Cyber News Bytes: What’s Happening in Cybersecurity This Week

Every week, the threats around us grow more sophisticated, but so does our community’s ability to defend, adapt, and stay ahead. 

Let’s dive into the three biggest stories shaping cybersecurity right now.

TOP 3 CYBERSECURITY NEWS STORIES OF THE WEEK

1. Fortinet Confirms New FortiWeb Vulnerability Exploited in the Wild (CVE-2025-58034)

What Happened:

Fortinet disclosed a newly exploited OS command injection flaw affecting multiple FortiWeb versions. Attackers must first gain authenticated access, then chain it with CVE-2025-58034 to execute unauthorized system commands. Fortinet quietly patched an even more severe FortiWeb flaw just days earlier.

Why It Matters:

Silent patching puts defenders at a disadvantage, and FortiWeb sits at the edge of many networks. Even “medium severity” vulns become high-impact when attackers are actively chaining them in real-world intrusions.

How to Turn It Into an Advantage:

• Patch immediately to the fixed versions (7.0.12+, 7.2.12+, 7.4.11+, 7.6.6+, 8.0.2+).

• Review authentication logs for anomalies attackers must authenticate before exploitation.

• Revisit your patch-monitoring strategy; don’t rely solely on vendor advisories when exploit activity is confirmed.

Full story → The Hacker News

2. DoorDash Breach: Personal Information Stolen After Employee Social Engineering Attack

What Happened:

DoorDash confirmed a breach after an employee fell victim to a social engineering attack. Names, addresses, emails, and phone numbers of customers, Dashers, and merchants were exposed, but no financial or government ID data was accessed.

Why It Matters:

This is another reminder that humans remain the most targeted (and vulnerable) entry point. Even companies operating at a massive scale struggle to stop social engineering in real time.

How to Turn It Into an Advantage:

• Prioritize human layer security: ongoing awareness training, phishing simulations, and clear escalation paths.

• If supporting affected users, remind them to prepare for follow on phishing or smishing attempts.

• For defenders: review your internal access controls and employee onboarding/offboarding routines.

Full story → SecurityWeek

3. PlushDaemon Hackers Hijack Software Updates in Global Supply Chain Campaign

What Happened:

A China linked threat group known as PlushDaemon is hijacking software update traffic worldwide using a new implant called EdgeStepper. Once routers are compromised, victims unknowingly download a trojanized update chain leading to malware like SlowStepper.

Why It Matters:

This is a full-blown supply chain attack with global reach. Attackers are compromising routers, poisoning updates, and delivering multi-stage backdoors that enable data theft, surveillance, and persistent access.

How to Turn It Into an Advantage:

• Audit your routers: patch known vulnerabilities, disable weak passwords, and enforce MFA where possible.

• Validate software updates with cryptographic signatures; don’t rely on DNS or download URL trust alone.

• Check ESET’s IoCs for network/endpoint telemetry if your org operates in affected regions.

Full story → Bleeping Computer

This week reminds me how critical it is for us to stay curious and connected. Cybersecurity isn’t just a profession; it’s a shared responsibility we carry as a community. And every small step we take to strengthen our defenses truly matters.

No matter where you are in your cybersecurity journey, your effort today contributes to a safer digital world tomorrow. Keep showing up. Keep learning. Keep protecting. You’re making an impact.

What part of this week’s news stood out to you the most? Drop your thoughts or questions let's break these stories down together.

Stay active, support each other, and keep building this incredible cybersecurity community. Your insights help others grow, and your voice matters here.

And for anyone trying to break into the field, CourseCareers offers one of the fastest, most accessible paths into IT and cybersecurity for beginners, check it out here.

Keep learning,
Sandra 👩🏻‍💻