Cyber News Bytes: What’s Happening in Cybersecurity This Week

When Edge Devices Become the Easiest Way In

Most weeks, the signals are subtle. A misconfiguration here, a delayed patch there, something easy to overlook in the middle of real operational work. But every so often, several unrelated stories line up and reveal a clearer pattern about where attackers are spending their time and why.

This week is one of those moments.

Let’s break down what happened this week. 👇

1.Cisco AsyncOS zero-day under active exploitation

What happened:
Cisco disclosed a maximum-severity zero day in AsyncOS affecting Secure Email Gateway and Secure Email and Web Manager appliances, which has already been exploited by a China-linked APT tracked as UAT-9686. The flaw enables unauthenticated command execution with root privileges when the Spam Quarantine feature is exposed to the internet, and Cisco has confirmed persistence mechanisms on compromised appliances.

Why it matters:
This isn’t just about a CVSS 10.0 score. Email security infrastructure itself has become a high value target, especially when optional features quietly become internet facing over time. The tooling observed in these attacks points to long-term access and operational patience, not opportunistic exploitation.

How to use it:
This is a strong signal to revisit assumptions around “non default” features and how exposure evolves after deployment. Appliance security today depends as much on validating access paths and persistence risk as it does on waiting for vendor patches.

Read more on The Hacker News

2.Amazon flags a shift toward misconfiguration-first attacks

What happened:
Amazon’s threat intelligence team reported that Russian state-linked actors, including Sandworm, are increasingly favoring misconfigured network edge devices over exploiting new vulnerabilities. Since 2025, the group has leaned heavily on exposed routers, VPN concentrators, and gateways, particularly in cloud-hosted environments, to gain initial access.

Why it matters:
This shift isn’t about reduced capability it’s about efficiency. Misconfigurations are quieter, cheaper, and more reliable than burning exploits, especially at scale. For defenders, it reinforces that strong patching programs don’t reduce risk if configuration drift is left unchecked.

How to use it:
Treat this as confirmation that configuration visibility is now a frontline control. The gap attackers are exploiting isn’t advanced tooling, it’s the disconnect between how systems are deployed and how they’re actually secured over time.

Read more on Security Week

3.Fortinet authentication bypass flaws hit KEV

What happened:
CISA added two critical Fortinet authentication bypass vulnerabilities to its Known Exploited Vulnerabilities catalog after evidence of active exploitation. The flaws allow attackers to bypass FortiCloud SSO using crafted SAML messages, leading to admin-level access and the exfiltration of device configurations from internet-facing systems.

Why it matters:
Firewalls and VPN management interfaces remain prime targets because a single compromise can cascade across an entire environment. The fact that SSO could be implicitly enabled during registration highlights how default workflows can unintentionally expand the attack surface.

How to use it:
This is another reminder to treat the management plane as a high-risk asset. Beyond patching, regularly challenging which interfaces should be reachable and how identity features are activated reduces exposure far more than reactive fixes alone.

Read more on Dark Reading

The attacks this week weren’t flashy; they were the quiet ones that slip by when no one’s watching. That’s exactly where we, as defenders, need to focus next.

 Paying attention to the small signals, the overlooked features, and the subtle misconfigurations is often what separates a secure environment from one quietly compromised. It’s a reminder that consistent, thoughtful work matters more than chasing the next dramatic alert.

For anyone curious about stepping into cybersecurity, it can feel overwhelming at first. But the path doesn’t have to be complicated; learning, experimenting, and building practical skills consistently is what really counts.

CourseCareers offers a fast, hands on, beginner friendly way to start that journey. Check it out here.

Keep Learning, Keep Growing,
Sandra