Svoboda Cybersecurity Brief January 23, 2026

Okta SSO Targeted in Sophisticated Vishing Attacks

Hackers are using custom phishing kits to conduct voice-based social engineering (vishing) attacks against Okta SSO credentials. These attacks bypass MFA by synchronizing phishing pages with real-time MFA challenges, allowing attackers to intercept TOTP codes.
Impact: Compromised SSO credentials give attackers access to multiple enterprise platforms, leading to data theft and extortion.
Mitigation: Use phishing-resistant MFA like Okta FastPass, FIDO2 keys, or passkeys.
Source: BleepingComputer

Fortinet FortiGate Firewalls Breached via SSO Exploit

Attackers are exploiting an unknown flaw in FortiGate’s SSO feature to create rogue accounts and steal firewall configs. The campaign resembles earlier attacks leveraging CVE-2025-59718, an authentication bypass vulnerability.
Impact: Unauthorized VPN access and firewall config theft, potentially enabling further network compromise.
Mitigation: Disable FortiCloud SSO or apply CLI command set admin-forticloud-sso-login disable.
Source: BleepingComputer

SmarterMail Auth Bypass Exploited to Hijack Admin Accounts

A critical authentication bypass flaw in SmarterMail (CVE-less) allows attackers to reset admin passwords via the force-reset-password API endpoint. Evidence shows exploitation began two days after patching.
Impact: Full system compromise via admin account takeovers and remote code execution.
Mitigation: Upgrade to Build 9511 (released Jan 15).
Source: BleepingComputer

INC Ransomware OpSec Fail Exposes Victim Data

Researchers recovered data from 12 U.S. organizations due to INC ransomware’s misuse of the Restic backup tool. Attackers left unsecured infrastructure traces, enabling forensic analysis.
Impact: Sensitive data exfiltration and extortion, with potential recovery from exposed backups.
Source: BleepingComputer

Critical GNU InetUtils telnetd Flaw Bypasses Authentication (CVE-2026-24061)

A 11-year-old vulnerability in GNU InetUtils telnetd allows root access via a crafted USER=-f root environment variable. Attacks are already underway from global IPs.
Impact: Remote authentication bypass leading to root access on vulnerable systems.
Mitigation: Patch immediately or disable telnetd; restrict access to trusted clients.
Source: TheHackerNews

Zendesk Support Systems Abused for Global Spam Wave

Attackers are flooding inboxes by exploiting unsecured Zendesk ticket systems to send spam emails. The abuse leverages automated confirmation emails triggered by fake support submissions.
Impact: Spam deluge causing confusion and potential phishing risks.
Source: BleepingComputer

Malicious PyPI Package “sympy-dev” Drops XMRig Miner

A fake SymPy package on PyPI (1,100+ downloads) deploys an XMRig cryptominer via Linux memfd_create to evade disk detection. Attacks target polynomial function calls.
Impact: Cryptojacking and potential secondary payload execution.
Mitigation: Verify package authenticity and monitor for unusual CPU usage.
Source: TheHackerNews

Kazakhstan Proposes Criminal Liability for Data Leaks

The country plans stricter penalties, including criminal charges, for mass personal data leaks as part of a “zero tolerance” policy. Fines for non-compliance will also increase.
Source: DataBreaches.net

GDPR Fines Reach €1.2B in 2025 Amid Rising Breaches

European regulators issued record fines under GDPR, with 443 daily breach notifications—a 22% YoY increase. Total fines since 2018 now exceed €7.1B.
Source: DataBreaches.net

Curl Ends Bug Bounty Over AI-Generated “Slop” Reports

The curl project shutdown its HackerOne program due to an influx of low-quality, likely AI-generated vulnerability reports overwhelming maintainers.
Source: BleepingComputer

Share this brief: https://svo.bz/l9KW