Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In mid-June 2026, security researchers identified an active, large-scale credential compromise campaign affecting Fortinet FortiGate firewalls, dubbed FortiBleed. Threat actors have been systematically extracting configuration files from internet-facing FortiGate devices and cracking the stored credential hashes, resulting in verified working administrator credentials for between 30,000 and 75,000 devices across 194 countries.

Most security teams aren’t naive to the growing risk in their environment, but because of high event volume and asset visibility gaps, emerging risk dynamics have become increasingly challenging to act on. Arctic Wolf’s latest State of the Cybersecurity Attack Surface report puts real data behind the challenge.

The recent White House executive order on advancing artificial intelligence innovation and security sends a clear signal about how leaders are framing the future. What stands out most in the executive order is the recognition that AI and cybersecurity are now inseparable. One cannot succeed without the other. While national security is a prominent example, this convergence extends to every organization that depends on digital systems.

Most vulnerability programs rely on scanning known assets and ranking findings based on static severity scores. That model breaks down quickly in modern environments. Asset lists are constantly changing, devices move between networks, workloads shift into cloud platforms, and unmanaged systems appear outside traditional inventory controls. When asset visibility is incomplete, vulnerability data is incomplete as well. The result is predictable. Prioritization becomes inconsistent.

In late May and early June 2026, Arctic Wolf began observing increased exploitation of CVE-2026-0257, a high-severity authentication bypass vulnerability affecting Palo Alto Networks PAN-OS GlobalProtect and Prisma Access. The increase in CVE-2026-0257 exploitation began on May 30, 2026, following a smaller initial wave that had taken place between May 17 and May 21.

The cybersecurity industry is entering a new phase of AI adoption. Frontier AI models are increasingly capable of identifying vulnerabilities, investigating threats, analyzing code, and accelerating security operations at machine speed. At the same time, innovation is moving rapidly. New models, platforms, and security-focused AI initiatives are emerging across the market, each pushing the boundaries of how AI can be applied to real-world cybersecurity workflows.

Endpoint security has become one of the most difficult layers of the modern security stack to operate effectively. Endpoints sit at the intersection of user behavior, identity compromise, phishing, ransomware, and hands‑on‑keyboard activity. At the same time, attackers increasingly rely on fileless techniques, memory abuse, and legitimate tooling to evade signature‑based defenses.

Security teams are not struggling to find vulnerabilities. They are struggling to deal with them in a way that actually reduces risk. Most environments generate thousands of new findings every month. While vulnerability scanners, cloud tools, and endpoint platforms all contribute, that data does not come together in a way that is actionable. Teams end up with long lists of vulnerabilities, limited context, and no clear way to determine what should be fixed first.

The 2026 FIFA World Cup is a once-in-a-generation opportunity, and threat actors have already begun capitalizing on it. The 2026 FIFA World Cup, set to kick off on June 11, has already broken records for the most host nations, the most matches, and the highest amount of prize money to date for winning teams. Arctic Wolf set out to proactively investigate the criminal ecosystem surrounding the tournament.