News

Fortinet Auth Bypass Vulnerabilities CVE-2025-59718 & CVE-2025-59719 Actively Exploited

Luciano Ferrari

18 Dec 2025 — 2 min read

Thursday, December 18, 2025

Top 5 Cybersecurity Stories You Should Know

Fortinet Auth Bypass Vulnerabilities CVE-2025-59718 & CVE-2025-59719 Actively Exploited — tl;dr: Hackers are actively exploiting two critical vulnerabilities (CVE-2025-59718 and CVE-2025-59719) in Fortinet products, allowing unauthorized access to admin accounts and system configuration files. These flaws affect FortiOS, FortiProxy, and FortiWeb when FortiCloud SSO is enabled. Cybersecurity firm Arctic Wolf reported attacks starting December 12, 2025, targeting admin accounts through malicious SSO logins. Fortinet advises affected users to disable FortiCloud login temporarily and upgrade to secure versions of their software to mitigate risks. System administrators should also rotate firewall credentials if signs of compromise are detected.
↪ https://www.bleepingcomputer.com/news/security/hackers-exploit-newly-patched-fortinet-auth-bypass-flaws/
Cisco AsyncOS 0-Day CVE-2025-20393 Under Attack by Suspected APT Group — tl;dr: Since late November 2025, a zero-day vulnerability in Cisco's AsyncOS, tracked as CVE-2025-20393, has been exploited by suspected Chinese government-linked threat actors. This vulnerability affects specific Secure Email Gateway (SEG) and Secure Email and Web Manager (SEWM) appliances with exposed Spam Quarantine features, allowing attackers to execute arbitrary commands with root privileges. Cisco has not yet released a patch and urges affected customers to assess their exposure and follow mitigation recommendations. The U.S. Cybersecurity and Infrastructure Security Agency has added this vulnerability to its Known Exploited Vulnerabilities catalog.
↪ https://www.theregister.com/2025/12/17/attacks_pummeling_cisco_0day/
Understanding Cybersecurity: Protecting Your Digital Life — tl;dr: Cybersecurity is essential for safeguarding networks, devices, and data from unauthorized access and criminal activities. With our daily lives increasingly reliant on technology—from communication to shopping—understanding the risks is crucial. Common threats include malware, hacking, and vulnerabilities in software. To enhance your cybersecurity, keep software updated, use strong and unique passwords, enable multifactor authentication, and be cautious of phishing emails. By following these best practices, individuals and organizations can significantly reduce the risk of cyberattacks and protect sensitive information.
↪ https://www.cisa.gov/news-events/news/what-cybersecurity
DHS Allocates $100M for Community Cybersecurity Grants — tl;dr: The Department of Homeland Security (DHS) has announced over $100 million in cybersecurity grant funding aimed at enhancing community defenses. This includes $91.7 million for the Fiscal Year 2025 State and Local Cybersecurity Grant Program (SLCGP) and $12.1 million for the Tribal Cybersecurity Grant Program (TCGP). These grants will support state, local, and tribal governments in improving their cybersecurity capabilities through planning, expert hiring, and service enhancements. Communities are encouraged to apply for these resources to bolster their cyber resilience and protect critical services.
↪ https://www.cisa.gov/news-events/news/dhs-launches-over-100-million-funding-strengthen-communities-cyber-defenses
CISA's Cybersecurity Best Practices for Individuals and Organizations — tl;dr: The Cybersecurity and Infrastructure Security Agency (CISA) provides essential cybersecurity best practices aimed at enhancing safety for individuals and organizations. Key recommendations include using strong passwords, enabling multi-factor authentication, and regularly updating software. CISA emphasizes the importance of developing tailored cybersecurity plans to mitigate risks associated with cyber threats. As cyber incidents can disrupt critical services, adopting these practices is crucial for maintaining operational resilience. CISA offers various resources and no-cost services to assist in implementing these strategies effectively.
↪ https://www.cisa.gov/topics/cybersecurity-best-practices