In today’s cybersecurity news…
Active exploitation of Fortinet VPN bypass utility observed
Fortinet has announced that it has seen “recent abuse of a five-year-old security flaw in FortiOS SSL VPN in the wild under certain configurations.” This is in regard to a CVE numbered vulnerability from 2020 (CVE-2020-12812) with a CVSS score of 5.2, which could allow a user to log in successfully without being prompted for a second factor of authentication if the case, as in upper or lower case of the username, was changed. This is due to inconsistent case-sensitive matching among the local and remote authentication. A certain number of prerequisites need to be satisfied by any threat actors seeking to exploit this vulnerability, but since some have been seen doing so, Fortinet advises customers who are on FortiOS versions 6.0.13, 6.2.10, 6.4.7, 7.0.1, or later are advised to run a “set username-sensitivity disable” command.
Google possibly allowing users to change default gmail address
A clue to the idea that this may happen was spotted in a new support document located in a Telegram group, and admittedly written in Hindi, which might hint at some localized testing before a full rollout. Up to the present time, Google has allowed users to employ different aliases for your emails, but changing the main “@gmail.com” address was not allowed. Google had not made any formal announcement on this yet.
June Aflac attack results back
The data breach that hit the Georgia-based insurance giant in June “exposed the information of more than 22 million Aflac customers,” according to a statement from the company released on Friday following an investigation of the incident. The attack, which did not involve ransomware, according to the company, was stopped relatively quickly, but not before thieves made off with customer data. This data included “information on insurance claims, health data, Social Security numbers and other personal details of “customers, beneficiaries, employees, agents, and other individuals in its U.S. business.” The attack was attributed to the Scattered Spider organization.
CISA adds actively exploited Digiever NVR vulnerability to KEV
This security flaw impacts Digiever DS-2105 Pro network video recorders, and active exploitation has been noted. As such, it has been added to the Known Exploited Vulnerabilities (KEV) catalog. The flaw (CVE-2023-52163) has a CVSS score of 8.8, and “relates to a case of command injection that allows post-authentication remote code execution.” Of primary concern is the ability of threat actors to deliver botnets such as like Mirai and ShadowV2. Federal Civilian Executive Branch agencies are expected to apply the mitigations or discontinue use of the product by January 12, 2026.
Huge thanks to our sponsor, ThreatLocker
workshops that show CISOs exactly how to implement and maintain Zero Trust in real
environments. Join us March 4–6 in Orlando, plus a live CISO Series episode on March
6. Get $200 off with ZTWCISO26 at ztw.com.
NIST and MITRE to partner up for AI cybersecurity research
NIST has announced that it will partner with The MITRE Corporation on “a $20 million project to stand up two new research centers focused on artificial intelligence, including how the technology may impact cybersecurity for U.S. critical infrastructure.” One of these centers will focus on advanced manufacturing while the second will focus more directly on “how industries that provide water, electricity, internet, and other essential services can protect and maintain services in the face of AI-enabled threats.” The goal of the project will be to“drive the development and adoption” of AI-driven tools, including agentic AI solutions and reduce risks from reliance on insecure AI.”
MongoDB flaw could lead to server takeover
This high-severity vulnerability, CVE-2025-14847, with a CVSS score of 8.7., allows an unauthenticated remote attacker to execute arbitrary code on vulnerable servers through “a client-side exploit of the Server’s zlib software library implementation which can return uninitialized heap memory without authenticating to the server.” MongoDB strongly recommends users upgrade to a fixed version as soon as possible.” A link to the article containing the affected versions is available in the show notes to this episode.
Romanian Waters confirms cyberattack, but critical operations unaffected
The country’s water management authority suffered the attack last weekend. It affected around “1,000 computer systems across the central organization and 10 of its 11 regional offices,” disrupting IT assets, including GIS servers, databases, email and web services, Windows workstations, and domain name servers. Authorities emphasize that operational technology (OT) systems managing water infrastructure were not impacted, and water operations continue to function normally.
Microsoft wants to replace its entire C and C++ codebase by 2030
Writing in a LinkedIn post, Microsoft distinguished engineer Galen Hunt said his goal is to “is to eliminate every line of C and C++ from Microsoft by 2030.” The goal of this project is to “evolve and augment our infrastructure to enable translating Microsoft’s largest C and C++ to Rust. The company has established “an AI processing infrastructure then enables us to apply AI agents, guided by algorithms, to make code modifications at scale. Hunt’s post also points to a job ad for a Principal Software Engineer who will be expected to who will be expected to work on the tools to make this happen.