At a glance.
- Venezuela blames the US for disruptive cyberattack on state-owned oil company.
- Iranian hackers offer cash bounties for doxxed Israelis.
- Attackers exploit recently patched Fortinet flaws.
Venezuela blames the US for disruptive cyberattack on state-owned oil company.
Venezuela's state-owned oil company, Petróleos de Venezuela (PDVSA), sustained a ransomware attack over the weekend that shut down systems and caused the company to suspend oil cargo deliveries, Reuters reports. PDVSA and Venezuela's oil ministry blamed the United States for the incident, saying the attack was launched by "foreign interests in complicity with domestic entities who are seeking to destroy the country's right to sovereign energy development."
The US State Department hasn't responded to Reuters' request for comment. Venezuela frequently blames domestic issues such as blackouts on US sabotage; however, the latest incident comes amid rising US-Venezuela tensions, including last week's US seizure of a Venezuelan crude oil tanker.
Iranian hackers offer cash bounties for doxxed Israelis.
An Iran-linked hacker group called "Handala" has doxxed over 200 Israeli academics, journalists, and defense personnel, listing their photos, names, credentials, email addresses, locations, and phone numbers, the Jerusalem Post reports. The group also placed a $30,000 bounty on more than a dozen individuals it claims are engineers or technicians working on Israel's Patriot, Arrow, and David's Sling air defense systems.
The Jerusalem Post hasn't verified whether the data is legitimate, but the information has been widely shared on social media. The hacker group has been publishing such lists each Saturday since October 18th.
Attackers exploit recently patched Fortinet flaws.
Arctic Wolf is tracking exploitation of two critical authentication bypass vulnerabilities (CVE-2025-59718 and CVE-2025-59719) affecting Fortinet products, including FortiOS, FortiProxy, FortiSwitchManager, and FortiWeb. The researchers explain, "These vulnerabilities allow unauthenticated bypass of SSO login authentication via crafted SAML messages, if the FortiCloud SSO feature is enabled on affected Devices. Several product lines were reported to be affected, including FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager."
Fortinet issued patches for the issues last week, and users are urged to upgrade to the latest versions of the affected products.
