Risky Bulletin: Improperly Patched Bug Exploited Again in Fortinet Firewalls

Podcast: Risky Bulletin by risky.biz
Date: January 22, 2026
Host: Amberly Jack, written by Catalin Cimpanu

Overview

This episode delivers a rapid-fire summary of major cybersecurity events from around the world. The focus is on the resurgence of an old Fortinet firewall vulnerability following an inadequate patch, new zero-day vulnerabilities in Cisco and SmarterMail products, global incidents involving spyware, data privacy developments, and notable trends in AI and security research.

Key Discussion Points & Insights

1. Fortinet Firewall Bug Exploited Again

A critical bug in Fortinet firewalls, originally disclosed in December, is actively being exploited due to improper patching.
- Attackers can bypass single sign-on (SSO) authentication and set up backdoor accounts.
- "The bug from December allowed attackers to bypass single sign-on authentication. Fortinet has confirmed the bug was not patched properly." — [00:18]
- New exploitation began last week. Most devices are safe if SSO is not enabled by default.
Insight: Even after disclosure, incomplete patches can leave systems vulnerable, emphasizing the need for effective vulnerability management.

2. Newly Exploited Zero-Days in Cisco & SmarterMail

Cisco Unified Communications Manager
- Actively exploited zero-day allowed unauthenticated attackers to gain root access via the web interface.
- Cisco has since patched the vulnerability.
- “The flaw granted root access to the device.” — [00:38]
SmarterMail Platform
- Zero-day could let attackers reset administrator passwords.
- Watchtower Labs identified exploitation after reviewing customer logs.
- Patches are out, but attackers were already using the flaw in the wild.

3. Spyware & Digital Surveillance Incidents

Jordan:
- Police used Celebrite’s phone hacking tools to extract data from activists, especially those supporting Palestinians in Gaza.
- Investigators from Citizen Lab and OCCRP identified dozens of victims since 2020, often hacked during interrogations.
- “Recent targets were activists who organised protests in support of Palestinians in Gaza.” — [01:18]
Spain:
- Pegasus spyware investigation into hacks of top officials (including PM Pedro Sanchez) shut down after Israel declined to cooperate.

4. National Privacy and Data Legislation

The Netherlands:
- Dutch Parliament urges government not to store sensitive national identity data on US cloud services, pushing for data sovereignty.
Kazakhstan:
- New criminal liability laws for large-scale personal data leaks.
- Company fines tripled from ~$17,000 to ~$42,500 for failing to protect user info.

5. International Hacking Activity

China Claims & Taiwan:
- Chinese government reports investigating 4,000+ cyberattacks from Taiwan targeting classified business information.
- China alleges “Taiwanese cyber troops” were involved.

6. Risks in Security Training Environments

Hackers are compromising intentionally vulnerable applications left openly accessible—like OWASP Juice Shop, DVWA, and Hackazon—often used in pen-testing labs.
- “Several Fortune 500 companies and security vendors left their training labs exposed to the Internet.” — [02:23]

7. Ransomware Data Recovery

Cybercentors, a security firm, infiltrated the infrastructure of the Inc. Ransomware Group.
- Result: Recovery of original, unencrypted data for more than a dozen victims.

8. Healthcare Data Breach in New Zealand

Privacy Commissioner investigates a breach at Manage My Health, compromising records of 120,000+ people.
- Authorities are probing whether appropriate security controls were in place.

9. Other Vulnerabilities Disclosed

GitLab:
- Patched a 2FA bypass bug allowing attackers with passwords to fake device responses. Four other bugs were patched in the same update.
Vivitek Security Cameras:
- At least 37 models are remotely exploitable due to unauthenticated code execution vulnerabilities, all running legacy software.

10. AI Audit and Security Impact

Sansec Security Firm:
- Used AI (“CLAUDE code”) to scan PHP extensions, uncovering 353 vulnerabilities across the 5,000 most popular packages.
- “Almost 3 quarters of the bugs are direct object reference and authentication bypass issues.” — [03:31]

11. The Problem with AI-generated Bug Reports

Curl Project:
- Ending its bug bounty due to unmanageable volume of AI-generated (many irrelevant) bug reports.
- “Reports are time-consuming to triage and many are not even security flaws.” — [03:47]

12. Grok AI Image Generation Controversy

The newly launched GROK AI image generator on platform X (formerly Twitter) created an estimated three million sexualized images in 11 days, 23,000 possibly involving children.
- X is under global investigation over this feature.

