Jan 24, 2026

Email 1:

Subject: Risky Bulletin: Improperly patched bug exploited again in Fortinet firewalls

Content:

– Fortinet’s FortiGate firewalls are under a new wave of attacks exploiting CVE-2025-59718, a vulnerability that was improperly patched in December 2025.

– Attackers bypass Single Sign-On (SSO) authentication using crafted SAML messages to gain admin access and exfiltrate configuration files.

– Fortinet confirms ongoing exploitation even in updated firmware and advises disabling the FortiCloud SSO login feature.

– The vulnerability is serious, but the SSO feature is not enabled by default, so many devices remain somewhat protected.

– Additional cybersecurity news includes investigations on app data breaches, ransomware recoveries, zero-day exploits on Cisco and SmarterMail, privacy issues, and government cyber activities.

Email 2:

Subject: Hacker Newsletter #779

Content:

– Diverse technology and security articles curated from Hacker News including:

– Real-time AI-driven network monitoring for enterprise IT.

– Deep dives into ASCII character rendering, social filesystems, and coding language innovations.

– Updates on large-scale software tool developments like jQuery 4 and experimental coding languages.

– Discussions on software engineer burnout, software startup viability, and recent tech events/conferences.

– Featured content also includes new interactive physics simulators, indie and open-source projects, and unique collaborative games.

– Classifieds advertise developer tools, events like Devnexus, and financial planning software.

– Emphasis on thought-provoking articles, educational content, design insights, and current startup news.

Email 3:

Subject: A database with 149 million usernames and passwords was exposed on the internet

Content:

– A massive database with 149 million credentials, including 48 million Gmail and millions of Facebook and Binance logins, was exposed publicly.

– The trove likely assembled via infostealing malware using keyloggers and was hosted by a Canadian affiliate provider; it grew over a month without identified owners.

– Credentials spanned email, government systems, banking, academic institutions, media streaming, and social media.

– Related cybersecurity news includes:

– Two Venezuelan nationals convicted for ATM jackpotting malware attacks set for deportation.

– FBI asked Microsoft for BitLocker recovery keys to access encrypted laptops.

– Under Armour investigates a breach impacting 72 million email accounts.

– US tech investors ask for government probes into South Korea’s treatment of Coupang after a breach.

– Spain closes the NSO Pegasus spyware investigation citing lack of Israeli cooperation.

– Cellebrite’s phone-hacking tools allegedly used against Jordanian activists.

– Greek police dismantle a mobile phishing scam operating via rogue cell towers.

– TikTok fined by Vietnamese regulators for misleading consumer data policies.

– Kazakhstan plans to criminalize massive data breaches with increased fines.

– Former crypto hacker Ilya Lichtenstein now collaborates with authorities.

– Phishing kits using voice-based social engineering to steal Okta SSO credentials are active.

– Critical telnetd vulnerability (CVE-2026-24061) is trivial to exploit and under active attack.

– INC ransomware victims helped recover data after infrastructure infiltration by Cyber Centaurs.

– Android malware leveraging machine learning is used for click fraud.

– SmarterMail zero-day exploited to reset admin passwords seen in the wild.

– German art museum hit by cyberattack impacting online services and communications.

– Other news includes funding approvals for U.S. Cybersecurity Infrastructure Agency and criticism of FBI staffing changes.

Email 4:

Subject: Cyberattack Targeting Poland’s Energy Grid Used a Wiper

Content:

– At the end of December 2025, Polish energy infrastructure suffered a cyberattack using a destructive wiper malware named DynoWiper.

– ESET researchers attribute the attack with medium confidence to Sandworm, a GRU-linked hacking group which previously attacked Ukraine’s energy grid.

– The attack targeted power plants and renewable energy management systems but was thwarted before causing disruption.

– The operation could have cut power to 500,000 people if successful.

– Polish Prime Minister Donald Tusk confirmed successful defense and attributed the attack to Russian intelligence services.

– The attack coincided near the tenth anniversary of the notorious Black Energy attacks on Ukraine.

– Related reports involve other cyber threat campaigns targeting government and corporations.

Email 5:

Subject: Fortinet Confirms FortiCloud SSO Exploitation Against Patched Devices

Content:

– Fortinet acknowledges attackers continue exploiting the FortiCloud SSO vulnerability (CVE-2025-59718), despite December 2025 patches.

– Attackers bypass SSO authentication with crafted SAML messages to gain admin access.

– Fortinet is developing an updated fix and recommends interim mitigations like disabling or restricting FortiCloud SSO.

– Other cybersecurity news includes phishing campaigns exploiting SharePoint, extensive GDPR fines, and zero-days in Cisco Unified Communications Manager and SmarterMail.

– Under Armour is investigating a data breach affecting customer email addresses but no passwords or payment data.

– Security conferences, research insights, and new funding rounds in cybersecurity are also highlighted.

Email 6:

Subject: TikTok finalizes deal to spin off US operations | The CyberWire 1.23.26

Content:

– TikTok finalized divestiture of US operations into a new American entity due to longstanding US governmental pressure over security concerns.

– The new company will be majority-owned by US investors (Oracle, Silver Lake, MGX) with ByteDance retaining a minority stake.

– Former TikTok exec Adam Presser will lead the US entity.

– The US government sees this as a safeguard to protect national security including data protections and content moderation.

– Additional updates:

– Fortinet confirms ongoing exploitation of FortiCloud SSO vulnerability.

– Under Armour investigates an alleged breach of over 72 million accounts linked to the Everest ransomware group.

– Sponsored cybersecurity webinars and conferences are featured.

– Other notable news includes Okta SSO vishing attacks, Ireland’s plan for lawful spyware use, and US justice actions against Venezuelan malware hackers.

Stay Well!