Cyber Security Headlines — December 26, 2025
Host: Steve Prentiss | Podcast: CISO Series
Episode Focus: Key developments in cybersecurity from major tech vendors to government initiatives, featuring major exploits, organizational breaches, and forward-looking security strategies.
Main Theme and Purpose
This episode delivers a rapid-fire rundown of top cybersecurity stories impacting enterprises and the public sector. Covered topics include a revived Fortinet VPN exploit, a possible foundational change to Gmail accounts, an update on the massive Aflac insurance breach, a critical NVR vulnerability, US AI research partnerships, a MongoDB exploit, a cyberattack against Romanian water systems, and Microsoft's ambitious codebase migration efforts.
Key Discussion Points & Insights
1. Fortinet VPN Exploit Resurfaces
-
[00:23] Fortinet reports active abuse of a five-year-old vulnerability (CVE-2020, CVSS 5.2) in FortiOS SSL VPN.
-
Exploit allows bypassing second-factor authentication by altering username case sensitivity due to inconsistent matching between authentication modules.
-
Fortinet urges users on certain FortiOS versions to run:
set username sensitivity disable- Insight: Even longstanding vulnerabilities can resurface, especially when mixed with obscure configuration issues and persistent threat actors.
“A certain number of prerequisites need to be satisfied by any threat actors… but since some have been seen doing so, Fortinet advises customers… to run a set username sensitivity disable command.”
— Steve Prentiss, [00:46]
2. Possible Google Gmail Account Changes
-
[01:28] A new support document found on Telegram (in Hindi, possibly signaling India-only testing) suggests Google may soon allow users to change their primary Gmail address—not just aliases.
-
No official statement yet from Google.
“…changing the main mail.com address was not allowed. Google has not yet made any formal announcement on this.”
— Steve Prentiss, [01:54]
3. Aflac Breach Update
-
[02:02] The June cyberattack at Aflac exposed the data of over 22 million customers per new internal findings.
-
Breach included insurance claims, health data, Social Security numbers, affecting customers, employees, agents, and more.
-
Attack, attributed to "Scattered Spider," wasn’t ransomware-based and was contained relatively quickly, but data exfiltration succeeded.
“This data included information on insurance claims, health data, Social Security numbers and other personal details…”
— Steve Prentiss, [02:24]
4. DigiEver NVR Vulnerability Added to KEV Catalog
-
[02:45] SISA adds active DigiEver DS2105Pro NVR vulnerability (command injection, CVSS 8.8) to Known Exploited Vulnerabilities catalog.
-
Allows post-authentication remote code execution and is being leveraged to deliver botnets such as Mirai.
-
US Federal agencies required to mitigate or take systems offline before January 12, 2026.
“Of primary concern is the ability of threat actors to deliver botnets such as Mirai and Shadow V2…”
— Steve Prentiss, [03:08]
5. NIST and MITRE Join for AI Security Research
-
[04:13] NIST and Mitre Corporation launching a $20M initiative to build two research centers focused on AI impacts in critical infrastructure and advanced manufacturing.
-
Goals include driving secure, industry-wide AI adoption and developing "agentic" AI and other technologies for risk reduction.
“…how industries that provide water, electricity, Internet and other essential services can protect and maintain services in the face of AI-enabled threats.”
— Steve Prentiss, [04:28]
6. MongoDB Vulnerability: Potential Server Takeover
-
[05:07] High-severity (CVSS 8.7) flaw could enable unauthenticated remote attackers to execute code via a client-side exploit of the server’s Zlib library.
-
Affected users urged to upgrade immediately; details in the episode’s show notes.
“…allows an unauthenticated remote attacker to execute arbitrary code on vulnerable servers through a client side exploit…”
— Steve Prentiss, [05:11]
7. Romanian Waters Authority Cyberattack
-
[05:43] Romania’s Water Management Authority hit by a cyberattack last weekend, disrupting about 1,000 systems (across central and most regional offices).
-
IT systems including GIS, databases, email, and domain servers impacted.
-
Critical water infrastructure and operations ("OT systems") reportedly unaffected.
“…authorities emphasize that operational technology systems managing water infrastructure were not impacted and water operations continue to function normally.”
— Steve Prentiss, [06:09]
8. Microsoft Plans to Replace All C/C++ with Rust
-
[06:13] Galen Hunt (Microsoft Distinguished Engineer) announces company-wide effort to eliminate all C and C++ code by 2030 in favor of Rust.
-
Advanced AI-driven code transformation tools are key to this transition.
-
Efforts include job postings for engineers to build these transformation solutions.
“The goal of this project is to evolve and augment our infrastructure to enable translating Microsoft's largest C and C++ to Rust.”
— Galen Hunt (via Steve Prentiss), [06:31]
Notable Quotes & Memorable Moments
- “Even longstanding vulnerabilities can resurface, especially when mixed with obscure configuration issues and persistent threat actors.” — [00:46]
- “This data included information on insurance claims, health data, Social Security numbers and other personal details…” — [02:24]
- “Of primary concern is the ability of threat actors to deliver botnets such as Mirai and Shadow V2…” — [03:08]
- “The goal of this project is to evolve and augment our infrastructure to enable translating Microsoft's largest C and C++ to Rust.” — [06:31]
Important Timestamps for Segments
| Timestamp | Segment | |-----------|-------------------------------------------| | 00:23 | Fortinet VPN exploit revisited | | 01:28 | Google Gmail address change speculation | | 02:02 | Aflac breach scope revealed | | 02:45 | DigiEver NVR vulnerability | | 04:13 | NIST / MITRE AI cybersecurity partnership | | 05:07 | MongoDB critical flaw | | 05:43 | Romanian Waters cyberattack | | 06:13 | Microsoft’s code migration to Rust |
Episode Tone and Style
Steve Prentiss’ delivery is concise, fact-driven, and professional, maintaining an even tone with helpful context for each headline. The episode is dense with actionable information, catering to busy security professionals and executives.
Summary
This episode spotlights how long-standing overlooked bugs can resurface, the growing focus on AI and secure software engineering, the persistence of state and non-state cyber threats, and how large organizations and government are shifting strategies to anticipate and mitigate the evolving landscape of cyber risk. With practical advice and timely alerts, it's a brisk, insightful overview for infosec practitioners and business leaders alike.
