SOCRadar® Cyber Intelligence Inc.

Alleged FortiBleed Access Auction, Sens Unique Paris Data Sale, and libsodium DoS Claims

SOCRadar Dark Web Team identified new underground acti...

CVE-2026-20253: CISA Warns of Actively Exploited Splunk Enterprise RCE

Splunk Enterprise admins should prioritize patching CVE-2026-20253, a critical vulnerability that allows a network-reachable, unauthenticated attacker to create or truncate arbitrary files on the Splunk server. Under certain conditions, this can be chained into remote code execution (RCE), making exposure ...

FortiBleed: Everything You Need to Know

This is a developing story. Figures and findings are updated as the investigation continues.

1. What is FortiBleed?

FortiBleed is an active, large-scale credential theft campaign targeting internet-exposed Fortinet FortiGate firewalls and SSL VPN gateways. The same threat actor has also been observed targeting FortiWeb an...

CVE-2026-42530 & CVE-2026-42055: F5 Patches NGINX Vulnerabilities

F5 has released out-of-band security updates for two NGINX vulnerabilities that can affect exposed web infrastructure: CVE-2026-42530 and CVE-2026-42055.

The first issue affects NGINX’s HTTP/3 QUIC handling. The second affects specific HTTP/2 and gRPC proxying configurations. Both can be triggered re...

SOCRadar Launches Free FortiBleed Exposure Checker and Publishes the Most Extensive Dataset on the Fortinet Credential Leak

The team that first analyzed the FortiBleed leak now opens its research to the public, having already alerted thousands of customers and national CERTs — and invites every government cybersecurity agency to coordinate on the data.

SOCRadar, the gl...