"Security failures rarely arrive loudly. They slip in through trusted tools, half-fixed problems, and habits people stop questioning. Attackers are moving faster than defenses, mixing old tricks with new paths. "Patched" no longer means safe, and every day, software keeps becoming the entry point. What follows is a set of small but telling signals. Short updates that, together, show how quickly risk is shifting and why details can't be ignored."
""We have identified a number of cases where the exploit was to a device that had been fully upgraded to the latest release at the time of the attack, which suggested a new attack path," the company said. The activity has been found to exploit an incomplete patch for CVE-2025-59718 and CVE-2025-59719, which could allow unauthenticated bypass of SSO login authentication via crafted SAML messages if the FortiCloud SSO feature is enabled on affected devices."
Security failures commonly enter through trusted tools, half-fixed problems, and habitual practices that stop being questioned. Attackers are accelerating, combining familiar techniques with new attack paths, and patches no longer guarantee safety as software becomes a primary entry point. Fortinet reported exploitation linked to an incomplete FortiCloud SSO patch (CVE-2025-59718 and CVE-2025-59719) that can allow unauthenticated SSO bypass via crafted SAML messages on affected devices. Users are advised to restrict administrative access on edge network devices and disable the "admin-forticloud-sso-login" setting until a full fix is available. TikTok formed TikTok USDS Joint Venture LLC to comply with an Executive Order, with ByteDance selling a majority stake to American investors.
Read at The Hacker News
Unable to calculate read time
Collection
[
|
...
]