LLM traffic converts 3× better than Google search
58% of buyers now start their research in ChatGPT or Gemini, not Google. Most startups aren't showing up there yet.
The ones that are get cited by the AI tools their buyers, investors, and future hires already use. And they convert at 3×.
Download the free AEO Playbook for Startups from HubSpot and get the exact steps to start showing up. Five minutes to read.

Over the last 48 hours (06/22–06/24), the signal is loud:
If it creates trust or processes trusted input, it is now an attack surface.
Let’s dive in.
Risk Level: Critical
Business Impact: Compromise of unified communications infrastructure can enable remote code execution, persistence, credential exposure, and lateral movement into enterprise voice and collaboration environments.
What You Need to Know
Attackers are exploiting CVE-2026-20230, a Cisco Unified Communications Manager SSRF flaw, to drop web shells and gain remote code execution capability on affected servers. Help Net Security reports that the observed chain abuses WebDialer SSRF, deploys a rogue Apache Axis service, writes a first-stage JSP file writer, and then drops a command-execution shell.
Why This Matters
Unified communications systems are high-trust infrastructure that often touch voice, identity, and collaboration workflows.
Web shells create durable access even after the initial exploit path is patched.
Attackers are already moving from proof-of-concept awareness into operational exploitation.
Executive Actions
🩹 Patch Cisco Unified CM immediately and verify fixed versions are running.
🔒 Restrict WebDialer and management access to trusted internal networks only.
🔎 Hunt for rogue Axis services, unexpected JSP files, and suspicious POST requests.
🔐 Rotate credentials tied to Unified CM integrations if compromise is suspected.
Risk Level: Critical
Business Impact: UniFi OS compromise can allow unauthorized configuration changes, file access, command injection, rogue admin creation, and lateral movement through network management infrastructure.
What You Need to Know
CISA added three critical Ubiquiti UniFi OS flaws to KEV after exploitation activity, including CVE-2026-34908, CVE-2026-34909, and CVE-2026-34910. SecurityWeek’s coverage explains that the flaws can allow unauthenticated attackers to make system changes, access underlying accounts, and inject commands, with reports of rogue administrator accounts being created.
Why This Matters
UniFi devices manage network infrastructure and can become a pivot point into broader environments.
Rogue admin creation is a direct control-plane compromise signal.
Network management platforms are often less monitored than servers and endpoints.
Executive Actions
🩹 Update UniFi OS Server to the fixed release immediately.
🔐 Review admin accounts and remove unauthorized or suspicious users.
🕵️ Hunt for unexpected configuration changes, package update abuse, and command injection indicators.
🧱 Restrict management interfaces behind VPN, allowlists, and MFA.
Risk Level: Critical
Business Impact: CI/CD workflow compromise can lead to credential theft, malicious code pushes, poisoned releases, and downstream supply chain compromise.
What You Need to Know
Researchers disclosed Cordyceps, a class of CI/CD workflow weaknesses that can let unauthenticated attackers hijack developer workflows and gain control over affected repositories. Dark Reading’s report and SecurityWeek’s analysis note that the issue affects workflows tied to major ecosystems, including Microsoft, Google, Apache, Cloudflare, and the Python Software Foundation.
Why This Matters
CI/CD workflows often hold signing keys, cloud credentials, package tokens, and release permissions.
Automatically generated workflows can reproduce insecure patterns at massive scale.
One compromised workflow can ripple into packages, containers, releases, and customer environments.
Executive Actions
📦 Audit GitHub Actions and CI/CD workflows that trigger from pull requests or comments.
🔑 Reduce workflow token permissions and remove unnecessary write access.
🧪 Require review for workflow changes and block untrusted input from privileged jobs.
🧱 Isolate self-hosted runners and restrict secrets from untrusted workflows.
Leadership Insight:
This week is another reminder that attackers are not just exploiting systems. They are exploiting trust paths.
Cisco Unified CM routes communications. UniFi manages networks. CI/CD workflows ship software. FFmpeg processes trusted media. Dify brokers AI data. FortiGate sits at the edge of authentication and access.
The executive takeaway is simple: if a system processes trusted input, grants access, builds code, routes traffic, or stores business context, it is not a support tool...
It is part of the security boundary.
Want to get the most out of ChatGPT?
ChatGPT is a superpower if you know how to use it correctly.
Discover how HubSpot's guide to AI can elevate both your productivity and creativity to get more things done.
Learn to automate tasks, enhance decision-making, and foster innovation with the power of AI.
Risk Level: High
Business Impact: Crafted media files can trigger remote code execution across video players, media servers, NAS devices, chat platforms, and cloud transcoding pipelines.
