▸ Engineering & Strategy Journal

Field notes from the edge.

What our engineers learned this week. Hands-on technical deep-dives, postmortems, and strategy frameworks.

All posts Healthcare Engineering Strategy Security Industry

Attackers Exploit Three Fortinet FortiSandbox Flaws, One Patched Last Week

Threat intelligence firm Defused Cyber reports active exploitation of three security vulnerabilities in Fortinet's FortiSandbox product, including CVE-2026-39813 (CVSS 9.1), a critical path traversal flaw in the JRPC API. The exploitation activity has been observed within the past 24 hours, with one vulnerability reportedly patched just last week, indicating attackers are moving quickly to exploit

Utopia Tech·Jun 16, 2026

Security

Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit

A threat actor exploited CVE-2026-39987 in publicly-accessible Marimo notebooks to gain initial access, then deployed an LLM agent to conduct post-exploitation activities. The attacker successfully extracted cloud credentials from the compromised system, demonstrating a novel attack technique combining traditional vulnerability exploitation with AI-powered automation.

UTUtopia Tech·1 min·May 29, 2026

Security

PCPJack Credential Stealer Exploits 5 CVEs to Spread Worm-Like Across Cloud Systems

A new credential theft framework called PCPJack has been identified targeting exposed cloud infrastructure by exploiting five CVEs to spread in a worm-like manner. The malware harvests credentials from cloud services, containers, developer tools, productivity platforms, and financial services before exfiltrating data through attacker-controlled infrastructure, while also removing competing TeamPCP

UTUtopia Tech·1 min·May 7, 2026