• Home
  • cyber
  • Fortinet, Adobe and ShowDoc: image - Security Affairs
cyber Vulnerability

Fortinet, Adobe and ShowDoc: image - Security Affairs

Jan 1, 2024 3 min read
Fortinet, Adobe and ShowDoc: image - Security Affairs

CISA Adds Critical Flaws in Adobe, Fortinet, Microsoft Exchange, and Windows to Exploited Vulnerabilities Catalog

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has updated its Known Exploited Vulnerabilities (KEV) catalog to include newly identified security flaws in Adobe, Fortinet, Microsoft Exchange Server, and Microsoft Windows. These vulnerabilities are actively being exploited in the wild, posing significant risks to organizations relying on these platforms.

The addition underscores the urgency for affected entities to apply patches or mitigations to prevent potential breaches. While specific details on exploitation methods remain limited, the inclusion in CISA’s catalog signals that threat actors are already leveraging these weaknesses.

In related cybersecurity developments:

  • Iran-linked group Handala claimed responsibility for breaching three major organizations in the United Arab Emirates (UAE), though the targeted entities were not disclosed.
  • Censys identified 5,219 internet-exposed devices vulnerable to attacks by Iranian advanced persistent threats (APTs), with the majority located in the U.S.
  • ShinyHunters, a notorious hacking group, alleged a breach of Rockstar Games, beginning to leak stolen data.
  • A $3.6 million Bitcoin theft occurred via compromised credentials at Bitcoin Depot, highlighting the financial risks of credential-based attacks.
  • Operation Atlantic, a joint effort by the U.S., UK, and Canada, disrupted a $45 million cryptocurrency theft operation.
  • Citizen Lab reported that Webloc tracked 500 million devices globally for law enforcement purposes, raising privacy concerns.
  • Adobe patched an actively exploited flaw (CVE-2026-34621) in Acrobat Reader, while attackers began exploiting Marimo RCE (CVE-2026-39987) within hours of its disclosure.
  • Booking.com confirmed unauthorized access to user data but stated systems were secured post-incident.
  • Hackers targeted unpatched ShowDoc servers via CVE-2025-0520, and a fake Claude AI installer was used to deploy PlugX malware through DLL sideloading.
  • A CPUID watering hole attack distributed STX RAT malware, and attackers claimed control over Venice’s San Marco anti-flood pumps, though operational impact remains unverified.

The surge in exploited vulnerabilities and high-profile breaches underscores the escalating threat landscape, with both state-sponsored and criminal actors actively targeting unpatched systems and supply chains.

Source: https://securityaffairs.com/190796/data-breach/shinyhunters-claim-the-hack-of-rockstar-games-breach-and-started-leaking-data.html/attachment/image-1260

Fortinet cybersecurity rating report: https://www.rankiteo.com/company/fortinet

The Hacker News cybersecurity rating report: https://www.rankiteo.com/company/thehackernews

