This week’s developments highlight the growing complexity of the threat landscape, from long-exploited vulnerabilities in widely used platforms to new malware strains and critical infrastructure exposure.

Among the key stories, Fortinet users are urged to take immediate action to patch a high-severity flaw, and researchers have uncovered a decade-old vulnerability in Roundcube Webmail still affecting systems today. Meanwhile, the Crocodilus Android trojan is spreading globally, and international authorities have successfully dismantled AVCheck, a tool used by cybercriminals to test malware evasion.

Ireland’s cybersecurity resilience receives a boost through cross-border collaboration, Victoria’s Secret grapples with a cyber incident affecting its financial disclosures, and over 35,000 solar devices remain exposed online, posing serious hijacking risks.

Immediate Action Recommended for Critical Fortinet Vulnerability

A critical authentication bypass vulnerability (CVSS 9.0) has been identified in Fortinet FortiOS, FortiProxy, and FortiSwitchManager.

The flaw affects several versions including FortiProxy 7.6.0–7.6.1, FortiSwitchManager 7.2.5, and FortiOS 7.4.4–7.4.6 and 7.6.0.

If TACACS+ is configured with remote ASCII based authentication, an attacker with knowledge of an existing admin username could gain full administrative access without a password.

The NCSC urges immediate patching after proper testing. Fortinet has released updates and security advisories for all impacted products.

Critical 10 Year Old Roundcube Webmail Vulnerability Discovered

A severe security flaw has been uncovered in the Roundcube webmail software, persisting unnoticed for a decade.

This vulnerability, identified as CVE 2025 49113 with a CVSS score of 9.9, allows authenticated users to execute arbitrary code on affected systems. The issue stems from improper validation of the from parameter in the upload.php file, leading to PHP object deserialisation. All versions prior to 1.5.10 and 1.6.11 are impacted.

Users are strongly advised to update to the latest versions immediately to mitigate potential risks.

Crocodilus Android Trojan Expands Globally

A sophisticated Android banking trojan known as Crocodilus is actively targeting users across Europe, South America.

Initially discovered in March 2025, Crocodilus masquerades as legitimate apps, such as Google Chrome, to infiltrate devices. Once installed, it abuses Android’s accessibility services to perform overlay attacks, capturing credentials from banking and cryptocurrency applications.

Recent campaigns have employed deceptive tactics, including fake ads on platforms like Facebook, to distribute the malware. Notably, Crocodilus has evolved to add fake contacts labeled as “Bank Support” to victims’ contact lists, facilitating social engineering attacks that appear legitimate.

Security experts urge users to remain vigilant, avoid installing apps from untrusted sources, and ensure their devices are protected with up-to-date security measures.

Cross-Border Cybersecurity Collaboration Strengthens Ireland’s Digital Defences

Cyber Ireland and NI Cyber have signed a memorandum of understanding to enhance cross-border collaboration in cybersecurity. This partnership aims to foster industry academic research and development, improve cyber resilience, and elevate the international profile of the all island cybersecurity sector.

A comprehensive report commissioned by both clusters, supported by InterTradeIreland’s Synergy Programme, reveals that the all island cybersecurity sector comprises 632 firms, employs 10,600 professionals, and contributes €1.5 billion in gross value added, generating an estimated €3.2 billion in the most recent financial year.

Despite the sector’s strength, challenges such as policy gaps, procurement hurdles, and security clearance issues persist. The memorandum marks a significant step toward addressing these barriers and unlocking the sector’s full potential.

Eoin Byrne, cluster manager at Cyber Ireland, emphasised, “Cybersecurity is not just a technological issue; it’s a strategic economic opportunity.”

Alison Currie, director of Innovation & Entrepreneurship at InterTradeIreland, added, “This collaboration will benefit all businesses across the island as they strive to collectively improve their cybersecurity preparedness.

International Police Dismantle AVCheck Malware Testing Platform, Disrupting Cybercriminal Operations

On June 5th, 2025, European and U.S. law enforcement agencies successfully dismantled AVCheck, a prominent cybercrime platform used by hackers to test malware against antivirus systems.

The operation, led by Dutch police with support from U.S. and Finnish authorities, also took down affiliated services Cryptor.biz and Crypt.guru.

Investigators exploited administrative errors on the criminal websites to gather critical evidence, including usernames, email addresses, and payment information, linking users to known ransomware groups.

The takedown of AVCheck, a key Counter Antivirus (CAV) service, is expected to hinder cybercriminals’ ability to deploy undetectable malware, thereby enhancing global cybersecurity efforts.

Victoria’s Secret Delays Earnings Release Following Cybersecurity Breach

Victoria’s Secret has postponed its first quarter 2025 earnings report due to a cybersecurity incident detected on May 24th. In response, the company shut down its corporate systems and U.S. ecommerce website on May 26th, which remained offline for several days.

The breach also disrupted some in store services at Victoria’s Secret and PINK locations. While most operations have been restored, ongoing recovery efforts have delayed access to internal systems necessary for finalising financial disclosures.

The company continues to assess the full scope and potential financial impact of the incident.

35,000 Internet-Exposed Solar Devices at Risk of Hijacking Due to Unpatched Vulnerabilities

A recent analysis by Forescout Research – Vedere Labs has identified approximately 35,000 solar power systems worldwide with exposed management interfaces, rendering them susceptible to cyberattacks.

These devices, including inverters, data loggers, and gateways from 42 vendors, are primarily located in Europe (76%) and Asia (17%). The vulnerabilities, many of which are common and critical, could allow attackers to hijack these systems, potentially disrupting power generation and grid stability.

Notably, devices from SMA Solar Technology, Fronius International, and Contec were among those found to be most exposed.

Have questions about your cybersecurity posture? We’re here to help! Contact us using the form below to get started 👇.