Article Details

⚡ Weekly Recap: Fortinet Exploits, RedLine Clipjack, NTLM Crack, Copilot Attack & More. In cybersecurity, the line between a normal update and a serious incident keeps getting thinner. Systems that once felt reliable are now under pressure from constant change. New AI tools, connected devices, and automated systems quietly create more ways in, often faster than security teams can react. This week's stories show how easily a small mistake or hidden service can turn into a real break-in. Behind the headlines, the pattern is clear. Automation is being used against the people who built it. Attackers reuse existing systems instead of building new ones. They move faster than most organizations can patch or respond. From quiet code flaws to malware that changes while it runs, attacks are focusing less on speed and more on staying hidden and in control. If you're protecting anything connected—developer tools, cloud systems, or internal networks—this edition shows where attacks are going next, not where they used to be. ⚡ Threat of the Week Critical Fortinet Flaw Comes Under Attack — A critical security flaw in Fortinet FortiSIEM has come under active exploitation in the wild. The vulnerability, tracked as CVE-2025-64155 (CVSS score: 9.4), allows an unauthenticated attacker to execute unauthorized code or commands via crafted TCP requests. In a technical analysis, Horizon3.ai described the issue as comprising two issues: an unauthenticated argument injection vulnerability that leads to arbitrary file write, allowing for remote code execution as the admin user, and a file overwrite privilege escalation vulnerability that leads to root access and complete compromise of the appliance. The vulnerability affects the phMonitor service, an internal FortiSIEM component that runs with elevated privileges and plays an integral role in system health and monitoring. Because the service is deeply embedded in FortiSIEM's operational workflow, successful exploitation grants attackers full control of the appliance. When Your CEO Calls, Will You Know It's Real? Today's phishing attacks involve AI voices, videos, and exec deepfakes. Adaptive Security is the first security awareness platform built to stop AI-powered social engineering. Adaptive protects your team with custom training and deepfake simulations featuring your own executives. 🔔 Top News ‎️‍🔥 Trending CVEs Hackers act fast. They can use new bugs within hours. One missed update can cause a big breach. Here are this week's most serious security flaws. Check them, fix what matters first, and stay protected. This week's list includes — CVE-2025-20393 (Cisco AsyncOS Software), CVE-2026-23550 (Modular DS plugin), CVE-2026-0227 (Palo Alto Networks PAN-OS), CVE-2025-64155 (Fortinet FortiSIEM), CVE-2026-20805 (Microsoft Windows Desktop Window Manager), CVE-2025-12420 (ServiceNow), CVE-2025-55131, CVE-2025-55131, CVE-2025-59466, CVE-2025-59465 (Node.js), CVE-2025-68493 (Apache Struts 2), CVE-2026-22610 (Angular Template Compiler), CVE-2025-66176, CVE-2025-66177 (Hikvision), CVE-2026-0501, CVE-2026-0500, CVE-2026-0498​, CVE-2026-0491 (SAP), CVE-2026-21859, CVE-2026-22689 (Mailpit), CVE-2026-22601, CVE-2026-22602, CVE-2026-22603, CVE-2026-22604 (OpenProject), CVE-2026-23478 (Cal.com), CVE-2025-14364 (Demo Importer Plus plugin), CVE-2025-14502 (News and Blog Designer Bundle), CVE-2025-14301 (Integration Opvius AI for WooCommerce plugin), CVE-2025-52493 (PagerDuty Runbook), CVE-2025-55315 (ASP.NET Core Kestrel server), CVE-2026-20965 (Microsoft Windows Admin Center), and CVE-2025-14894 (Livewire Filemanager). 📰 Around the Cyber World 🎥 Cybersecurity Webinars 🔧 Cybersecurity Tools Disclaimer: These tools are for learning and research only. They haven't been fully tested for security. If used the wrong way, they could cause harm. Check the code first, test only in safe places, and follow all rules and laws. Conclusion The message is clear. Today's threats aren't just single break-ins. They come from connected weak spots, where one exposed service or misused tool can affect an entire system. Attackers don't see cloud platforms, AI tools, and enterprise software as separate. They see one shared space. Defenders need to think the same way, treating every part of their environment as connected and worth watching all the time, not just after something goes wrong. What happened this week isn't unusual. It's a warning. Every update, setting, and access rule matters, because the next attack will likely begin from something already inside. This recap shows how small gaps turned into big openings—and what's being done to close them before the next round begins.