Notable Quotes & Memorable Moments

“The bug from December allowed attackers to bypass single sign-on authentication. Fortinet has confirmed the bug was not patched properly.” — [00:18]
“The flaw granted root access to the device.” — [00:38]
“Recent targets were activists who organised protests in support of Palestinians in Gaza.” — [01:18]
“Several Fortune 500 companies and security vendors left their training labs exposed to the Internet.” — [02:23]
“Almost 3 quarters of the bugs are direct object reference and authentication bypass issues.” — [03:31]
“Reports are time-consuming to triage and many are not even security flaws.” (on AI-generated bug bounties) — [03:47]

Timestamps for Important Segments

[00:04] — Episode begins, Fortinet bug story
[00:38] — Cisco and SmarterMail zero-days
[01:00] — Spyware in Jordan and Spain
[01:28] — Dutch and Kazakh data privacy laws
[01:49] — Chinese cyberespionage claims
[02:09] — Exposed pen-test labs
[02:30] — Inc. Ransomware data recovery
[02:42] — New Zealand health data breach
[02:56] — GitLab and Vivitek vulnerabilities
[03:15] — AI audit of PHP packages
[03:31] — Curl shuts down bug bounty over AI submissions
[03:47] — GROK AI sexualized image controversy

Conclusion

This edition of Risky Bulletin illustrates the ongoing, complex challenges across the cybersecurity landscape—from persistent unpatched vulnerabilities and newly discovered zero-days, to the far-reaching impact of surveillance technology, privacy legislation, AI threats, and the intersection of online safety and social responsibility. The concise, fact-rich delivery offers actionable awareness for practitioners and anyone following global cyber risk.

Risky Bulletin: Improperly Patched Bug Exploited Again in Fortinet Firewalls

Podcast: Risky Bulletin by risky.biz
Date: January 22, 2026
Host: Amberly Jack, written by Catalin Cimpanu

Overview

Key Discussion Points & Insights

1. Fortinet Firewall Bug Exploited Again

A critical bug in Fortinet firewalls, originally disclosed in December, is actively being exploited due to improper patching.
- Attackers can bypass single sign-on (SSO) authentication and set up backdoor accounts.
- "The bug from December allowed attackers to bypass single sign-on authentication. Fortinet has confirmed the bug was not patched properly." — [00:18]
- New exploitation began last week. Most devices are safe if SSO is not enabled by default.
Insight: Even after disclosure, incomplete patches can leave systems vulnerable, emphasizing the need for effective vulnerability management.

2. Newly Exploited Zero-Days in Cisco & SmarterMail

Cisco Unified Communications Manager
- Actively exploited zero-day allowed unauthenticated attackers to gain root access via the web interface.
- Cisco has since patched the vulnerability.
- “The flaw granted root access to the device.” — [00:38]
SmarterMail Platform
- Zero-day could let attackers reset administrator passwords.
- Watchtower Labs identified exploitation after reviewing customer logs.
- Patches are out, but attackers were already using the flaw in the wild.

3. Spyware & Digital Surveillance Incidents

Jordan:
- Police used Celebrite’s phone hacking tools to extract data from activists, especially those supporting Palestinians in Gaza.
- Investigators from Citizen Lab and OCCRP identified dozens of victims since 2020, often hacked during interrogations.
- “Recent targets were activists who organised protests in support of Palestinians in Gaza.” — [01:18]
Spain:
- Pegasus spyware investigation into hacks of top officials (including PM Pedro Sanchez) shut down after Israel declined to cooperate.

4. National Privacy and Data Legislation

The Netherlands:
- Dutch Parliament urges government not to store sensitive national identity data on US cloud services, pushing for data sovereignty.
Kazakhstan:
- New criminal liability laws for large-scale personal data leaks.
- Company fines tripled from ~$17,000 to ~$42,500 for failing to protect user info.

5. International Hacking Activity

China Claims & Taiwan:
- Chinese government reports investigating 4,000+ cyberattacks from Taiwan targeting classified business information.
- China alleges “Taiwanese cyber troops” were involved.

6. Risks in Security Training Environments

Hackers are compromising intentionally vulnerable applications left openly accessible—like OWASP Juice Shop, DVWA, and Hackazon—often used in pen-testing labs.
- “Several Fortune 500 companies and security vendors left their training labs exposed to the Internet.” — [02:23]

7. Ransomware Data Recovery

Cybercentors, a security firm, infiltrated the infrastructure of the Inc. Ransomware Group.
- Result: Recovery of original, unencrypted data for more than a dozen victims.

