Security failures rarely arrive loudly. They slip in through trusted tools, half-fixed problems, and habits people stop questioning. This week’s recap shows that pattern clearly.
Attackers are moving faster than defenses, mixing old tricks with new paths. “Patched” no longer means safe, and every day, software keeps becoming the entry point.
What follows is a set of small but telling signals. Short updates that, together, show how quickly risk is shifting and why details can’t be ignored.
âš¡ Threat of the Week
Improperly Patched Flaw Exploited Again in Fortinet Firewalls — Fortinet confirmed that it’s working to completely plug a FortiCloud SSO authentication bypass vulnerability following reports of fresh exploitation activity on fully-patched firewalls. “We have identified a number of cases where the exploit was to a device that had been fully upgraded to the latest release at the time of the attack, which suggested a new attack path,” the company said. The activity has been found to exploit an incomplete patch for CVE-2025-59718 and CVE-2025-59719, which could allow unauthenticated bypass of SSO login authentication via crafted SAML messages if the FortiCloud SSO feature is enabled on affected devices. In the absence of a fix, users are advised to restrict administrative access of edge network devices and turn off FortiCloud SSO logins by disabling the “admin-forticloud-sso-login” setting.
🔔 Top News
- TikTok Forms New U.S. Entity to Avoid Federal Ban — TikTok officially announced that it formed a joint venture that will allow the hugely popular video-sharing application to continue operating in the U.S. The new venture, named TikTok USDS Joint Venture LLC, has been established in compliance with the Executive Order signed by U.S. President Donald Trump in September 2025, the platform said. The new deal will see TikTok’s Chinese parent company, ByteDance, selling the majority of its stake to a group of majority-American investors, while it will retain a 19.9% stake in the business. The Chinese government hasn’t commented publicly on the agreement. The deal ends years of regulatory uncertainty that began in August 2020, when President Trump announced plans to ban the app, citing national security concerns.
- VoidLink Generated Almost Entirely Using AI — VoidLink, the recently discovered Linux malware which targets Linux-based cloud servers, was likely generated almost entirely by artificial intelligence (AI), signaling a significant evolution in the use of the technology to develop advanced malware. What was significant in alerting researchers to AI involvement in building VoidLink was a development plan that accompanied the project and was accidentally left exposed by its author. The developer also utilized regular checkpoints to ensure that the model was developing as instructed and that the code worked. The result was a malware which the researchers who first…
Source link
Disclaimer
We strive to uphold the highest ethical standards in all of our reporting and coverage. We blogs.grocliq.com want to be transparent with our readers about any potential conflicts of interest that may arise in our work. It’s possible that some of the investors we feature may have connections to other businesses, including competitors or companies we write about. However, we want to assure our readers that this will not have any impact on the integrity or impartiality of our reporting. We are committed to delivering accurate, unbiased news and information to our audience, and we will continue to uphold our ethics and principles in all of our work. Thank you for your trust and support.
Website Upgradation is going on for any glitch kindly connect at [email protected]
