Fortinet VPN exploit, Google gmail change, Aflac breach update - Cybersecurity Headlines

Summary5 min read

Cyber Security Headlines — December 26, 2025

Host: Steve Prentiss | Podcast: CISO Series
Episode Focus: Key developments in cybersecurity from major tech vendors to government initiatives, featuring major exploits, organizational breaches, and forward-looking security strategies.

Main Theme and Purpose

This episode delivers a rapid-fire rundown of top cybersecurity stories impacting enterprises and the public sector. Covered topics include a revived Fortinet VPN exploit, a possible foundational change to Gmail accounts, an update on the massive Aflac insurance breach, a critical NVR vulnerability, US AI research partnerships, a MongoDB exploit, a cyberattack against Romanian water systems, and Microsoft's ambitious codebase migration efforts.

Key Discussion Points & Insights

1. Fortinet VPN Exploit Resurfaces

[00:23] Fortinet reports active abuse of a five-year-old vulnerability (CVE-2020, CVSS 5.2) in FortiOS SSL VPN.
Exploit allows bypassing second-factor authentication by altering username case sensitivity due to inconsistent matching between authentication modules.
Fortinet urges users on certain FortiOS versions to run: set username sensitivity disable
- Insight: Even longstanding vulnerabilities can resurface, especially when mixed with obscure configuration issues and persistent threat actors.
“A certain number of prerequisites need to be satisfied by any threat actors… but since some have been seen doing so, Fortinet advises customers… to run a set username sensitivity disable command.”
— Steve Prentiss, [00:46]

2. Possible Google Gmail Account Changes

[01:28] A new support document found on Telegram (in Hindi, possibly signaling India-only testing) suggests Google may soon allow users to change their primary Gmail address—not just aliases.
No official statement yet from Google.

“…changing the main mail.com address was not allowed. Google has not yet made any formal announcement on this.”
— Steve Prentiss, [01:54]

3. Aflac Breach Update

[02:02] The June cyberattack at Aflac exposed the data of over 22 million customers per new internal findings.
Breach included insurance claims, health data, Social Security numbers, affecting customers, employees, agents, and more.
Attack, attributed to "Scattered Spider," wasn’t ransomware-based and was contained relatively quickly, but data exfiltration succeeded.

“This data included information on insurance claims, health data, Social Security numbers and other personal details…”
— Steve Prentiss, [02:24]

4. DigiEver NVR Vulnerability Added to KEV Catalog

[02:45] SISA adds active DigiEver DS2105Pro NVR vulnerability (command injection, CVSS 8.8) to Known Exploited Vulnerabilities catalog.
Allows post-authentication remote code execution and is being leveraged to deliver botnets such as Mirai.
US Federal agencies required to mitigate or take systems offline before January 12, 2026.

“Of primary concern is the ability of threat actors to deliver botnets such as Mirai and Shadow V2…”
— Steve Prentiss, [03:08]

5. NIST and MITRE Join for AI Security Research

[04:13] NIST and Mitre Corporation launching a $20M initiative to build two research centers focused on AI impacts in critical infrastructure and advanced manufacturing.
Goals include driving secure, industry-wide AI adoption and developing "agentic" AI and other technologies for risk reduction.

“…how industries that provide water, electricity, Internet and other essential services can protect and maintain services in the face of AI-enabled threats.”
— Steve Prentiss, [04:28]

6. MongoDB Vulnerability: Potential Server Takeover

[05:07] High-severity (CVSS 8.7) flaw could enable unauthenticated remote attackers to execute code via a client-side exploit of the server’s Zlib library.
Affected users urged to upgrade immediately; details in the episode’s show notes.

“…allows an unauthenticated remote attacker to execute arbitrary code on vulnerable servers through a client side exploit…”
— Steve Prentiss, [05:11]

7. Romanian Waters Authority Cyberattack

[05:43] Romania’s Water Management Authority hit by a cyberattack last weekend, disrupting about 1,000 systems (across central and most regional offices).
IT systems including GIS, databases, email, and domain servers impacted.
Critical water infrastructure and operations ("OT systems") reportedly unaffected.