8. Healthcare Data Breach in New Zealand

Privacy Commissioner investigates a breach at Manage My Health, compromising records of 120,000+ people.
- Authorities are probing whether appropriate security controls were in place.

9. Other Vulnerabilities Disclosed

GitLab:
- Patched a 2FA bypass bug allowing attackers with passwords to fake device responses. Four other bugs were patched in the same update.
Vivitek Security Cameras:
- At least 37 models are remotely exploitable due to unauthenticated code execution vulnerabilities, all running legacy software.

10. AI Audit and Security Impact

Sansec Security Firm:
- Used AI (“CLAUDE code”) to scan PHP extensions, uncovering 353 vulnerabilities across the 5,000 most popular packages.
- “Almost 3 quarters of the bugs are direct object reference and authentication bypass issues.” — [03:31]

11. The Problem with AI-generated Bug Reports

Curl Project:
- Ending its bug bounty due to unmanageable volume of AI-generated (many irrelevant) bug reports.
- “Reports are time-consuming to triage and many are not even security flaws.” — [03:47]

12. Grok AI Image Generation Controversy

The newly launched GROK AI image generator on platform X (formerly Twitter) created an estimated three million sexualized images in 11 days, 23,000 possibly involving children.
- X is under global investigation over this feature.

Notable Quotes & Memorable Moments

“The bug from December allowed attackers to bypass single sign-on authentication. Fortinet has confirmed the bug was not patched properly.” — [00:18]
“The flaw granted root access to the device.” — [00:38]
“Recent targets were activists who organised protests in support of Palestinians in Gaza.” — [01:18]
“Several Fortune 500 companies and security vendors left their training labs exposed to the Internet.” — [02:23]
“Almost 3 quarters of the bugs are direct object reference and authentication bypass issues.” — [03:31]
“Reports are time-consuming to triage and many are not even security flaws.” (on AI-generated bug bounties) — [03:47]

Timestamps for Important Segments

[00:04] — Episode begins, Fortinet bug story
[00:38] — Cisco and SmarterMail zero-days
[01:00] — Spyware in Jordan and Spain
[01:28] — Dutch and Kazakh data privacy laws
[01:49] — Chinese cyberespionage claims
[02:09] — Exposed pen-test labs
[02:30] — Inc. Ransomware data recovery
[02:42] — New Zealand health data breach
[02:56] — GitLab and Vivitek vulnerabilities
[03:15] — AI audit of PHP packages
[03:31] — Curl shuts down bug bounty over AI submissions
[03:47] — GROK AI sexualized image controversy

Risky Bulletin: Improperly patched bug exploited again in Fortinet firewalls

Powered by Wave AI

Summary

Risky Bulletin: Improperly Patched Bug Exploited Again in Fortinet Firewalls

Overview

Key Discussion Points & Insights

1. Fortinet Firewall Bug Exploited Again

2. Newly Exploited Zero-Days in Cisco & SmarterMail

3. Spyware & Digital Surveillance Incidents

4. National Privacy and Data Legislation

5. International Hacking Activity

6. Risks in Security Training Environments

7. Ransomware Data Recovery

8. Healthcare Data Breach in New Zealand

9. Other Vulnerabilities Disclosed

10. AI Audit and Security Impact

11. The Problem with AI-generated Bug Reports

12. Grok AI Image Generation Controversy

Notable Quotes & Memorable Moments

Timestamps for Important Segments

Conclusion

Summary

Risky Bulletin: Improperly Patched Bug Exploited Again in Fortinet Firewalls

Overview

Key Discussion Points & Insights

1. Fortinet Firewall Bug Exploited Again

2. Newly Exploited Zero-Days in Cisco & SmarterMail

3. Spyware & Digital Surveillance Incidents

4. National Privacy and Data Legislation

5. International Hacking Activity

6. Risks in Security Training Environments

7. Ransomware Data Recovery

8. Healthcare Data Breach in New Zealand

9. Other Vulnerabilities Disclosed

10. AI Audit and Security Impact

11. The Problem with AI-generated Bug Reports

12. Grok AI Image Generation Controversy

Notable Quotes & Memorable Moments

Timestamps for Important Segments

Conclusion