<br/> Beyond RC4 for Windows authentication<br/> Microsoft outlined its transition plan to move away from RC4 for authentication and published guidance and tools to facilitate this change.<br/> <a href="https://www.microsoft.com/en-us/windows-server/blog/2025/12/03/beyond-rc4-for-windows-authentication">https://www.microsoft.com/en-us/windows-server/blog/2025/12/03/beyond-rc4-for-windows-authentication</a><br/> FortiCloud SSO Login Vuln Exploited<br/> Arctic Wolf observed exploit attempts against vulnerable FortiGate appliances.<br/> <a href="https://arcticwolf.com/resources/blog/arctic-wolf-observes-malicious-sso-logins-following-disclosure-cve-2025-59718-cve-2025-59719/">https://arcticwolf.com/resources/blog/arctic-wolf-observes-malicious-sso-logins-following-disclosure-cve-2025-59718-cve-2025-59719/</a><br/> FrePBX Vulnerability<br/> Horizon3.ai identified three distinct vulnerabilities in FreePBX. In particular, the authentication by-pass issue should be of concern, but default FreePBX installs do not use the vulnerable web authentication feature.<br/> <a href="https://horizon3.ai/attack-research/the-freepbx-rabbit-hole-cve-2025-66039-and-others/">https://horizon3.ai/attack-research/the-freepbx-rabbit-hole-cve-2025-66039-and-others/</a><br/>