29th June – Threat Intelligence Report
This weekly threat intelligence bulletin highlights multiple active exploitation campaigns targeting network infrastructure (Cisco SD-WAN, Ubiquiti UniFi OS, FortiGate firewalls) and AI platforms (Dify, Langflow), alongside supply chain attacks against Polymarket and AI agent ecosystems. Notable emerging threats include EvilTokens phishing-as-a-service abusing device-code authentication for M365 token theft, the FortiBleed campaign converting 430,000+ firewalls into credential stealers, and Turla's StockStay espionage malware targeting Ukrainian entities. Cloud extortion group FulcrumSec and the DCloud Uni-App fraud framework (236,493+ scam domains) represent additional significant threats requiring defensive attention.
Detection / Hunteropenrouter
What Happened
Multiple organizations were attacked this week through software vulnerabilities, supply chain breaches, and phishing campaigns. Telecom company KDDI may have lost up to 14.22 million user email addresses and passwords, while cryptocurrency platform Polymarket lost about $3 million after attackers injected malicious code into its website through a third-party vendor. Several serious security flaws in networking equipment from Cisco and Ubiquiti are being actively exploited by attackers, and a campaign called FortiBleed turned over 430,000 firewall devices into tools for stealing login credentials. A new phishing service called EvilTokens uses artificial intelligence to steal Microsoft 365 login tokens by tricking users into approving fake login requests. Organizations should prioritize patching the listed vulnerabilities, review their network appliance security, and educate employees about device-code phishing attacks.
Key Takeaways
- Cisco CVE-2026-20245 in Catalyst SD-WAN Manager was exploited as a zero-day for months before patching; allows root command execution via crafted file upload by administrators.
- Ubiquiti UniFi OS flaws (CVE-2026-34908/34909/34910) are actively exploited in the wild with observed Mirai botnet activity, enabling unauthorized changes, file access, and command execution on network appliances.
- EvilTokens phishing-as-a-service abuses device-code authentication to steal Microsoft 365 tokens, with a 1,380% surge in device-code phishing observed in early 2026.
- FortiBleed campaign compromised 430,000+ FortiGate firewalls converting them into passive credential stealers across 24 protocols, siphoning 110M+ credentials worldwide.
- Langflow CVE-2026-33017 and CVE-2026-55255 are under mass exploitation; attackers enumerate flow IDs to extract embedded API keys and deploy malware via remote code execution.
Affected Systems
- Cisco Catalyst SD-WAN Manager (on-premises and cloud deployments)
- Dify open-source AI platform (versions prior to 1.14.2)
- Ubiquiti UniFi OS network appliances
- Langflow open-source AI workflow tool
- Fortinet FortiGate firewalls
- Oracle PeopleSoft (NAIC environment)
- Microsoft 365 (targeted by EvilTokens phishing)
- AI agent platforms and agentic browsers (ChatGPT Atlas, Perplexity Comet, Claude in Chrome)
Vulnerabilities (CVEs)
- CVE-2026-20245 — Cisco Catalyst SD-WAN Manager command injection flaw (high severity); allows administrators to run root commands via crafted file; exploited as zero-day for months
- CVE-2026-41947 — Dify critical vulnerability allowing unauthenticated access to the open-source AI platform
- CVE-2026-41948 — Dify critical vulnerability enabling cross-tenant data exposure including chat content and uploaded files
- CVE-2026-34908 — Ubiquiti UniFi OS privilege escalation; reportedly being actively exploited
- CVE-2026-34909 — Ubiquiti UniFi OS directory traversal; reportedly being actively exploited
- CVE-2026-34910 — Ubiquiti UniFi OS command injection; reportedly being actively exploited with Mirai botnet activity
- CVE-2026-33017 — Langflow remote code execution; under mass exploitation enabling malware deployment and cloud credential theft
- CVE-2026-55255 — Langflow vulnerability being targeted alongside CVE-2026-33017; attackers enumerate flow IDs to run victim pipelines and extract embedded API keys
Attack Chain
Multiple attack chains are described across the report. For network infrastructure exploitation, attackers target unpatched Cisco SD-WAN Manager, Ubiquiti UniFi OS, and FortiGate firewalls using known CVEs to gain command execution and credential access. For AI platform attacks, adversaries exploit Langflow and Dify vulnerabilities to achieve remote code execution, enumerate flow IDs, extract embedded API keys, and deploy malware. The EvilTokens phishing-as-a-service operation uses AI-generated lures and device-code authentication abuse to steal Microsoft 365 tokens. Turla's StockStay campaign delivers espionage malware through phishing with malicious RDP configuration files, evolving from fake stock apps to PDF reader and calculator lookalikes. FulcrumSec exploits exposed credentials and misconfigured cloud storage, then uses legitimate tools for lateral movement and long-term data exfiltration.
