CyberSec Roundup
A synopsis of the Latest Cybersecurity News

Path of Exile 2 Accounts Hacked

Threat actors exploited a compromised Path of Exile 2 admin account to hijack over 66 player accounts. Developers confirmed that this breach allowed attackers to reset passwords, gain access to sensitive player information, and disrupt the gaming community. Grinding Gear Games is currently investigating the issue and advising players to enhance account protection through strong passwords and enabling two-factor authentication to protect their accounts

Fortinet Zero Day Attacks

Fortinet has disclosed a critical authentication bypass zero-day vulnerability (CVE-2022-40684) in its FortiOS and FortiProxy systems that attackers are actively exploiting to hijack firewalls and breach enterprise networks. This flaw allows unauthenticated attackers to remotely execute administrative operations via specially crafted HTTP/HTTPS requests. Fortinet has released patches and urged immediate updates, advising administrators to disable remote management interfaces as a temporary mitigation for unpatched systems.

Stolen Fortinet Device Information Leaked

Hackers have leaked credentials and configuration files for over 15,000 Fortinet devices last week, via a dark web forum. The data, including IPs, passwords, and administrative details, was likely stolen in 2022 by exploiting a zero-day vulnerability (CVE-2022-40684) that impacted FortiOS versions 7.0.0-7.0.6 and 7.2.0-7.2.2. Fortinet advised users to update firmware, refresh credentials, and strengthen security practices to mitigate risks from these types of leaks.

By: David Pinder
IT & Cybersecurity Consultant
Certified Ethical Hacker (Master) | CCSK | AZ-500