Daily Security Briefing #287

June 16, 2026 | Read Online

Fortinet FortiSandbox vulnerabilities exploited, Google Vertex AI SDK flaw exposed, and Microsoft Teams relay abused…

Executive Summary

Cybersecurity threats continue to escalate with multiple high-profile incidents reported in the last day. Critical vulnerabilities in Fortinet’s FortiSandbox appliances have been actively exploited by attackers, while a flaw in the Google Cloud Vertex AI SDK has been disclosed. Additionally, a sophisticated ransomware campaign has leveraged Microsoft Teams relay servers for stealthy malware communication.

Top Articles

Critical Fortinet FortiSandbox Flaws Exploited in the Wild Threat actors have begun actively exploiting multiple critical Fortinet FortiSandbox vulnerabilities within the past 24 hours. Security researchers observing honeypot activity have detected exploitation attempts originating from IP address 141.11.43.175, attributed to ASN AS136510. GBHackers | CyberPress

Google Vertex AI SDK Flaw Let Attackers Hijack Model Uploads via Bucket Squatting A flaw in the Google Cloud Vertex AI SDK for Python let an attacker with no access to a victim’s project hijack the victim’s machine learning model upload and run code inside Google’s serving infrastructure. Palo Alto Networks Unit 42 discovered the bug through Google’s bug bounty program. The Hacker News

Microsoft Teams Relay Abused to Stealthily Route Malware Communications A sophisticated ransomware campaign has turned Microsoft’s own collaboration infrastructure against defenders, with attackers concealing command-and-control traffic inside Microsoft Teams’ relay servers. Initial access was likely gained through a vulnerability in the victim’s system. CyberPress

Check Point and Illumio Expand Partnership to Secure Hybrid Environments Building on their previous Illumio Insights integration, Check Point and Illumio are expanding their partnership with an integration to Illumio Segmentation. This will help organizations prevent threats, expose risky paths, contain lateral movement across hybrid and multi-cloud environments. Checkpoint Blog

Developer Laptops are the Credential Store Attackers are Picking Through in 2026 GitGuardian is introducing Developer Endpoint Protection, extending its secrets and non-human identity (NHI) security platform coverage to developer workstations. After 12 months of supply-chain campaigns harvesting credentials from developer machines, CISOs and IT leaders are reopening a question many considered settled. GBHackers

UK to Require ID or Face Scan Before You Can Make Social Media Accounts Opening a new social media account in the UK will soon mean proving you’re over 16 with an ID upload or a facial age scan, under a government ban on under-16s taking effect in spring 2027. Security experts warn the age checks are easy to circumvent and create new data-breach risks. Bleeping Computer

AI Transparency: This newsletter uses AI to curate, rank, and summarize cybersecurity content from leading industry blogs. All articles link directly to original authors. Executive summaries are AI-generated based on article content. I curate the sources and deliver the digest—the original authors deserve the credit for their excellent work.