Top stories.
- Fortinet confirms exploitation of previously patched FortiCloud SSO flaw.
- TikTok finalizes deal to spin off US operations.
- VoidLink malware was likely AI-generated.
- Under Armour investigates alleged data breach.
- Law enforcement targets suspected Black Basta members.
Fortinet confirms exploitation of previously patched FortiCloud SSO flaw.
Fortinet has confirmed that attackers are using a new attack patch to exploit a critical FortiCloud SSO flaw (CVE-2025-59718), BleepingComputer reports. Arctic Wolf published a report on the exploitation on Wednesday, noting that the activity "involved the creation of generic accounts intended for persistence, configuration changes granting VPN access to those accounts, as well as exfiltration of firewall configurations." The vulnerability, which received an initial patch in December 2025, can allow "an unauthenticated attacker to bypass the FortiCloud SSO login authentication via a crafted SAML response message."
Fortinet stated, "Fortinet product security has identified the issue, and the company is working on a fix to remediate this occurrence. An advisory will be issued as the fix scope and timeline is available. It is important to note that while, at this time, only exploitation of FortiCloud SSO has been observed, this issue is applicable to all SAML SSO implementations." The company has shared mitigations in the meantime, which include restricting access or disabling the FortiCloud SSO feature.
TikTok finalizes deal to spin off US operations.
TikTok has finalized a deal to divest its US operations and create a new American entity, following years of bipartisan US pressure regarding security concerns stemming from the app's Chinese ownership. The Biden Administration passed a law in 2024 that would ban TikTok in the US unless its parent company, China-based ByteDance, spun off the app as an American-controlled venture. NPR says US investors, including Oracle, Silver Lake, and MGX, will own more than eighty percent of the new entity, while ByteDance will retain just under twenty percent. Former TikTok executive Adam Presser will lead the new company.
President Trump, in a Truth Social post, thanked China's President Xi "for working with us and, ultimately, approving the Deal." TikTok said in a statement, "The majority American-owned Joint Venture will operate under defined safeguards that protect national security through comprehensive data protections, algorithm security, content moderation, and software assurances for U.S. users."
VoidLink malware was likely AI-generated.
Researchers at Check Point say the newly observed Linux malware "VoidLink" was likely written almost entirely by AI, probably under the direction of a single person. Check Point states, "From a methodology perspective, the actor used the model beyond coding, adopting an approach called Spec Driven Development (SDD), first tasking it to generate a structured, multi-team development plan with sprint schedules, specifications, and deliverables. That documentation was then repurposed as the execution blueprint, which the model likely followed to implement, iterate, and test the malware end-to-end."
Threat actors using AI to assist in malware development isn't new, but Check Point says VoidLink stands out due to its sophistication. The researchers note, "Until now, solid evidence of AI-generated malware has primarily been linked to inexperienced threat actors, as in the case of FunkSec, or to malware that largely mirrored the functionality of existing open-source malware tools. VoidLink is the first evidence-based case that shows how dangerous AI can become in the hands of more capable malware developers."
Under Armour investigates alleged data breach.
Activewear company Under Armour is investigating an alleged data breach affecting more than 72 million accounts, TechCrunch reports. The Everest ransomware group listed Under Armour as a victim in November 2025 and claimed to have stolen 343GB of data. The alleged data was posted to a hacker forum on January 28th, and Have I Been Pwned added the breach to its database on Wednesday.
An Under Armour spokesperson told TechCrunch, "Our investigation of this issue, with the assistance of external cybersecurity experts, is ongoing. Importantly, at this time, there’s no evidence to suggest this issue affected UA.com or systems used to process payments or store customer passwords. What we know at this time is the number of affected customers with any sort of information that could be considered sensitive is a very small percentage."
Law enforcement targets suspected Black Basta members.
Ukrainian and German police raided the homes of two Ukrainians suspected of belonging to the Black Basta ransomware gang, the Record reports. Ukrainian police described the two suspects as "hash crackers," alleging that they specialized in extracting login credentials from account databases and gaining access to protected systems. The raids took place last Thursday in Ukraine's Lviv and Ivano-Frankivsk regions, and resulted in the seizure of digital storage devices and cryptocurrency assets.
Germany’s Federal Criminal Police Office (BKA) also identified the suspected leader of the gang as 36-year-old Oleg Nefedov, a Russian national believed to be at large in his home country. The police have added Nefedov to Europol's Most Wanted and Interpol's Red Notice lists.
