Weekly Cybersecurity Recap: LinkedIn RAT, Firewall Flaws, AI Risks

This weekly cybersecurity recap looks at a number of important events that shook the digital security community this week. There are many reasons for both businesses and individuals to pay attention right now, from a complex malware campaign that uses LinkedIn messages to flaws in firewall authentication that could be very dangerous. This summary talks about new ways to attack, updates from vendors, confirmed attacks in the wild, and the most important steps to take right now to protect yourself.

The main point of the first 100 words is clear: hackers are changing their methods and going after business platforms beyond just email. Networking and AI platforms that are widely used also have serious security holes that need to be fixed right away.

The LinkedIn RAT malware attack is a new chapter in social engineering.

This week's most unusual attack story is about a LinkedIn RAT malware attack in which hackers use the professional networking site to spread malware. This is not a normal spam email that tries to get you to click on a link. Instead, attackers send professionals on LinkedIn direct messages with files that look like real ones, often framed as job details or business projects.

 This attack uses both psychological trust and technical stealth. The message has a compressed WinRAR self-extracting file (SFX) that has both a real PDF reader program and a bad Dynamic Link Library (DLL) file. When the victim opens the fake reader, Windows unknowingly loads the bad DLL, which then quietly installs a Remote Access Trojan (RAT) on the computer.

The combination of social engineering and DLL sideloading is what makes this so scary. DLL sideloading is a way to hide malicious code by putting it in the same folder and giving it the same name as a trusted program. This makes it look like it is running under the trusted program. This way of getting around detection tools often goes unnoticed because the system sees a known application running code that it thinks is supposed to be there.

People who are infected may not even know it. Attackers can use the RAT to get into a system from anywhere and then gain more access, quietly scrape data, and even move sideways across corporate networks. This means that social media channels are now a serious attack surface for security teams, not just email and web browsers.

Read more.

Fortinet SSO Authentication Bypass Vulnerabilities: A Threat to Network Infrastructure

This weekly cybersecurity recap talks about a larger trend of exploiting critical network gear, along with social engineering malware. Fortinet has been at the center of a lot of scary exploitation because of vulnerabilities in FortiCloud SSO authentication bypass. These are officially known as CVE-2025-59718 and CVE-2025-59719, and they affect many popular products, such as FortiOS firewalls, FortiWeb, FortiProxy, and FortiSwitchManager.

Since December 2025, most security companies, such as Arctic Wolf and Rapid7, have said that the threat is being used in the wild. Attackers often make fake Single Sign-On (SSO) tokens that the affected devices think are real, which means they can get around login protections completely. Once they get in, bad people can make administrative accounts, change settings, or export device configurations.

The flaw itself isn't what makes this issue stand out in this weekly cybersecurity recap. It's the real evidence that attackers are using it right now, even on systems that administrators thought were patched. Some reports say that even fully patched FortiGate firewalls were still vulnerable to similar bypass methods. This suggests that the initial fixes didn't completely stop exploitation or that new related paths were being targeted.

This is a big problem for businesses that depend on Fortinet gear to keep their internet-facing infrastructure safe. These firewalls are often the most important part of a company's security, so if they are compromised, attackers can easily gain access to networks. As this weekly cybersecurity recap shows, admins should carefully check their SSO settings, install all necessary patches, and make access controls stricter.

Read more

Weaknesses in authentication and password recovery that go beyond LinkedIn and firewalls

This week's cybersecurity recap includes another episode about flaws in authentication systems for routers and access devices. A reported problem with P-Link authentication and password recovery shows how weak fallback or recovery procedures can be used to get around normal security checks. Attackers can often reset or brute-force admin controls because recovery mechanisms are not set up correctly. This makes home and small business gateways vulnerable to unauthorized access.

Even though this specific vulnerability hasn't been linked to a lot of attacks yet, it serves as a reminder that basic network devices are still very risky when their default settings or simple recovery flows are weak. Administrators and users should change the default passwords, make sure that strong passwords are used, and turn off recovery functions that aren't needed.


AI Platforms Under Scrutiny: Prompt Injection and Abuse Paths

As AI-powered services and assistants change quickly, prompt injection flaws are still a risk that defenders need to keep an eye on, as this weekly cybersecurity recap explains. A prompt injection flaw in big language models happens when inputs are carefully designed to make the model act in ways that weren't meant to happen, such as leaking data or doing things without permission.

