CLAIM · ASSESSED ~ · CONFIDENCE 0.62
CISA on 16 July 2026 added FortiSandbox flaws CVE-2026-39808 and CVE-2026-25089 to its KEV catalog, ordering federal agencies to patch by 19 July.
WHY THIS MATTERS · This matters because PRC hackers are already sitting inside the phone networks, power grids, and water systems Americans rely on, positioned to shut off or spy on critical services the moment a Taiwan or South China Sea crisis turns hot.
Part of the monitored dynamic PRC Infrastructure Intrusions · VUCA INDEX 67/100
EVIDENCE CHAIN · 1
INGESTED ARTICLETIER 3JUL 17
ithome.com.tw — CISA警告Fortinet沙箱平臺重大漏洞遭到利用
"美國網路安全與基礎設施安全局(CISA)於7月16日,將Fortinet沙箱系統FortiSandbox的已知漏洞CVE-2026-39808、CVE-2026-25089加入已遭利用漏洞名單(KEV),聯邦機構要在3天內修補"
ENTITIES
PROVENANCE
Extracted by pipeline v0.5 (claude-opus-4-8) from ithome.com.tw · approved by christopher@vucanews.com JUL 18.
Extracted JUL 17; approved JUL 18 at 0.62.
MORE FROM THIS DYNAMIC
- Investigators identified a second backdoor, Stupig, on the same infected hosts as Daxin at the Taiwan manufacturer.
- Both Daxin and Stupig malware samples had early-2013 compile timestamps, suggesting up to 13 years of undetected presence.
- Symantec disclosed the Daxin backdoor four years ago, attributing it to China with activity traceable to 2013.
- CVE-2026-39808 and CVE-2026-25089 are OS command injection flaws rated CVSS 9.1; Fortinet issued patches in April and June 2026.
- Daxin is a Windows kernel-level rootkit that hijacks legitimate inbound TCP connections to exfiltrate encrypted C2 commands, evading traditional network monitoring.
STRUCTURED DISSENT