What You Need to Know
JFrog disclosed PixelSmash, tracked as CVE-2026-8461, a high-severity FFmpeg MagicYUV decoder flaw that can be exploited with a small crafted media file. JFrog’s technical write-up shows remote code execution against Jellyfin and Nextcloud-style processing paths, while SC World’s coverage explains how the heap overflow can overwrite function pointers during decoding.
Why This Matters
Media upload, preview, thumbnailing, and transcoding pipelines are everywhere.
This can be triggered by processing a file, not by running an executable.
Servers and NAS appliances may process attacker-supplied media automatically.
Executive Actions
🩹 Patch FFmpeg and dependent platforms to fixed versions immediately.
🧾 Inventory products that bundle FFmpeg, including media servers, chat tools, NAS devices, and cloud pipelines.
🔒 Restrict automatic media processing for untrusted uploads until patched.
🔎 Monitor for crashes, suspicious thumbnail generation, and unexpected shell execution from media services.
Risk Level: High
Business Impact: AI platform compromise can expose private conversations, uploaded documents, internal APIs, and sensitive tenant data across multi-tenant environments.
What You Need to Know
Researchers found four vulnerabilities in Dify, a popular LLMOps platform used to build and deploy AI applications. SecurityWeek reports that the flaws could allow attackers to read private chats, preview documents uploaded by other tenants, trigger cross-tenant internal API calls, and leak files within shared tenant environments.
Why This Matters
AI platforms often store prompts, documents, embeddings, credentials, and business context.
Multi-tenant data leakage can become a customer trust and compliance incident quickly.
AI workflow platforms are being deployed faster than most organizations are governing them.
Executive Actions
🤖 Upgrade Dify to the fixed version and validate all self-hosted or managed instances.
🔐 Review tenant isolation, plugin permissions, and file access controls.
🔎 Hunt for abnormal tracing configuration changes, file preview access, and suspicious internal API calls.
🧱 Restrict AI platform access and apply WAF rules where recommended.
Risk Level: High
Business Impact: Large-scale credential harvesting against firewall infrastructure can expose VPN, RADIUS, NTLM, Kerberos, and database authentication material for follow-on intrusion.
What You Need to Know
A Russian-speaking initial access broker is assessed to be behind FortiBleed, a large credential-harvesting operation targeting FortiGate firewalls. The Hacker News report says the campaign targeted more than 430,000 FortiGate firewalls globally and identified over 110 million credentials, including RADIUS credentials, NTLM hashes, Kerberos hashes, and MySQL authentication tokens.
Why This Matters
Firewall and VPN credential exposure turns perimeter infrastructure into an access broker marketplace.
RADIUS, NTLM, and Kerberos material can support lateral movement and identity abuse.
Credential harvesting at this scale means “we were not directly exploited” is not a comfortable assumption.
Executive Actions
🔐 Rotate credentials tied to FortiGate, VPN, RADIUS, and privileged authentication paths.
🧯 Review firewall exposure, patch levels, and management interface restrictions.
🕵️ Hunt for unusual VPN logins, NTLM/Kerberos abuse, and authentication spikes.
🧱 Enforce MFA, certificate-based access, and segmentation around remote access paths.
🩹 Patch Cisco Unified CM, UniFi OS, FFmpeg, and Dify based on validated exposure
🔐 Rotate credentials tied to FortiGate, VPN, RADIUS, CI/CD, and privileged workflows
📦 Audit CI/CD workflows for untrusted input reaching privileged jobs
🧱 Restrict management planes behind VPN, allowlists, MFA, and segmentation
🔎 Hunt for web shells, rogue admins, suspicious CI/CD runs, abnormal media processing, and AI data access anomalies
📊 Require proof of running fixed versions, not just patch ticket closure
💡 If your phone system, network controller, build pipeline, media processor, AI platform, and firewall credentials all need attention in the same week, that is not chaos. That is your attack surface explaining itself. 💡
J.W.
(P.S. Check out our partners! It goes a long way to support this newsletter!)
Turn AI into Your Income Engine
Ready to transform artificial intelligence from a buzzword into your personal revenue generator
HubSpot’s groundbreaking guide "200+ AI-Powered Income Ideas" is your gateway to financial innovation in the digital age.
Inside you'll discover:
A curated collection of 200+ profitable opportunities spanning content creation, e-commerce, gaming, and emerging digital markets—each vetted for real-world potential
Step-by-step implementation guides designed for beginners, making AI accessible regardless of your technical background
Cutting-edge strategies aligned with current market trends, ensuring your ventures stay ahead of the curve
Download your guide today and unlock a future where artificial intelligence powers your success. Your next income stream is waiting.