“…authorities emphasize that operational technology systems managing water infrastructure were not impacted and water operations continue to function normally.”
— Steve Prentiss, [06:09]

8. Microsoft Plans to Replace All C/C++ with Rust

[06:13] Galen Hunt (Microsoft Distinguished Engineer) announces company-wide effort to eliminate all C and C++ code by 2030 in favor of Rust.
Advanced AI-driven code transformation tools are key to this transition.
Efforts include job postings for engineers to build these transformation solutions.

“The goal of this project is to evolve and augment our infrastructure to enable translating Microsoft's largest C and C++ to Rust.”
— Galen Hunt (via Steve Prentiss), [06:31]

Notable Quotes & Memorable Moments

“Even longstanding vulnerabilities can resurface, especially when mixed with obscure configuration issues and persistent threat actors.” — [00:46]
“This data included information on insurance claims, health data, Social Security numbers and other personal details…” — [02:24]
“Of primary concern is the ability of threat actors to deliver botnets such as Mirai and Shadow V2…” — [03:08]
“The goal of this project is to evolve and augment our infrastructure to enable translating Microsoft's largest C and C++ to Rust.” — [06:31]

Important Timestamps for Segments

| Timestamp | Segment | |-----------|-------------------------------------------| | 00:23 | Fortinet VPN exploit revisited | | 01:28 | Google Gmail address change speculation | | 02:02 | Aflac breach scope revealed | | 02:45 | DigiEver NVR vulnerability | | 04:13 | NIST / MITRE AI cybersecurity partnership | | 05:07 | MongoDB critical flaw | | 05:43 | Romanian Waters cyberattack | | 06:13 | Microsoft’s code migration to Rust |

Episode Tone and Style

Steve Prentiss’ delivery is concise, fact-driven, and professional, maintaining an even tone with helpful context for each headline. The episode is dense with actionable information, catering to busy security professionals and executives.

Summary

This episode spotlights how long-standing overlooked bugs can resurface, the growing focus on AI and secure software engineering, the persistence of state and non-state cyber threats, and how large organizations and government are shifting strategies to anticipate and mitigate the evolving landscape of cyber risk. With practical advice and timely alerts, it's a brisk, insightful overview for infosec practitioners and business leaders alike.

