search

CCTR.5.FEB.26

Monday morning cyber coffee read CCTR.5.FEB.26.

A critical authentication bypass vulnerability CVE-2026-24858 has been identified in multiple Fortinet products where FortiCloud SSO is enabled. The flaw allows an attacker with a FortiCloud account and a registered device to authenticate into other Fortinet devices registered to different customer accounts. I mean, this is SSO literally drunk and on steroids.

This issue has been exploited in the wild and coincides with a broader wave of highly automated FortiGate compromises involving unauthorised configuration changes and persistence mechanisms. While Fortinet has taken temporarily mitigations at the FortiCloud level, organisations must upgrade at their end.

circle-info

The current pace of high severity Fortinet vulnerabilities raises a broader strategic question for organisations. Is continuous reactive patching alone an acceptable risk posture or is there a need to evaluate compensating controls, architectural changes or alternative solutions to reduce systemic exposure.

FortiGuard Labs https://www.fortiguard.com/psirt/FG-IR-26-060arrow-up-right

Arctic Wolf https://securityaffairs.com/187194/hacking/arctic-wolf-detects-surge-in-automated-fortinet-fortigate-firewall-configuration-attacks.htmlarrow-up-right

Multiple easily exploitable security flaws have been identified in SolarWinds Web Help Desk, enabling unauthenticated remote code execution (RCE) on vulnerable systems.

Web Help Desk is commonly deployed with broad internal access to ticketing data, assets, workflows, and integrations. Given historical exploitation patterns, this class of vulnerability should be treated as actively weaponisable, even if not yet widely observed in the wild.

  • Patch and assume compromise if the system was exposed and unpatched

Horizon3 https://horizon3.ai/attack-research/cve-2025-40551-another-solarwinds-web-help-desk-deserialization-issue/arrow-up-right

A critical vulnerability, CVE-2025-15467, has been identified and patched in OpenSSL, a core library used to secure internet and enterprise communications. The flaw allows unauthenticated attackers to remotely crash services or execute code using specially crafted encrypted messages, with no credentials or valid keys required. While widespread exploitation of this issue has not yet been confirmed, the availability of functional PoC code makes this a high priority patching risk. There is currently no public attribution of exploitation to specific advanced threat groups.

  • Upgrade OpenSSL to the latest patched version for your branch

  • Identify exposure across applications and third-party dependencies

  • Monitor closely for crashes or abnormal service behaviour.

Rescana https://www.rescana.com/post/cve-2025-15467-critical-remote-code-execution-vulnerability-in-openssl-patched-update-now-to-prevarrow-up-right

A critical sandbox escape vulnerability (CVE-2026-22709) has been identified in the vm2 NodeJS library. The flaw allows attackers to escape the JavaScript sandbox and execute arbitrary code on the underlying host system.

The library is referenced in over 200,000 GitHub projects and continues to see approximately one million weekly downloads on npm.

The vm2 project was discontinued in 2023 due to security concerns and was later revived in October 2025 with the release of version 3.10.0, which claimed to address all known vulnerabilities at that time.

  • Review your software supply chain to identify direct or transitive dependencies on vm2

  • Upgrade immediately if you are using vm2

https://www.bleepingcomputer.com/news/security/critical-sandbox-escape-flaw-discovered-in-popular-vm2-nodejs-library/arrow-up-right

PreviousCCTR.6.FEB.26NextCCTR.4.JAN.26

Last updated