Daily Security Briefing #114

December 25, 2025 | Read Online

FortiGate 2FA bypass resurfaces, ongoing cryptocurrency thefts linked to LastPass breach, and new remote code execution vulnerability in Digiever NVRs.

Executive Summary

Today’s cybersecurity landscape is dominated by a resurfacing critical flaw in FortiGate firewalls, allowing threat actors to bypass two-factor authentication through a three-year-old vulnerability. This ongoing exploitation underscores the persistent risk of unpatched systems in critical infrastructure. Meanwhile, crypto thefts related to the 2022 LastPass breach continue years later, revealing the long-lasting impact of credential exposures and weak password hygiene. Additionally, the U.S. CISA warns of active exploitation of a high-severity remote code execution flaw in Digiever network video recorders, highlighting the continued targeting of IoT and surveillance devices. These developments emphasize the need for continuous vigilance, patch management, and monitoring of emerging threats across diverse attack surfaces.

Top Articles

Unpatched FortiGate Security Flaw Allows Attackers to Bypass 2FA Controls
A critical vulnerability in FortiGate devices (CVE-2020-12812) permits attackers to circumvent two-factor authentication via case-sensitive username manipulation. This flaw affects systems integrated with LDAP directories that do not align with FortiGate’s case sensitivity and remains exploitable on unpatched devices. Organizations using FortiGate firewalls with specific LDAP configurations are at heightened risk of unauthorized access.
GBHackers

Hackers Abuse 3-Year-Old FortiGate Flaw to Bypass Firewall 2FA Protections
Threat actors continue to exploit a severe authentication bypass in Fortinet’s FortiGate platform. The vulnerability, first identified three years ago, enables bypassing 2FA mechanisms by exploiting differences in username case handling between FortiGate and LDAP directories. The persistence of this exploit in the wild highlights poor patch adoption and ongoing threat activity targeting critical firewall infrastructure.
CyberPress

Fortinet Warns of Active Exploitation of FortiOS SSL VPN 2FA Bypass Vulnerability
Fortinet has confirmed recent active abuse of the CVE-2020-12812 flaw within FortiOS SSL VPN services. Attackers leverage this improper authentication vulnerability to log in without triggering second-factor authentication prompts under certain configurations. The vulnerability carries a CVSS score of 5.2, underlining moderate severity and the urgency for timely patching.
The Hacker News

LastPass 2022 Breach Led to Years-Long Cryptocurrency Thefts, TRM Labs Finds
Findings by TRM Labs reveal that encrypted vault backups stolen during the 2022 LastPass breach continue to facilitate cryptocurrency thefts through late 2025. Weak master passwords allowed attackers, reportedly linked to Russian cybercriminal groups, to decrypt vaults and drain assets over multiple years. This prolonged exploitation illustrates the risks associated with compromised password managers and the importance of strong password hygiene and breach response.
The Hacker News

CISA Flags Actively Exploited Digiever NVR Vulnerability Allowing Remote Code Execution
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added CVE-2023-52163 affecting Digiever DS-2105 Pro network video recorders to its Known Exploited Vulnerabilities catalog. The vulnerability involves command injection allowing remote code execution post-authentication, with a CVSS score of 8.8. Evidence indicates active exploitation, emphasizing the critical risk posed to surveillance infrastructure.
The Hacker News

ThreatsDay Bulletin: Stealth Loaders, AI Chatbot Flaws, Docker Hack, and 15 More Stories
This week’s bulletin highlights the increasing sophistication of attackers blending malicious activity into legitimate tools, including AI assistants and trusted applications. Through stealth, patience, and manipulation, attackers exploit AI chatbot weaknesses, container vulnerabilities, and loader techniques, reflecting a shift toward subversive, precision-based cyberattacks in modern environments.
The Hacker News

ChatGPT’s New Formatting Blocks Make Its UI Look More Like a Task Tool
OpenAI has introduced ‘formatting blocks’ to ChatGPT’s user interface, adjusting layout dynamically to fit the task context. This update enhances usability by tailoring UI elements to specific tasks, aiming to streamline user interaction with AI-generated content.
BleepingComputer

Google Will Finally Allow You to Change Your @gmail.com Address
Google announced a forthcoming feature allowing users to change their primary @gmail.com address or create new aliases. This enhancement addresses long-standing user requests for greater flexibility in email identity management.
BleepingComputer

AI Transparency: This newsletter uses AI to curate, rank, and summarize cybersecurity content from leading industry blogs. All articles link directly to original authors. Executive summaries are AI-generated based on article content. I curate the sources and deliver the digest—the original authors deserve the credit for their excellent work.