FortiBleed Credential Harvesting, AI Supply Chain Risks Dominate Threat Landscap
Summary
Today's threat landscape is defined by a convergence of credential harvesting at scale and emerging AI supply chain risks. The FortiBleed campaign's targeting of over 430,000 FortiGate firewalls underscores the persistent threat from initial access brokers, while new research reveals how malicious AI agent skills can bypass security scanners entirely. Defenders should prioritize credential hygiene on exposed network appliances and scrutinize third-party AI marketplace integrations.
Today's developments
FortiBleed credential harvesting operation: A Russian-speaking initial access broker (IAB) is allegedly behind a large-scale campaign targeting over 430,000 FortiGate firewalls globally since February 2026. The operation involves collecting credential lists, searching for exposed services, and brute-forcing accessible systems. This represents one of the most significant credential harvesting campaigns observed against network security appliances this year.
AI supply chain vulnerabilities exposed: Researchers demonstrated that a fake AI agent skill could pass all security scanners and reach approximately 26,000 agents, including those on corporate accounts. The proof-of-concept skill collected user email addresses, highlighting how current security scanning tools fail to detect malicious AI marketplace submissions. Industry researchers note this represents a critical blind spot in enterprise AI adoption.
DPRK-linked macOS backdoor uses prompt injection: A Rust-based backdoor named macOS.Gaslight embeds 38 fabricated system messages that spoof an LLM triage harness, hiding a credential stealer and Telegram C2 infrastructure. This novel technique targets analysts themselves rather than sandbox environments, representing an evolution in evasion tactics.
DOJ seizes cyber scam infrastructure: The Justice Department seized infrastructure used by a major cyber scam and criminal marketplace, with the Treasury Department simultaneously taking action against the Cambodian company Huione Group and affiliates. This coordinated law enforcement action targets Southeast Asian cybercrime operations.
WhatsApp VBScript campaign spreads RMM tool: An active campaign uses WhatsApp direct messages to distribute malicious VBScript files that install legitimate Remote Monitoring and Management (RMM) software. The campaign targets users across Malaysia, Brazil, India, Mexico, Singapore, the UK, Spain, Taiwan, and Australia.
Malicious npm packages deliver Windows RAT: Three malicious npm packages posing as PostCSS tools have been discovered, collectively downloaded over 1,000 times. The packages deliver a Windows-based remote access trojan, continuing the trend of supply chain attacks via popular package registries.
Threat landscape signals
The concentration of activity around credential harvesting and AI supply chain vectors indicates a strategic shift by threat actors. The FortiBleed campaign's targeting of FortiGate firewalls specifically suggests attackers are prioritizing network perimeter devices as high-value initial access points. The simultaneous emergence of AI skill marketplace vulnerabilities and prompt injection techniques in macOS malware points to a broader trend of attackers exploiting trust in automated systems.
Geographically, Southeast Asia remains a focal point for both cybercrime operations and law enforcement action, as evidenced by the Huione Group takedown and the WhatsApp campaign targeting multiple Asian countries. The combination of credential harvesting at scale with novel evasion techniques in AI and macOS environments suggests defenders should expect increasingly sophisticated initial access attempts across multiple vectors.