Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

On June 24, 2026, demonstrating the power of public-private collaboration, Europol and the Microsoft Digital Crimes Unit, alongside our team and other global partners, executed a coordinated disruption as part of Operation Endgame, impacting two of the most prolific commodity malware families on Windows: the Amadey loader/botnet and the StealC information stealer.

In Bitsight’s annual State of the Underground report we discuss cyber threat trends, key players, attack vectors, and why it all matters. The key theme from the 2026 State of the Underground is that cyber risk is changing as we know it. We are starting to see threat actors pivot alongside the changing threat landscape. We also explored how the threat landscape is reacting to the ever-growing changes brought on by AI.

A large-scale credential compromise campaign known as FortiBleed has exposed verified administrator credentials for more than 73,000 internet-facing Fortinet FortiGate firewalls. As of mid-June 2026, the dataset is reportedly circulating within criminal underground communities. Researchers estimate that approximately 50% of all internet-reachable FortiGate devices may be affected across 194 countries, making this one of the most significant Fortinet security incidents to date.

The landscape of third-party cyber risk is undergoing a profound transformation, driven by an escalating threat environment, an expanding attack surface, AI, and a tidal wave of new global regulations. As organizations grapple with complex digital supply chains, regulators across the US and EMEA are stepping up oversight, making 2026 a pivotal year for compliance and risk management. This analysis explores the essential threat intelligence and regulatory shifts that demand immediate attention.

Hong Kong’s Protection of Critical Infrastructures (Computer Systems) Ordinance (Cap. 653) represents a major shift in cybersecurity regulation. The law moves beyond traditional compliance exercises and places a much stronger emphasis on continuous operational resilience. For designated Critical Infrastructure (CI) operators, the challenge is no longer simply deploying security controls.

Third-party assessments often succeed at one thing: surfacing where a vendor falls short. But the process that follows can be difficult to scale across a growing vendor ecosystem.

Anthropic recently announced the release of Claude Fable 5, a public version of its more powerful Mythos AI model. Technology that was previously only accessible to a select few organizations is now available to businesses at an enterprise level. AI vendors are building the guardrails while threat actors are studying their attack vectors. Essentially, we are giving the keys to the AI world to businesses and hoping the guardrails hold steady. Security teams need to prepare even faster now.

The recent wave of announcements surrounding Claude Mythos and Project Glasswing has certainly filled our feeds. While these developments are technically interesting, the real story for me lately has been what they reveal about where the cybersecurity market is heading and how quickly that evolution is reshaping the risk conversation.

Are the repeated warnings throughout the years taking effect? Although we would like to say they are, the answer is complex and, most likely, we aren’t quite there yet.

According to Bitsight Threat Intelligence, NoName057(16) remains one of the most visible pro-Russian hacktivist groups conducting distributed denial-of-service (DDoS) attacks against countries and organizations perceived as supporting Ukraine. This matters because the risk can extend beyond direct business ties to Ukraine, and the group may also target organizations that do business with vendors, suppliers, partners, or service providers perceived as supporting Ukraine.