This type of attack takes advantage of the fact that AI systems often can't tell the difference between trusted instructions and content that has been added with bad intent, especially when user input is part of operational workflows like calendar invites, emails, or shared documents. Prompt injection doesn't always mean that code will run, but it can cause the AI to misread instructions and do things that are harmful or not what you wanted it to do.

Defenders are starting to focus on how to protect sensitive AI workflows, make sure that context is always correct, and separate trusted from untrusted input sources. This is because of the Google Gemini prompt injection reports and research into real-world prompt exploits.

Read more.


Updates for software and platforms: problems with Microsoft, Vertex AI, and Windows

This week, software companies released a lot of important updates and patches that we need to talk about in this weekly cybersecurity recap. Microsoft released fixes to fix problems caused by out-of-band Windows update changes that were making the system unstable. While more detailed impact metrics are still being shared, Windows environment administrators should check the status of updates and look for any strange behavior on the system after patches.

Platforms like Google Vertex AI have also disclosed vulnerabilities that poseprivilege escalation risks. These were caused by misconfigured Identity and Access Management (IAM) roles that let threat actors get access to areas they shouldn't have. System owners should follow the least-privilege principle and regularly check their IAM policies, even though full exploit chains are not well-documented.

These bigger software problems remind us that as enterprise stacks grow with generative AI and cloud services, security governance needs to grow with them too.

Read more.

Errors in configuration and credential prompts

Credential prompt failures have been reported in Remote Desktop environments. This means that users who are trying to log in with valid credentials are being blocked or bypassed in ways that could allow attackers to use fallback mechanisms. These kinds of problems are often caused by bad connections between authentication backends like Active Directory and remote access services. These attacks, along with misconfigured AWS CodeBuild GitHub repos that are open to the public, show how important it is to have secure configuration baselines and strict credential workflows.

Read more.

Seven main themes come up in all of the stories in this week's cybersecurity recap:

1. Social media sites are now part of the attack surfaces of businesses because hackers use interactions that seem trustworthy to spread malware.
2. Attackers can still easily get into systems that have authentication bypass vulnerabilities, which can give them admin access without credentials.
3. Attackers like to use evasion techniques like DLL sideloading and social engineering to avoid detection and use trusted tools.
4. Patch management and configuration review are still important defensive steps that can't be changed.
5. New context-aware guardrails are needed for AI-related vulnerabilities like prompt injection.
6. When cloud and IAM settings aren't set up correctly, it's easy for someone to get more access.
7. Old fallback and password recovery flows are still ways for attackers to get in.

Recommendations that can be acted on

Here are some practical steps you can take to keep your networks and systems safe from the new threats that are covered in this weekly cybersecurity recap:

• Teach workers about the dangers of opening attachments from people they don't know, even on trusted sites like LinkedIn.
• Check and fix infrastructure devices like firewalls to make sure that critical SSO bypass flaws are fixed and made less likely to happen.
• Make authentication systems stronger and make sure that all networking equipment follows strong password rules.
• Do regular IAM reviews for cloud services like AWS or Google Cloud.
• Quickly install software patches and keep an eye out for strange behavior after updates.
• Use contextual security tools that find problems with sideloading in memory or DLLs.
• Look for threats not just in email but also on social media and other ways of communicating.

Questions That People Ask a Lot

What is a LinkedIn RAT malware attack, exactly?
It's a campaign where attackers send Remote Access Trojan malware through LinkedIn messages that look harmless but trick users into running files that install harmful code.

What makes Fortinet SSO holes so dangerous?
Attackers can get around authentication on firewalls and other devices, which could give them full admin access and control over network traffic.

Are prompt injection attacks a big deal?
Yes, prompt injection can change how AI works and cause it to leak information or do things it wasn't meant to do.

What should businesses do first?
Check the patch and configuration status of all important systems, and make sure that security monitoring goes beyond email to include social media and AI platforms.

Final Thoughts

This weekly summary of cybersecurity news shows that hackers are still working, coming up with new ways to get into systems, and are ready to take advantage of trust, technical flaws, and settings that are not being used. Defenders need to update not only their tools, but also their mindset and processes to deal with things like LinkedIn phishing, firewall bypasses, and AI weaknesses. Right now, it's very important to stay up to date on vendor patches, increase monitoring, and teach your teams.

Read More

·  Microsoft Update Triggers Remote Desktop Credential Prompt Failures

·  How to Change Your Gmail Email Address Safely

·  Microsoft Releases Out-of-Band Windows Update to Fix Shutdown Bug

·  ChatGPT Ads Explained: What OpenAI Plans for Free Users

·  Palo Alto Networks Firewall Vulnerability Exposes Systems to DoS Attacks