FortiBleed harvests 110M credentials from 430K FortiGate firewalls, Scattered Spider pleads guilty, fake AI agent skills bypass all scanners, and post-quantum crypto gets a hard 2030 federal deadline.
AI & Technology
Mistral OCR 4 adds bounding box output, 170-language support, and self-hosted deployment to its document AI pipeline, directly targeting enterprise use cases where data residency requirements block cloud OCR APIs. The self-hosted option is the operationally significant detail: it opens Mistral's document pipeline to air-gapped environments like government contractors and healthcare, where AWS Textract and Google Document AI are often non-starters. Researchers building dark web document ingestion pipelines will find the bounding box output useful for structured extraction from scanned forum archives and leaked documents.
FUTO is releasing a swipe typing model as a standalone component, positioning it as an on-device, privacy-preserving alternative to Gboard and SwiftKey's cloud-connected gesture recognition. The interesting engineering angle is whether the model runs entirely on-device at acceptable latency on mid-range Android hardware, which would make it a reference implementation for other on-device sequence modeling tasks. Indie iOS/macOS developers building keyboard extensions face Apple's strict memory limits for keyboard extensions, so the architecture choices here are worth examining for portability.
Cybersecurity
A Russian-speaking IAB has harvested over 110 million credentials from more than 430,000 FortiGate firewalls globally since February 2026, operating as a financially motivated initial access broker rather than a state-sponsored actor. The scale is striking: this is not targeted espionage but industrialized credential collection at a pace that suggests automated exploitation pipelines against a single vendor's installed base. The IAB-as-a-service model here warrants attention for dark web intelligence researchers tracking how harvested FortiGate credentials get priced and resold.
Security firm AIR planted a malicious skill in a popular AI agent marketplace, propagated it via an Instagram ad, and achieved installation on roughly 26,000 agents including corporate accounts, with every tested skill security scanner returning a clean verdict. The non-obvious implication is that current scanner tooling is entirely blind to semantic-layer supply chain attacks on agentic systems, a gap that mirrors early npm/PyPI typosquatting before package signing became standard. The attack surface expands dramatically as enterprises deploy multi-agent orchestration without any equivalent of code signing for skill provenance.
A CI/CD workflow weakness dubbed Cordyceps has been confirmed in repos belonging to Microsoft Azure Sentinel, Google's AI Agent Development Kit, Apache Doris, Cloudflare Workers SDK, and the Python Software Foundation's Black formatter simultaneously. The breadth of affected projects suggests this is a structural flaw in how pull_request_target triggers are configured across the industry rather than isolated misconfigurations. GitHub's concurrent update to actions/checkout to block pwn request patterns is a reactive patch, not a root-cause fix. Connects to: GitHub Updates actions/checkout to Block Common Pwn Request Attack Patterns.
Effective June 18, 2026, GitHub's actions/checkout now blocks the pull_request_target trigger pattern that enables pwn request attacks, where untrusted fork code runs with the base repo's full workflow privileges. The fix is opt-in via version pinning, meaning the millions of existing workflows using older action versions remain vulnerable until maintainers explicitly update. Repos running security tooling like Azure Sentinel that were named in the Cordyceps campaign are the highest-priority targets for immediate remediation.
Finance & Business
SK Hynix is pursuing a 45.45 trillion won ($29.4 billion) US ADR listing, the largest capital raise in the current AI infrastructure cycle by a memory supplier, timed to HBM demand driven by NVIDIA H100/H200 and Blackwell allocations. The strategic logic is to lock in US capital market access before any potential export control tightening on advanced memory, mirroring TSMC's Arizona fab as a geopolitical hedge rather than purely a financial move. Leveraged Korea ETFs already sold an estimated $6 billion of Samsung and SK Hynix shares in Tuesday's rout, so the ADR pricing will face a technically damaged order book.
Saint-Gobain CEO Benoit Bazin identifies skilled construction labor, not materials or power permitting, as the primary bottleneck on North American data center buildout, with the same constraint beginning to appear in Europe. This is a non-obvious constraint for AI infrastructure investors who have focused on GPU allocation and grid interconnection timelines as the binding limits. If labor is the actual critical path, the beneficiaries are modular data center prefabricators and construction automation firms rather than traditional hyperscaler suppliers.
Entrepreneurship
Apple has acquired Swift Package Index, the community-built package discovery and compatibility tracking service that became the de facto standard for Swift dependency research. For solo macOS/iOS developers, this consolidates package infrastructure under Apple's control, which could mean better Xcode integration but also raises questions about whether Apple will maintain the open compatibility matrix data that made SPI useful for cross-platform Swift work. The acquisition pattern mirrors Apple's absorption of other community tools and suggests Apple is investing in developer ecosystem stickiness ahead of potential platform competition from cross-platform frameworks.
A team running 21+ production agents reports that over-constraining guardrails degraded agent performance enough to reverse revenue gains, and that an AI finance agent surfaced a misconfigured setting that had been invisible to humans for eight years. The guardrail failure mode is the non-obvious finding: security researchers designing agentic systems for threat detection need to account for the fact that safety constraints can create capability cliffs rather than graceful degradation. The revenue swing from -19% to +47% YoY is a strong enough signal to warrant examining the specific agent architecture, though the post lacks reproducible implementation details.
Worth Reading
Filippo Valsorda argues that the privileged status of vulnerability reports in coordinated disclosure pipelines is eroding as LLMs enable mass automated bug finding and reporting, flooding vendor triage queues with low-signal submissions that dilute the signal from genuine researchers. The practical implication for security teams building LLM-assisted triage pipelines is that the incoming report volume problem is already here, not a future concern, and that classifier models trained on pre-LLM report corpora will have significant distribution shift problems. This is a direct challenge to the assumption that CVE assignment and CVSS scoring workflows can scale linearly with report volume.