Detection Availability
- YARA Rules: No
- Sigma Rules: No
- Snort/Suricata Rules: No
- KQL Queries: No
- Splunk SPL Queries: No
- EQL Queries: No
- Other Detection Logic: No
- Platforms: Check Point IPS
The article references Check Point IPS protections for Ubiquiti UniFi OS vulnerabilities (CVE-2026-34908/34909/34910) and Langflow RCE (CVE-2026-33017), but no rule content or queries are provided in the article itself. Full detection details are likely in the downloadable Threat Intelligence Bulletin.
Detection Engineering Assessment
EDR Visibility: Medium — EDR would likely detect post-exploitation activity such as malware deployment from Langflow exploitation and command execution on Ubiquiti devices, but may have limited visibility into network appliance exploitation and device-code phishing flows which occur through legitimate authentication channels. Network Visibility: Medium — Network monitoring could detect FortiBleed credential exfiltration across 24 protocols and Mirai botnet C2 activity, but device-code authentication flows and legitimate-tool-based lateral movement by FulcrumSec would blend with normal traffic patterns. Detection Difficulty: Hard — Many of the described attacks abuse legitimate protocols and authentication mechanisms (device-code auth, RDP configurations, legitimate cloud tools), making signature-based detection insufficient. The FortiBleed campaign operates passively across 24 protocols, and FulcrumSec uses legitimate tools for lateral movement, requiring behavioral analytics and baseline deviation detection.
Required Log Sources
- Network appliance logs (FortiGate, UniFi, Cisco SD-WAN)
- Microsoft 365 authentication logs (device-code sign-in events)
- Cloud platform audit logs (API access, storage access patterns)
- Web application firewall logs (Langflow, Dify instances)
- DNS resolution logs (for DCloud Uni-App scam domains)
- Email gateway logs (for StockStay phishing with RDP attachments)
Hunting Hypotheses
| Hypothesis | Telemetry | ATT&CK Stage | FP Risk |
|---|---|---|---|
| Consider hunting for device-code authentication flows in Microsoft 365 sign-in logs that originate from unexpected locations or user agents, as EvilTokens abuses this flow to steal access tokens. | Microsoft 365 sign-in logs, Azure AD audit logs, Conditional Access logs | Credential Access | Medium — legitimate device-code flows occur for IoT devices, CLI tools, and some legacy applications; focus on anomalous patterns rather than the flow type itself. |
| If you have FortiGate firewall telemetry, consider hunting for anomalous outbound connections across multiple protocols from firewall management interfaces, which could indicate FortiBleed credential harvesting activity. | FortiGate firewall logs, network flow data, SIEM network telemetry | Credential Access | Low — firewalls initiating outbound credential-related traffic across multiple protocols is unusual and warrants investigation. |
| Consider hunting for enumeration patterns against Langflow instances, specifically repeated requests targeting different flow IDs, which could indicate attackers attempting to extract embedded API keys. | Web application logs, reverse proxy logs, WAF logs for Langflow deployments | Discovery and Collection | Medium — legitimate development and testing activity may generate similar patterns; correlate with external source IPs and unusual access times. |
| If you monitor cloud environments, consider hunting for access patterns consistent with FulcrumSec's methodology: broad permission enumeration followed by data collection across multiple storage services over extended periods. | Cloud audit logs (AWS CloudTrail, Azure Activity Logs, GCP Audit Logs), cloud storage access logs | Collection and Exfiltration | Medium — cloud administrators and automated tools may generate broad access patterns; focus on unusual data volume and cross-service access patterns. |
| Consider hunting for RDP configuration files delivered via email or downloaded from external sources, as Turla's StockStay campaign uses malicious RDP configuration files as delivery vectors. | Email gateway logs, endpoint file download events, DNS logs | Initial Access | Low — RDP configuration files received via email are unusual in most environments and warrant investigation. |
Control Gaps
- Traditional signature-based AV would not detect device-code phishing attacks that abuse legitimate Microsoft authentication flows.