Loading summary

Transcript27 lines

[00:00]
A
From the CISO series, it's Cybersecurity Headlines.
[00:07]
B
These are the cybersecurity headlines for Friday, December 26, 2025. I'm Steve Prentiss Active exploitation of Fortnite VPN bypass utility observed fortnet has announced.
[00:24]
C
That it has seen recent abuse of a 5 year old security flaw in 40 OS SSL VPN in the wild UPD under certain configurations. This is in regard to a CVE numbered vulnerability from 2020 with a CVSS score of 5.2 which could allow a user to log in successfully without being prompted for a second factor of authentication if the case as in upper or lower case of the username was changed. This is due to inconsistent case sensitive matching amongst the local and remote authentication. A certain number of prerequisites need to be satisfied by any threat actors seeking to exploit this vulnerability, but since some have been seen doing so, Fortinet advises customers who are on 40 OS versions 6.0.13, 6, 2.1, 0, 6, 4.7, 7, 0.1 or later to run a set username sensitivity disable command Google possibly allowing users to change default Gmail address.
[01:29]
B
A clue to the idea that this.
[01:31]
C
May happen was spotted in a new support document located in a Telegram group and admittedly written in Hindi, which might hint at some localized testing in India.
[01:41]
B
Before a full rollout.
[01:43]
C
Up to the present time, Google has allowed users to employ different aliases for emails, but changing the main mail.com address was not allowed. Google has not yet made any formal.
[01:55]
B
Announcement on this June Aflac attack Results Back the data breach that hit the.
[02:02]
C
Georgia based insurance giant in June exposed the information of more than 22 million Aflac customers. This according to a statement from the company released last Friday following an investigation of the incident. The attack, which did not involve ransomware, according to the company, was stopped relatively quickly, but not before thieves made off.
[02:23]
B
With the customer data.
[02:24]
C
This data included information on insurance claims, health data, Social Security numbers and other personal details of customers, beneficiaries, employees, agents and other individuals in its US Business. The attack was attributed to the scattered.
[02:40]
B
Spider organization SISA adds Actively exploited Digi.
[02:46]
C
Ever NVR vulnerability to Kevin the security flaw in question impacts Digi ever DS2105Pro network video recorders. Digi ever being spelled D I G I E v E r an act of exploitation has been noted. As such, it has been added to the known Exploited Vulnerabilities catalog. The flaw has a CVSS score of 8.8 and relates to a case of command injection that allows post authentication remote code execution. Of primary concern is the ability of threat actors to deliver botnets such as mirai and Shadow V2. Federal civilian executive branch agencies are expected to apply the mitigations or discontinue use.
[03:29]
B
Of the product by January 12th of 2026. Huge thanks to our sponsor ThreatLocker.
[03:39]
C
Want real zero trust training? Zero Trust World 2026 delivers hands on labs and workshops that show CISOs exactly how to implement maintain zero Trust in real environments. Join us March 4th through 6th in Orlando plus a live CISO series episode on March 6th and you can get $200 off with the code. Ztwciso26@ztw.com NIST and MITRE to partner up.
[04:13]
B
For AI cybersecurity research NIST has announced.
[04:17]
C
That it will partner with the Mitre corporation on a $20 million project to stand up two new research centers focused on artificial intelligence, including how the technology may impact cybersecurity for US Critical infrastructure. One of these centers will focus on advanced manufacturing, while the second will focus more directly on how industries that provide water, electricity, Internet and other essential services can protect and maintain services in the face of AI enabled threats. The goal of the project will be to drive the development and adoption of AI driven tools including agentic AI solutions and reduce risks from reliance on insecure AI. MongoDB flaw could lead to server takeover this high severity vulnerability with a CVSS score of 8.7 allows an unauthenticated remote attacker to execute arbitrary code on vulnerable servers through a client side exploit of the server's Zlib software library implementation, which can return uninitialized heap memory without authenticating to the server. MongoDB strongly recommends users upgrade to a fixed version as soon as possible. A link to the article containing the affected versions is available in the show.
[05:34]
B
Notes to this episode Romanian Waters confirms cyber attack, but critical operations unaffected the.
[05:44]
C
Country'S Water Management Authority suffered the attack last weekend. IT affected around 1,000 computer systems across the central organization and 10 of its 11 regional offices, disrupting IT assets including GIS servers, databases, email and web services, Windows workstations and domain name servers. However, authorities emphasize that operational technology systems managing water infrastructure were not impacted and.
[06:09]
B
Water operations continue to function normally.
[06:14]
C
Microsoft wants to replace its entire C and C codebase by 2030. Writing in a LinkedIn post, Microsoft distinguished engineer Galen Hunt said his goal is to eliminate every line of C and C from Microsoft by that year. The goal of this project is to evolve and augment our infrastructure to enable translating Microsoft's largest C and C to rust the company has established an AI processing infrastructure that enables it to apply AI agents guided by algorithms to make code modifications at scale. Hunt's post also points to a job ad for a principal software engineer who will be expected to work on the.
[06:58]
B
Tools to make this happen.
[07:01]
C
There will be no Super Cyber Friday this week, but we will be back with new episodes in 2026. But from everyone here at the Cybersecurity Headlines Team, here's wishing you and yours.
[07:12]
B
A happy Boxing Day.
[07:15]
C
And if you have some thoughts on the news from today, or about this show in general, please be sure to.
[07:19]
B
Reach out to us@feedbackisoseries.com we would love to hear from you. I'm Steve Prentiss reporting for the CISO series.
[07:33]
A
Cybersecurity headlines are available every weekday. Head to CISoseries.com for the full stories behind the headlines.