Weekly Threat Briefing: Critical Fortinet Flaws, AI Vulnerabilities & Nation-State Shifts

The Australian cyber security landscape has experienced a turbulent week (7–14 December), dominated by a "Critical" alert from the Australian Cyber Security Centre (ACSC) regarding widespread vulnerabilities in edge devices and a worrying escalation in AI-assisted development flaws. As we approach the holiday shutdown period—a traditional window for heightened ransomware activity—organisations across Healthcare, Government, and FinTech must urgently prioritise patching and detection.

Here is your deep dive into the threats impacting Australian organisations this week.

Top Priority: The Fortinet Authentication Bypass (CVE-2025-59718)

Sectors Impacted: Government, Education, Healthcare, Enterprise

The most significant development this week is the disclosure of CVE-2025-59718, a critical authentication bypass vulnerability affecting FortiOS, FortiProxy, and FortiSwitchManager.

  • The Threat: The vulnerability allows an unauthenticated, remote attacker to bypass FortiCloud Single Sign-On (SSO) mechanisms by forging SAML responses.
  • Why it matters: Fortinet devices are ubiquitous in Australian Healthcare and University networks. Successful exploitation grants administrative access, allowing attackers to disable defences, intercept encrypted traffic, or deploy ransomware.
  • Status: The ACSC and industry partners have observed active scanning for this vulnerability.
  • Action: Patch immediately. If patching is not possible, disable FortiCloud admin login features.

Emerging Threat: AI Systems & SaaS Supply Chain

Sectors Impacted: SaaS Providers, FinTech, EdTech

For the first time in a major weekly briefing, a vulnerability in an AI-assisted development tool has taken centre stage.

  • GitHub Copilot RCE (CVE-2025-64671): A Remote Code Execution flaw was discovered in the GitHub Copilot extension for VS Code. Threat actors can exploit this by hosting a malicious repository; when a developer opens it, the AI model's context processing triggers code execution on the developer's machine.
  • Impact on SaaS: This represents a massive supply chain risk for SaaS providers and FinTech firms where developers have high-level access to production environments.
  • React Server Components (CVE-2025-55182): A critical flaw in the React framework (widely used in eCommerce and EdTech platforms) allows for potential server-side request forgery (SSRF). Attackers can manipulate component rendering to access internal metadata services, a technique often used to steal cloud credentials.

Sector-Specific Threat Intelligence

Government & Critical Infrastructure

On 10 December, the ACSC released a joint advisory regarding Pro-Russia hacktivist groups targeting critical infrastructure. Unlike sophisticated state actors, these groups (such as NoName057) are focusing on "opportunistic" DDoS attacks and website defacements to disrupt public services and erode trust. While the technical sophistication is low, the operational disruption to public-facing government portals has been significant.

Healthcare

With the Fortinet vulnerability actively targeted, hospitals are at high risk. Medical IoT devices often reside on network segments protected by these very firewalls. A breach at the perimeter could expose patient data and connected life-support systems to ransomware gangs like LockBit or BianLian, who have recently ramped up activity in the APAC region.

eCommerce & Retail

As the holiday shopping season peaks, the React (CVE-2025-55182) vulnerability poses a severe threat to online retailers. Attackers are actively scanning for unpatched React server implementations to inject credit card skimmers or steal customer databases.

Summary of Actions

  1. Patch Fortinet Appliances: Prioritise CVE-2025-59718 immediately.
  2. Review AI Tooling: SaaS and FinTech CISOs should audit the use of AI coding assistants and ensure developers are running the latest extension versions.
  3. Harden Web Apps: Update React frameworks to the latest patched version to prevent SSRF attacks.
  4. Prepare for Holidays: Ensure 24/7 monitoring is in place for the upcoming break, as hacktivist activity is expected to spike.

Contact us for a quote for penetration testing service or adversary simulation.

Contact us for a quote