Critical FortiSIEM Flaw Exposes Systems to Remote Attacks
Security researchers have disclosed a serious flaw in Fortinet’s FortiSIEM security monitoring software that could allow attackers on the internet to break into systems without needing a username or password. The vulnerability, tracked as CVE-2025-25256, could let attackers run commands or install malicious software, potentially giving them full control of affected systems. A public demonstration exploit has also been released, increasing the risk of misuse.
The issue was reported in August 2025 and fixed by Fortinet in November, with all supported versions now patched. Researchers explained that the weakness comes from an exposed internal service that has been a recurring problem in past FortiSIEM security bugs. Similar flaws have previously attracted the attention of ransomware groups, raising concerns that unpatched systems could be targeted.
FortiSIEM versions from 6.7 through 7.5 are affected, though Fortinet says FortiSIEM 7.5 and its cloud version are not vulnerable. Older, unsupported versions will not receive a fix, leaving organizations using them at risk. Fortinet urges customers to update immediately or at least restrict network access to a specific service port as a temporary safeguard, and to review system logs for signs of compromise.
Predator Spyware Found to Be More Stealthy Than Expected
Researchers have found that the Predator spyware is more advanced at hiding itself than previously understood. According to a new study, the spyware can tell its operators exactly why an infection attempt failed, rather than simply failing silently. This gives attackers clearer feedback and helps them adjust their tactics.
One key finding is that Predator can detect when a target’s device is running security or monitoring tools. In those cases, the spyware deliberately stops itself and reports a specific error code back to its operators, signaling that the device is being watched. This means the spyware avoids exposing itself while also warning attackers that the target may be more security aware.
The research also shows that Predator tries to cover its tracks by hiding crash logs and watching for basic privacy checks, such as users looking at their own network activity. Overall, the findings suggest Predator is designed to evade not just professional security researchers, but also cautious everyday users, making it harder to detect and investigate.
One-Click Attack Exposed Data Through Microsoft Copilot
SResearchers have uncovered a new attack called “Reprompt” that could let attackers steal data from Microsoft’s Copilot AI assistant with just a single click. The attack works when a user clicks a specially crafted link, without needing them to type anything into Copilot or install any add-ons. Once triggered, it can quietly pull sensitive information the user has previously shared, such as personal details.
The trick behind Reprompt is that it feeds hidden instructions to Copilot through a web link and then repeatedly nudges the assistant into carrying out actions it would normally block. The attack can continue even after the Copilot chat window is closed, making it hard for users to notice anything unusual. Researchers say the stolen data can be leaked slowly and discreetly, which helps the attack avoid detection.
Microsoft was privately notified of the issue in August 2025 and fixed it before the research was made public. The company also said that business users of Microsoft 365 Copilot were not affected. To stay safe, experts advise being cautious about clicking unknown links and avoiding sharing sensitive information with AI tools, since attackers can take advantage of misplaced trust in new technologies.
Defensible Strategies
Learn from those who have been attacked
Judge Dismisses Investor Lawsuit Over CrowdStrike Outage
A federal judge in Texas has thrown out a major lawsuit brought by CrowdStrike investors over the widespread computer outage caused by a faulty software update in July 2024. That update led millions of Windows computers to crash, disrupting airlines, banks, hospitals, and media organizations around the world. Investors had claimed CrowdStrike misled them about the safety of its software updates, but the judge ruled there was no evidence the company intentionally deceived shareholders.
While this decision is a legal win for CrowdStrike, the company still faces other challenges related to the outage. A separate lawsuit from Delta Air Lines is ongoing, with the airline claiming the incident caused more than $500 million in losses. That case focuses on whether CrowdStrike was careless or broke its contract, rather than whether it misled investors, and remains unresolved.
French Regulator Fines Telecom Firms €42M After Massive Data Breach
France’s data protection authority, CNIL, has fined telecom companies Free and Free Mobile a combined €42 million after a major data breach exposed information on more than 24 million people. The breach, discovered in October 2024, included sensitive details such as bank account numbers (IBANs). Both companies are owned by the Iliad Group, and the fines reflect the scale of the incident and the company’s overall size.
Investigators found that attackers broke into the companies’ systems through a remote access network used by employees, then moved into a customer management system that allowed them to look up data from both Free and Free Mobile customers. The attackers began copying customer records weeks before the breach was detected and continued until they were removed. In total, data linked to over 24.6 million fixed-line and mobile contracts was taken.
CNIL said the companies broke European data protection rules in three main ways: they did not adequately secure personal data, they failed to clearly inform customers about the breach, and they kept customer data longer than allowed. The regulator also criticized weak login protections, poor monitoring for suspicious activity, and the lack of proper systems to delete old customer data. The sensitivity of the stolen information and these shortcomings played a key role in the size of the fines.
Monroe University Breach Exposes Data of 320,000+ Individuals
Monroe University recently confirmed that a data breach in 2025 affected over 320,000 individuals. The stolen information varied but could include names, birth dates, Social Security numbers, government IDs, medical and health insurance data, financial account details, and student records. The university began notifying affected people in January 2026 and is offering one year of free credit monitoring to help prevent identity theft or fraud.
This breach is part of a larger trend of attacks targeting U.S. universities, including ransomware and phishing incidents at schools like the University of Hawaii, Baker University, Harvard, Princeton, and the University of Pennsylvania. Cybercriminals have stolen personal, financial, and health information from students, staff, and alumni, often by compromising university systems such as alumni or development platforms. These attacks highlight ongoing cybersecurity challenges in higher education.