FortiGate SSO Exploitation Update

Is AI-Generated Code Secure?
Xavier used the free static code analysis tool Bandit to review code he wrote with heavy AI support.
https://isc.sans.edu/diary/Is%20AI-Generated%20Code%20Secure%3F/32648
Malicious Configuration Changes On Fortinet FortiGate Devices via SSO Accounts
Arctic Wolf summarized some of the attacks it is seeing against FortiGate devices via the insufficiently patched SSL vulnerability.
https://arcticwolf.com/resources/blog/arctic-wolf-observes-malicious-configuration-changes-fortinet-fortigate-devices-via-sso-accounts/
ISC BIND DoS vulnerability in Drone ID Records
HHIT and BRID records, which are used as part of Drone ID, can be used to crash named if their length is 3 bytes.
https://marlink.com/resources/knowledge-hub/isc-bind-vulnerability-discovered-and-disclosed-by-marlink-cyber/
SmarterTools SmarterMail Password Reset Vulnerability
SmarterTools recently patched a trivial vulnerability in SmarterMail that would allow anybody without authentication to reset administrator passwords.
https://labs.watchtowr.com/attackers-with-decompilers-strike-again-smartertools-smartermail-wt-2026-0001-auth-bypass/