Daily 5 min cyber security news summary. News, patches, vulnerabilities and trends in information and network security. SANS Stormcast Monday, January 26th, 2026: FortiOS SSO Vuln Updates; Outlook OOB Update; VMware vCenter Exploited

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

Johannes B. Ullrich

SANS Stormcast Monday, January 26th, 2026: FortiOS SSO Vuln Updates; Outlook OOB Update; VMware vCenter Exploited

JAN 26, 20264 MIN
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

SANS Stormcast Monday, January 26th, 2026: FortiOS SSO Vuln Updates; Outlook OOB Update; VMware vCenter Exploited

JAN 26, 20264 MIN

Description

<br/> Analysis of Single Sign-On Abuse on FortiOS<br/> Fortinet released an advisory. FortiOS devices are vulnerable if configured with any SAML integration, not just FortiCloud<br/> <a href="https://www.fortinet.com/blog/psirt-blogs/analysis-of-sso-abuse-on-fortios">https://www.fortinet.com/blog/psirt-blogs/analysis-of-sso-abuse-on-fortios</a><br/> Outlook OOB Update<br/> Microsoft released a non-security OOB Update for Outlook, fixing an issue introduced with this months security patches.<br/> <a href="https://support.microsoft.com/en-us/topic/january-24-2026-kb5078127-os-builds-26200-7628-and-26100-7628-out-of-band-cf5777f6-bb4e-4adb-b9cd-2b64df577491">https://support.microsoft.com/en-us/topic/january-24-2026-kb5078127-os-builds-26200-7628-and-26100-7628-out-of-band-cf5777f6-bb4e-4adb-b9cd-2b64df577491</a><br/> VMware vCenter Server Vulnerabilities Exploited (CVE-2024-37079, CVE-2024-37080, CVE-2024-37081)<br/> A VMWare vCenter vulnerability patched last June is now actively exploited.<br/> <a href="https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24453">https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/24453</a><br/>