Daily Security Briefing #109

December 20, 2025 | Read Online

FortiCloud SSO vulnerabilities, Bangladeshi fake ID marketplace takedown, DOJ ATM jackpotting indictments

Executive Summary

Today’s cybersecurity landscape highlights significant vulnerabilities in widely deployed Fortinet devices, with over 25,000 systems using FortiCloud Single Sign-On exposed to critical remote exploitation risks. Law enforcement continues to disrupt global fraud operations, exemplified by the indictment of a Bangladeshi operator running large-scale fake ID marketplaces, and a major DOJ crackdown on a sophisticated ATM jackpotting ring using Ploutus malware. Additionally, Microsoft Teams users worldwide faced widespread service outages, affecting productivity across many organizations. Meanwhile, ransomware actors like RansomHouse are evolving their encryption complexity, underscoring ongoing growth in ransomware sophistication.

Top Articles

25,000+ FortiCloud SSO-Enabled Systems Vulnerable to Remote Exploitation
The Shadowserver Foundation has discovered more than 25,000 internet-facing Fortinet devices globally that enable FortiCloud Single Sign-On (SSO), potentially exposing them to critical authentication bypass vulnerabilities tracked as CVE-2025-59718 and CVE-2025-59719. The organization added fingerprinting capabilities to its Device Identification service, enabling administrators to assess their risk and take prompt action to mitigate exposure. Swift remediation is recommended to prevent remote exploits.
GBHackers | CyberPress

Bangladeshi Operator of Fake ID Marketplaces Charged in International Fraud Case
Zahid Hasan, a 29-year-old from Dhaka, Bangladesh, has been federally indicted on nine charges related to operating online marketplaces selling fraudulent identity document templates globally. The charges include transferring false identification documents and using forged passports and social security cards. This takedown highlights ongoing efforts to combat identity fraud schemes that enable a broad range of international cybercriminal activities.
GBHackers | CyberPress

U.S. DOJ Charges 54 in ATM Jackpotting Scheme Using Ploutus Malware
The Department of Justice announced indictments against 54 individuals involved in a multi-million dollar ATM jackpotting conspiracy. The group deployed Ploutus malware to hack automated teller machines across the United States, forcing them to dispense cash fraudulently. Authorities identified links to the criminal organization Tren de Aragua (TdA), underscoring the continued threat posed by coordinated cybercrime syndicates targeting financial infrastructure.
TheHackerNews

RansomHouse Upgrades Encryption with Multi-Layered Data Processing
The RansomHouse ransomware-as-a-service group has enhanced its encryption method by moving from a simple single-phase process to a sophisticated multi-layered technique. This upgrade aims to complicate decryption efforts by victims and forensic analysts, demonstrating ongoing ransomware evolution that challenges existing defensive measures and incident response strategies.
BleepingComputer

Microsoft Teams Outage Causes Global Messaging Delays and Service Interruptions
On December 20, 2025, Microsoft Teams experienced a significant worldwide outage impacting messaging and critical service operations. Users reported delayed message delivery and general service disruptions, with the company acknowledging the issue and initiating an investigation. The outage highlighted the dependency on cloud collaboration tools in enterprise environments and the impact of service interruptions on productivity.
GBHackers | CyberPress

AI Transparency: This newsletter uses AI to curate, rank, and summarize cybersecurity content from leading industry blogs. All articles link directly to original authors. Executive summaries are AI-generated based on article content. I curate the sources and deliver the digest—the original authors deserve the credit for their excellent work.