“Audit your Fortinet client base for credential compromise and reset all administrative accounts today; cross-reference with Azure AD/365 logins to catch lateral movement into cloud environments.”
CVE-2026-49975 'HTTP/2 Bomb': Unpatched DoS Affecting Microsoft IIS and Other Web Servers
A denial-of-service vulnerability dubbed 'HTTP/2 Bomb' (CVE-2026-49975) became public a week ago and allows a single attacker — without large bandwidth — to exhaust memory on default HTTP/2-configured web servers including Microsoft IIS. Patches are available for NGINX and Apache, but Microsoft has not yet shipped an IIS fix as of the June Patch Tuesday release. Disabling HTTP/2 on IIS is a valid mitigation until a patch arrives.
Read more →BitLocker Bypass Trio Patched: 'YellowKey', 'Bitskrieg' & CVE-2026-45658 — Physical Access Risk
Microsoft patched three BitLocker security feature bypass vulnerabilities (CVE-2026-45585 'YellowKey', CVE-2026-50507 'Bitskrieg', CVE-2026-45658) in the June 2026 update, all publicly disclosed before patches were available and rated 'Exploitation More Likely.' An attacker with physical access to a device can bypass BitLocker Device Encryption to access encrypted data — a meaningful risk for lost or stolen laptops. Apply June 2026 cumulative updates promptly; ensure firmware/UEFI patches are also applied.
Read more →'FortiBleed' Campaign: 86,000+ Fortinet Credentials Being Sold on Dark Web — No New Zero-Day
A large-scale Fortinet credential-harvesting campaign dubbed 'FortiBleed' has amassed over 86,644 confirmed working login credentials for corporate FortiGate firewalls and SSL-VPN endpoints, with a subset of 35,000 already advertised on a darknet market as of 24 June 2026. Attackers exploited previously patched CVEs (five months old or more) combined with legacy SHA-256 password hashes not rotated after firmware updates — patching alone is insufficient if admins haven't forced re-authentication post-update. Immediate actions: force password resets for all FortiGate admin accounts, verify PBKDF2 hashing is active by confirming admins have logged in post-2025 firmware update, and audit for signs of lateral movement.
Read more →AI Agent Platforms Splitting MSP Automation Market in 2026: Neo Agent and SuperOps Lead Agentic Tier
The MSP automation tooling market in 2026 has split into three distinct tiers: rule-based RPA platforms (Rewst, Power Automate), bundled RMM/PSA AI (Atera, NinjaOne, HaloPSA, ConnectWise, Syncro), and a new agentic AI tier (Neo Agent, SuperOps) capable of handling judgment-based L1 resolution, M365 compliance audits, and SLA risk reviews autonomously. Neo Agent operates in reactive mode — picking up tickets in seconds — and scheduled mode for proactive tasks, configured in plain English without workflow mapping. MSPs evaluating AI investment should assess whether their primary bottleneck is rule-based automation or judgment-based ticket resolution before selecting a tier.
Read more →Coastal Cyber Launches in Australia to Help MSPs Build Essential Eight-Aligned GRC Frameworks
Coastal Cyber, a new Australian cybersecurity advisory practice founded by 30-year industry veteran Daniel Johns (ex-MyCISO, CyberCX, ASI Solutions), has launched to help MSPs and resellers build repeatable, priced GRC and security service offerings aligned to the ACSC Essential Eight. The practice targets mid-market clients in financial services, healthcare, and technology across Australia, addressing a gap where MSPs struggle to articulate, scope, and price governance services. Australian MSPs looking to add a security advisory or Essential Eight assessment line to their service catalogue should review Coastal Cyber's channel-partner model.
Read more →This is what you get — every weekday, free.
Subscribers get the full “From the Floor” take with every issue — not just the news summary you just read.
Written from 12 years on the helpdesk floor. Always free.