Fortinet firewall credentials for 74K devices stolen; Splunk RCE under attack

Here is an overview of the most compelling cybersecurity news, articles, interviews, and videos from the past week.

A significant security breach has exposed Fortinet firewall credentials for over 74,000 devices, posing a direct threat to enterprise networks worldwide. The leaked data, which includes administrative passwords and IP addresses, could allow attackers to hijack firewalls, pivot into internal systems, and deploy ransomware. Organizations using Fortinet products are urged to immediately audit their devices, rotate all credentials, and enforce multi-factor authentication to mitigate the risk of exploitation.

Meanwhile, a critical remote code execution (RCE) vulnerability in Splunk is now under active attack. Security researchers have observed threat actors leveraging this flaw to gain unauthorized access to Splunk instances. The vulnerability, which affects multiple versions of the data analytics platform, allows attackers to execute arbitrary code remotely. Splunk has released patches, and administrators are strongly advised to apply updates without delay to prevent system compromise.

In hardware security news, researchers have unveiled a novel hardware neural network backdoor that hides in plain sight. This sophisticated attack targets deep learning systems on edge devices, often relying on third-party-designed FPGAs and ASICs for performance. The backdoor is designed to remain dormant under normal operations but can be triggered by specific inputs, causing the neural network to misclassify data. This discovery underscores the growing risks in the supply chain for AI hardware, where malicious modifications can be nearly impossible to detect through conventional software scans.