- Network IDS may not flag FortiBleed activity as it operates passively across legitimate protocols on compromised firewall devices.
- Cloud security posture management tools may not detect FulcrumSec's slow data collection over months using legitimate tools and permissions.
- WAF rules may not detect Langflow flow ID enumeration if requests appear individually legitimate.
- Supply chain attacks on AI agent marketplaces would bypass traditional software supply chain controls that focus on package integrity rather than runtime behavior.
Key Behavioral Indicators
- Device-code authentication requests originating from unusual user agents or IP ranges in Microsoft 365 environments
- FortiGate firewalls initiating unexpected outbound connections across multiple protocols
- Sequential enumeration of flow IDs against Langflow instances from external IPs
- RDP configuration files (.rdp) received as email attachments or downloaded from external sources
- Cloud service accounts exhibiting broad cross-service data access patterns over extended timeframes
- Mirai botnet C2 communication patterns following Ubiquiti UniFi OS exploitation
False Positive Assessment
- Medium — Several described attack techniques abuse legitimate protocols and authentication mechanisms (device-code auth, RDP configuration files, legitimate cloud tools), which can generate false positives when hunting. Behavioral baselines and contextual correlation are needed to distinguish malicious activity from legitimate administrative and development workflows.
Recommendations
Immediate Mitigation
- Verify against your organization's incident response runbook and team escalation paths before acting. Prioritize patching Cisco Catalyst SD-WAN Manager (CVE-2026-20245), Ubiquiti UniFi OS (CVE-2026-34908/34909/34910), Dify (upgrade to v1.14.2), and Langflow (CVE-2026-33017/55255) if these products exist in your environment.
- If your organization uses FortiGate firewalls, consider reviewing firewall management interface access logs for signs of compromise and verify firmware is current with Fortinet security advisories.
- If applicable, consider reviewing Microsoft 365 sign-in logs for device-code authentication flows, particularly those originating from unexpected locations or user agents.
- Consider blocking or restricting access to Langflow and Dify instances from external networks until patches are verified as applied.
Infrastructure Hardening
- Evaluate whether network appliances (Cisco SD-WAN, Ubiquiti UniFi, FortiGate) are exposed to the internet and consider moving management interfaces behind VPN or bastion hosts where feasible.
- Consider implementing conditional access policies for Microsoft 365 that restrict device-code authentication flows to trusted locations or compliant devices only.
- If running cloud-native workloads, consider reviewing IAM permissions for over-privileged accounts and implementing least-privilege access controls to limit blast radius of credential compromise.
- Evaluate whether AI platform deployments (Langflow, Dify) are properly segmented from production networks and whether embedded API keys in workflows are rotated regularly.
User Protection
- Consider rolling out security awareness training focused on device-code phishing attacks, emphasizing that legitimate services will never ask users to approve a sign-in prompt they did not initiate.
- If your organization uses AI agents or agentic browsers, consider evaluating the trust model for third-party skills and plugins, and whether runtime monitoring can detect data exfiltration behavior.
- Consider implementing email filtering rules for RDP configuration file attachments, flagging them for additional scrutiny given Turla's use of this delivery vector.
Security Awareness
- Consider incorporating supply chain attack awareness into existing training programs, highlighting that compromises can occur through third-party vendors and trusted marketplaces.
- If applicable, consider briefing development teams on the risks of embedded API keys in AI workflow tools and the importance of using managed secrets stores instead.
- Consider educating employees about the increasing use of AI-generated phishing lures, which may be more convincing than traditional phishing templates.
MITRE ATT&CK Mapping
- T1195.002 - Compromise Software Supply Chain
- T1190 - Exploit Public-Facing Application
- T1059 - Command and Scripting Interpreter
- T1078 - Valid Accounts
- T1528 - Steal Application Access Token
- T1556 - Modify Authentication Process
- T1041 - Exfiltration Over C2 Channel
- T1213 - Data from Information Repositories
- T1566 - Phishing
- T1021 - Remote Services
- T1552 - Unsecured Credentials
- T1071 - Application Layer Protocol