VulnHub

Fortinet has issued a warning about ongoing attacks that exploit an old vulnerability in its FortiOS software, identified as CVE-2020-12812. This flaw allows attackers to bypass two-factor authentication, which can significantly compromise the security of affected systems. Organizations using FortiOS should be particularly vigilant, as this vulnerability has resurfaced in active attacks. The potential for unauthorized access puts sensitive data at risk, making it critical for users to address this issue promptly. Cybersecurity teams are urged to review their systems and implement necessary updates to safeguard against these threats.

Users of the Trust Wallet Chrome extension have reported significant cryptocurrency losses after a malicious update was released on December 24. This compromised update allowed attackers to drain wallets, leading to millions in losses for affected individuals. In conjunction with this incident, researchers discovered a phishing domain set up by the hackers, further indicating a coordinated effort to exploit Trust Wallet users. The company has responded urgently, advising users to take precautions and remain vigilant to avoid further losses. This incident serves as a stark reminder of the risks associated with browser extensions and the importance of ensuring that software updates are legitimate and secure.

Federal authorities have seized a password database linked to a large-scale bank account takeover scheme that targeted $28 million in funds. The attackers used phishing techniques to compromise bank accounts, putting numerous individuals and financial institutions at risk. This operation illustrates the ongoing threat posed by cybercriminals who exploit user credentials to access sensitive financial information. The seizure of the password database is a significant step in disrupting these criminal activities and protecting potential victims from further financial loss. As phishing remains a prevalent tactic, users must remain vigilant and practice safe online behaviors to safeguard their accounts.

WatchGuard has reported an exploitation of a zero-day vulnerability in its Firebox devices, which are critical components for network security. This vulnerability has caught the attention of attackers, joining a troubling trend where various edge device vendors are targeted. Organizations using WatchGuard Firebox devices should be particularly vigilant, as the flaw could allow unauthorized access to their networks. The situation emphasizes the need for prompt attention to security updates and patches to protect against potential breaches. Users and IT departments are advised to stay updated on any security advisories from WatchGuard to mitigate risks effectively.

Attackers have begun exploiting the open-source server monitoring tool Nezha for stealthy remote access to compromised systems. This tool, which is intended for legitimate server monitoring, is being misused to gain control over systems without detection. Organizations that utilize Nezha may find themselves vulnerable to these types of attacks if they do not implement proper security measures. The exploitation of such tools emphasizes the need for users to secure their systems and monitor for unusual activity. As attackers continue to find new ways to exploit legitimate software, it becomes crucial for companies to stay informed and proactive about their cybersecurity practices.

The U.S. Department of Justice has charged 54 individuals involved in a significant ATM jackpotting scheme that reportedly stole millions of dollars. This criminal operation utilized malware known as Ploutus to manipulate ATMs across the United States, causing them to dispense cash unlawfully. Many of those indicted are linked to Tren de Aragua, a criminal group based in Venezuela. The actions of these individuals not only affect financial institutions but also threaten the security and trust of ATM users nationwide. This case underscores the ongoing risks posed by sophisticated cybercrime networks that exploit vulnerabilities in financial systems.

A recent report from Proofpoint reveals a rise in phishing attacks that take advantage of Microsoft's OAuth device code flow. These campaigns target Microsoft 365 users, tricking them into providing access to their accounts through fake sign-in prompts. The attacks exploit the trust users place in the OAuth process, which is designed to facilitate secure authentication. As a result, individuals and organizations using Microsoft 365 could be at risk of unauthorized access to sensitive information. This surge in phishing attempts underscores the need for heightened awareness and vigilance among users to avoid falling victim to these scams.

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about a serious vulnerability, tracked as CVE-2025-59374, found in the Asus Live Update tool. This flaw acts as a backdoor that attackers can exploit, making it a significant concern for anyone using affected Asus devices. The vulnerability stems from a supply chain attack, meaning it was introduced during the software development process rather than through direct hacking. This situation puts users at risk, as the compromised update tool could allow unauthorized access to their systems. Asus users should take this warning seriously and ensure their devices are not vulnerable to exploitation.

This week’s ThreatsDay Bulletin reveals a variety of cybersecurity incidents where attackers are modifying existing tools and utilizing new tactics to exploit vulnerabilities. Notably, there are reports of WhatsApp accounts being hijacked, which can lead to unauthorized access to personal information and communications. Additionally, leaks related to Managed Cloud Providers (MCP) expose sensitive data, raising concerns for businesses relying on cloud services. Other activities involve advancements in AI reconnaissance techniques and the exploitation of the React2Shell vulnerability, which could impact numerous applications. As these tactics evolve, it’s crucial for users and organizations to stay vigilant and update their security measures to prevent potential breaches.

SonicWall has released patches for a medium-severity vulnerability in its SMA 1000 series, which has been exploited alongside a critical bug to enable remote code execution. This means that attackers could potentially gain control of affected devices, posing serious risks to organizations using this equipment. Users of SonicWall's SMA 1000 should prioritize applying the latest updates to safeguard their systems. The existence of this zero-day exploit indicates that the vulnerability was being actively exploited before it was disclosed, which raises concerns about the security of devices that have not yet been patched. Companies are urged to review their security measures and ensure they are using the most up-to-date software to protect against such threats.