TikTok announced the formation of TikTok USDS Joint Venture LLC to transfer majority ownership to U.S. investors while ByteDance retains a 19.9% stake to comply with the September 2025 Executive Order. The venture will secure U.S. user data and the recommendation algorithm on Oracle’s U.S. cloud, implement NIST, ISO 27001 and…
Tag: SSO
Fortinet has confirmed it is working to fully patch a FortiCloud SSO authentication bypass after reports of exploitation on fully patched firewalls. The activity circumvents fixes for CVE-2025-59718 and CVE-2025-59719, creates persistent generic accounts, grants VPN access, and exfiltrates firewall configurations, prompting recommendations to restrict internet-facing admin access and disable FortiCloud…
K-Chess, an online chess platform operated by Keysquare (associated with Kasparov Chess), has allegedly been scraped by a threat actor who claims to have leaked approximately 83,000 rows of user data from the platform’s database in 2024. The sample leak reportedly contains full user profiles, social IDs, personal details, extensive chess…
Epitech has reportedly been targeted in a data scraping incident that exposed a 5.4MB database of user profiles on a dark web forum. The leaked dataset allegedly includes full names, email addresses, and phone numbers made available for download by a threat actor. #Epitech #DarkWebForum…
Microsoft warns that threat actors are abusing SharePoint links in a multi‑stage phishing campaign targeting energy organizations, using adversary‑in‑the‑middle (AiTM) techniques to capture Microsoft credentials. Attackers then performed business email compromise by taking over inboxes, hiding and deleting messages, and distributing further phishing URLs, requiring remediation that includes session revocation and…
This week’s roundup compiles a range of cybersecurity developments, from massive GDPR fines and law enforcement actions to newly disclosed exploit techniques and product security advisories. Highlights include Mandiant’s Net-NTLMv1 rainbow tables release, an Interpol Red Notice for Black Basta leader Oleg Nefedov, Cloudflare WAF bypasses, Snap Store account hijacks, and…
Fortinet confirmed that recent attacks are bypassing FortiCloud single sign-on authentication even on devices patched against CVE-2025-59718 and CVE-2025-59719. Attackers automate configuration changes on FortiGate devices to add accounts, enable VPN access, and exfiltrate configuration files, prompting Fortinet to share IOCs and recommend disabling FortiCloud SSO and restricting administrative access. #FortiCloud…
The third week of 2026 saw active exploitation of a supposedly patched FortiOS 7.4.9 vulnerability alongside continuing ransomware breaches that exposed sensitive data at major organizations. Rising hacktivist attacks on industrial and government systems and new EU rules to phase out high-risk non-EU telecom products highlight the need for integrated technical…
Fortinet confirmed it is working to fully address a critical FortiCloud SSO authentication bypass (CVE-2025-59718) after admins reported fully patched FortiGate firewalls being compromised. Security firms observed automated attacks that created VPN-enabled admin accounts and stole firewall configurations within seconds, and Fortinet advised restricting admin access and disabling FortiCloud SSO while a fix is developed. #Fortinet #CVE-2025-59718
Two Venezuelan nationals, Luz Granados and Johan Gonzalez-Jimenez, were convicted of ATM jackpotting using malware and will be deported after serving sentences and paying restitution. Authorities linked the scheme to the decade-old Ploutus malware and a broader campaign associated with the Tren de Aragua syndicate. #Ploutus #TrenDeAragua…
Anubis (formerly Sphinx) is a Ransomware-as-a-Service operation first observed in late 2024 that combines standard file encryption with an optional destructive wipe mode, permanently destroying data and removing decryption as a guaranteed outcome. Its affiliate-driven model and parallel monetization channels (data extortion and access resale) let operators choose between encryption, data-only extortion, or selling access, concentrating on high-value targets and controlled, high-impact intrusions. #Anubis #Sphinx
![Cybersecurity News | Daily Recap [22 Jan 2026]](https://www.hendryadrian.com/tweet/image/DailyRecap.png "Cybersecurity News | Daily Recap [22 Jan 2026]")
Daily Recap, Active, high-risk flaws are being patched across vendors, including Cisco’s actively exploited CVE-2026-20045 in Webex, post-exploit activity on SmarterMail, FortiCloud SSO abuse to alter FortiGate configs, and several third-party dependency and RCE/2FA issues affecting major collaboration platforms. AI framework and toolchain vulnerabilities (Chainlit, Anthropic fixes) continue to surface, with coordinated patches from Atlassian, GitLab, Zoom and a Microsoft workaround for Outlook freezes after Windows updates. #Cisco #Chainlit
Attackers are exploiting a patch bypass in a FortiGate authentication vulnerability (CVE-2025-59718) to create admin accounts on devices that were thought to be patched, and Fortinet has acknowledged 7.4.10 did not fully fix the issue. Admins are advised to disable FortiCloud SSO or apply upcoming FortiOS fixes while Shadowserver and CISA…
eSentire TRU uncovered a multi-stage espionage campaign targeting residents of India that uses phishing lures impersonating the Income Tax Department to deliver a DLL side-loading loader which fetches shellcode, bypasses UAC via a COM elevation moniker, and ultimately deploys a repurposed SyncFuture TSM platform for persistent remote surveillance. The intrusion chain includes anti-analysis, PEB process masquerading, Avast-specific GUI automation to create antivirus exclusions, service-based Safe Mode persistence, and multiple signed binaries and certificates abused to appear legitimate. #Blackmoon #SyncFuture
Okta warns that custom vishing phishing kits sold “as a service” are being used in active attacks to steal Okta SSO credentials and gain access to integrated enterprise platforms. These adversary-in-the-middle platforms enable live caller interaction to manipulate authentication flows, intercept MFA (including TOTPs and push prompts), and facilitate data theft and extortion linked to groups like ShinyHunters. #Okta #ShinyHunters