CVE-2026-20262) to KEV Catalog
CISA added CVE-2026-20262 — a directory/path traversal flaw in Cisco Catalyst SD-WAN Manager — to the Known Exploited Vulnerabilities catalog on June 15, 2026, alongside a LiteSpeed cPanel symlink vulnerability (CVE-2026-54420). Federal agencies must remediate under BOD 26-04; all organisations managing Cisco SD-WAN infrastructure should apply Cisco's patch immediately per vendor instructions.
Read more →Large-Scale Fortinet FortiGate Credential Compromise: Up to 75,000 Devices Affected
In mid-June 2026, researchers identified a mass credential compromise of internet-facing Fortinet FortiGate firewalls and SSL VPN endpoints, with estimates of 30,000–75,000 unique device records now circulating on eCrime marketplaces. The attack converges unpatched CVEs (including CVE-2026-24858), legacy SHA-256 password hashing on older FortiOS builds, and infostealer datasets — patching alone is insufficient. Workaround: force all admin re-authentication post-update to trigger PBKDF2 re-hashing, rotate all VPN credentials immediately, and audit for signs of Initial Access Broker activity.
Read more →Palo Alto PAN-OS CVE-2026-0257 Actively Exploited — CISA KEV Deadline Passed June 1
Palo Alto Networks confirmed active exploitation of CVE-2026-0257, an authentication bypass in PAN-OS GlobalProtect portal and gateway components (CVSSv4 7.8). CISA added it to KEV on May 29 with a federal remediation deadline of June 1 — that deadline has now passed. Public PoC code (forge_cookie.py) is available; detection tip: look for 'Cookie' auth method in logs with suspicious hosting-provider source IPs.
Read more →This is what you get — every weekday, free.
Subscribers get the full “From the Floor” take with every issue — not just the news summary you just read.
Written from 12 years on the helpdesk floor. Always free.