Weekly Recap: Firewall Flaws, AI-Built Malware, Browser Traps, Critical CVEs & More
# Improperly Patched Flaw Exploited Again in Fortinet Firewalls
Fortinet confirms it is working to fully plug a FortiCloud SSO authentication bypass vulnerability following reports of fresh exploitation activity on fully-patched firewalls. The attack targets an incomplete patch for CVE-2025-59718 and CVE-2025-59719, allowing attackers to access devices that have been updated to the latest release.
In response, users are advised to restrict administrative access of edge network devices and disable FortiCloud SSO logins by disabling the “admin-forticloud-sso-login” setting. This situation underscores how easily patched software can still be vulnerable due to incomplete updates or misconfigurations.
# Vishing Attacks Target Identity Providers
Threat actors specializing in voice phishing have introduced bespoke phishing kits targeting multiple identity providers and cryptocurrency platforms, indicating a significant shift towards sophisticated attacks that blend traditional tactics with new technology. Threat actors are now leveraging real-time control over authentication flows within targeted browsers to capture credentials without prior knowledge of users’ logins or passwords.
# VoidLink Generated Almost Entirely Using AI
Recently discovered Linux malware named VoidLink was generated almost entirely by artificial intelligence, marking a significant evolution in the use of this technology for developing advanced malicious software. This approach not only simplifies development but also ensures robust functionality and sophisticated attack vectors against defenses that are already on their guard.
- Security researchers highlighted the importance of checkpoints and automated control systems to ensure VoidLink’s code aligns with instructions and executes as intended, resulting in malware described by Check Point as “sophisticated, modern, and feature-rich.”
The use of AI is causing a significant shift in how offensive capabilities can be produced, underlining a growing concern about the capability level that AI can achieve.
# Critical InetUtils telnetd Flaw Detailed
A critical security flaw has been disclosed in the GNU InetUtils telnet daemon (telnetd). CVE-2026-24061 affects all versions of GNU InetUtils from 1.9.3 to 2.7, allowing an attacker to establish a Telnet session without valid credentials and thereby gain unauthorized access.
SafeBreach Labs provided a root cause analysis that revealed the vulnerability is easy to exploit, with an attacker capable of supplying the “-f” flag for the “/usr/bin/login” executable, skipping interactive authentication. This flaw highlights how outdated or misconfigured software can expose organizations to significant risks.
# Vishing Attacks Target Identity Providers
Vishing attacks have shifted towards more targeted and sophisticated phishing kits that intercept login credentials in real-time during user sessions. The new attacks leverage malicious extensions within browsers like Microsoft Visual Studio Code (VS Code) to establish a foothold on developer systems, employing runOn value of folderOpen property as a trigger.
- Security researchers highlighted the use of configuration properties that allow for automatic execution of tasks when workspaces are opened in VS Code. This mechanism enables actors to push malware and install backdoors without user intervention, further blurring the line between legitimate tools and malicious software.
# Hackers Act Fast: New Flaws Unveiled
- CVE-2026-24061 (GNU InetUtils telnetd): A severe flaw allowing unauthorized access to systems.
- CVE-2026-23760 (SmarterMail): An authentication bypass vulnerability in email services.
- CVE-2026-20045 (Cisco Unified Communications and Webex Calling Dedicated Instance): Exploitable through a vulnerable instance of Cisco’s unified communications platform.
Conclusion
This week’s cybersecurity recap illustrates how quickly threat actors can exploit misconfigured or outdated software. It also highlights the growing sophistication in malware generation, with AI playing a pivotal role in automating attacks and enhancing their stealthiness.
- These vulnerabilities, among others detailed, underscore the need for rapid patching and heightened vigilance against evolving threats.
- As new attack vectors emerge daily, maintaining security requires constant monitoring and proactive measures to stay ahead of emerging risks.
To better protect ourselves against future cyber threats, organizations must not only stay vigilant but also invest in advanced technologies like AI-driven detection systems and sophisticated threat intelligence platforms. Regular employee training is essential to counter social engineering attacks such as phishing, which remain one of the most common entry points for attackers.
For more insights into these topics, subscribe to our latest webinars and expert resources on cybersecurity trends and best practices. Stay protected and informed!