Adobe cybersecurity rating report: https://www.rankiteo.com/company/adobe

"id": "FORTHEADO1776184437",
"linkid": "fortinet, thehackernews, adobe",
"type": "Vulnerability",
"date": "1/2024",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"
{'affected_entities': [{'industry': 'Technology',
                        'location': 'Global',
                        'name': 'Adobe',
                        'size': 'Large',
                        'type': 'Software Company'},
                       {'industry': 'Technology',
                        'location': 'Global',
                        'name': 'Fortinet',
                        'size': 'Large',
                        'type': 'Cybersecurity Company'},
                       {'industry': 'Technology',
                        'location': 'Global',
                        'name': 'Microsoft',
                        'size': 'Large',
                        'type': 'Technology Company'},
                       {'industry': 'Entertainment',
                        'location': 'Global',
                        'name': 'Rockstar Games',
                        'size': 'Large',
                        'type': 'Gaming Company'},
                       {'industry': 'Cryptocurrency',
                        'location': 'Global',
                        'name': 'Bitcoin Depot',
                        'size': 'Medium',
                        'type': 'Financial Services'},
                       {'customers_affected': 'Users',
                        'industry': 'Hospitality',
                        'location': 'Global',
                        'name': 'Booking.com',
                        'size': 'Large',
                        'type': 'Travel Agency'},
                       {'industry': 'Various',
                        'location': 'United Arab Emirates',
                        'name': 'UAE Organizations (Undisclosed)',
                        'type': 'Various'},
                       {'industry': 'Public Sector',
                        'location': 'Italy',
                        'name': 'Venice Municipality',
                        'type': 'Government'}],
 'attack_vector': ['Exploited Vulnerabilities',
                   'Credential Compromise',
                   'Supply Chain Attack'],
 'data_breach': {'data_exfiltration': 'Yes (Rockstar Games, Bitcoin Depot)',
                 'personally_identifiable_information': 'Yes (Booking.com, '
                                                        'Bitcoin Depot)',
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': ['User Data',
                                              'Corporate Data',
                                              'Credentials',
                                              'Personally Identifiable '
                                              'Information (PII)']},
 'description': 'The U.S. Cybersecurity and Infrastructure Security Agency '
                '(CISA) has updated its Known Exploited Vulnerabilities (KEV) '
                'catalog to include newly identified security flaws in Adobe, '
                'Fortinet, Microsoft Exchange Server, and Microsoft Windows. '
                'These vulnerabilities are actively being exploited in the '
                'wild, posing significant risks to organizations relying on '
                'these platforms. The addition underscores the urgency for '
                'affected entities to apply patches or mitigations to prevent '
                'potential breaches.',
 'impact': {'data_compromised': 'User data (Booking.com), Rockstar Games data, '
                                'ShowDoc server data, PlugX malware deployment '
                                'data',
            'financial_loss': '$3.6 million (Bitcoin Depot), $45 million '
                              '(Operation Atlantic)',
            'identity_theft_risk': 'High (due to data breaches and PII '
                                   'exposure)',
            'operational_impact': 'Potential disruption of San Marco '
                                  'anti-flood pumps (unverified)',
            'payment_information_risk': 'High (Bitcoin Depot breach)',
            'systems_affected': ['Adobe Acrobat Reader',
                                 'Fortinet systems',
                                 'Microsoft Exchange Server',
                                 'Microsoft Windows',
                                 'ShowDoc servers',
                                 'Bitcoin Depot',
                                 'Rockstar Games',
                                 'Booking.com',
                                 'San Marco anti-flood pumps (Venice)']},
 'investigation_status': 'Ongoing',
 'motivation': ['Espionage', 'Financial Gain', 'Disruption', 'Data Theft'],
 'post_incident_analysis': {'corrective_actions': 'Patch management, '
                                                  'credential security, '
                                                  'enhanced monitoring',
                            'root_causes': 'Unpatched vulnerabilities, '
                                           'credential compromise, supply '
                                           'chain attacks'},
 'recommendations': 'Apply patches immediately, enhance monitoring for '
                    'exploited vulnerabilities, secure credentials, and '
                    'conduct regular security audits.',
 'references': [{'source': 'CISA Known Exploited Vulnerabilities Catalog'},
                {'source': 'Citizen Lab'},
                {'source': 'Censys'}],
 'response': {'law_enforcement_notified': 'Yes (Operation Atlantic)',
              'remediation_measures': 'Patching (Adobe, Microsoft, Fortinet), '
                                      'System Securing (Booking.com)'},
 'threat_actor': ['Handala (Iran-linked)',
                  'ShinyHunters',
                  'Iranian APTs',
                  'Unknown (Bitcoin Depot)',
                  'Unknown (CPUID Watering Hole)'],
 'title': 'CISA Adds Critical Flaws in Adobe, Fortinet, Microsoft Exchange, '
          'and Windows to Exploited Vulnerabilities Catalog',
 'type': ['Vulnerability Exploitation', 'Data Breach'],
 'vulnerability_exploited': ['CVE-2026-34621 (Adobe Acrobat Reader)',
                             'CVE-2026-39987 (Marimo RCE)',
                             'CVE-2025-0520 (ShowDoc)',
                             'Microsoft Exchange Server Vulnerabilities',
                             'Microsoft Windows Vulnerabilities',
                             'Fortinet Vulnerabilities']}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.