Skip to main content

Tag: fortinet

56 articles

Network device on a rack in a brightly-lit data center environment.

CISA Warns of Active Exploits Targeting FortiSandbox Flaws

Critical FortiSandbox flaws, CVE-2026-39808 and CVE-2026-25089, are under active attack by hackers, allowing them to execute malicious commands without needing login credentials. These severe vulnerabilities, scoring 9.1, require immediate attention to prevent devastating remote code execution attacks.

Analyst 207
Network security appliance sits on a table in a government agency setting.

CISA Warns of Actively Exploited Fortinet Flaws

The US Cybersecurity and Infrastructure Security Agency (CISA) has sounded the alarm on actively exploited Fortinet flaws, warning federal agencies to patch two vulnerabilities in the Fortinet FortiSandbox platform by July 19 to avoid potential breaches. Don't wait - prioritize patching to protect your systems from exploitation.

Analyst 207
Business professional sits at computer with blurred screen in typical workspace.

Phishing Campaign Exploits Font File to Deploy Lua Loader

Beware of a sneaky phishing campaign that's using cleverly disguised font files to deploy a powerful Lua Loader - a stark reminder that security controls can't always trust a file's extension. A recent Fortinet analysis reveals the tactics used by attackers to hide malicious JavaScript payloads in seemingly harmless archives.

Analyst 207
Rows of rack-mounted servers and equipment in a brightly-lit server room or data center interior.

FortiBleed Campaign Tied to Lynx Ransomware Operators

Researchers uncovered a massive credential-theft operation, dubbed FortiBleed, which exposed over 73,000 Fortinet device credentials and was surprisingly linked to active ransomware negotiation panels. This shocking discovery offers a rare glimpse into the tactics of threat actors.

Analyst 207
Corporate headquarters with subtle hints of vulnerability and a blank computer screen.

NCSC Warns Fortinet Customers of Credential Theft Fallout

A massive database of 75,000 stolen credentials, including usernames, email addresses, and passwords, has been discovered, putting organisations like Oracle, Spotify, and AT&T at risk. The leak, dubbed "FortiBleed," affects customers in 194 countries and over 21,000 domains, with nearly half of all internet-accessible Fortinet firewalls potentially exposed.

Analyst 207
Rows of network equipment and devices on racks in a dimly lit, empty server room.

Credential Attacks Target Fortinet, Sophos, MSSQL Devices in Large-Scale Campaign

A large-scale password spraying and credential theft campaign, dubbed "FortiBleed," is targeting Fortinet devices, with attempts also seen against MSSQL services and Sophos devices, warns Unit 42. This coordinated attack has sparked concerns over widespread credential attacks.

Analyst 207
Blurred network equipment and generic devices in a brightly-lit tech infrastructure setting.

CISA Warns of Widespread FortiBleed Attacks on 86,644 Devices

The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning after a massive cyberattack, dubbed FortiBleed, compromised a staggering 86,644 FortiGate devices, putting countless networks at risk. Take immediate action to protect yourself: shut down active SSL VPN and admin sessions, reset passwords, and enforce strong password policies.

Analyst 207
Brightly-lit network operations center with rows of equipment and security appliances on racks, and out-of-focus monitoring…

CISA Warns Fortinet Users of Credential Exposure After FortiBleed Leak

Fortinet users are being warned by CISA to take immediate action to protect themselves from credential exposure after a massive leak, known as FortiBleed, exposed nearly 74,000 firewall and VPN credentials. Take steps now to secure your devices and prevent malicious cyber actors from exploiting your compromised credentials.

Analyst 207
Rack of networking equipment in a brightly-lit municipal network closet.

Fortinet and Ivanti Exploits Fuel LATAM Infrastructure Attacks

In a shocking revelation, a coordinated campaign dubbed Operation Escaneo has been exposed, targeting critical infrastructure across Mexico, Ecuador, and Portugal, with a staggering 3,708 sessions recorded over just 13 days. The attackers exploited vulnerabilities in Fortinet and Ivanti perimeter appliances to gain entry into government, tax authorities, utilities, transport, telecoms, and banks.

Analyst 207
Technicians work on equipment in the background of a brightly-lit network operations center with rows of computer racks.

Attackers Exploit Critical Fortinet Vulnerabilities Disclosed in April

Security researchers have confirmed that hackers are actively exploiting critical vulnerabilities in Fortinet's FortiSandbox product, first patched in April, with multiple independent groups jumping on the bandwagon. The exploitation attempts, observed as early as June 9, involve OS-command injection and path-traversal flaws.

Analyst 207
Network equipment and servers in a server room with blinking lights and laptop screens in the foreground.

Fortinet Firewalls Compromised in Massive Password-Stealing Attack

A massive password-stealing attack has compromised around 75,000 Fortinet firewall devices, putting credentials of major corporations across 194 countries at risk and leaving a trail of full network compromises in its wake. The breach, dubbed FortiBleed, has created a verified database of working credentials for some of the world's largest enterprises, threatening nearly every sector of the global economy.

Analyst 207
Rows of equipment racks and networking gear in a brightly-lit server room.

FortiBleed Exposes 73,000 Fortinet VPN Credentials Worldwide

A massive security breach has exposed a whopping 73,000 Fortinet VPN credentials worldwide, putting tens of thousands of firewall endpoints at risk, including those of major companies like Chevron, Samsung, and Mercedes-Benz. The alarming leak, discovered by security researcher Bob Diachenko, contains sensitive information like usernames, email addresses, and plaintext passwords.

Analyst 207
Network equipment racks with a single server in the foreground showing a subtle warning light.

Fortinet Sandbox Flaws Under Active Exploitation

Critical Fortinet Sandbox vulnerabilities are under active attack, with hackers exploiting flaws like CVE-2026-39813, a severe path traversal bug that allows authentication bypass. Fortinet patched these bugs in April, but users must upgrade ASAP to avoid being compromised.

Analyst 207
Blurred server room background with a prominent, illuminated network switch or router in sharp focus in the foreground.

Fortinet Flaws Exposed to Active Exploitation

Critical vulnerabilities in Fortinet's FortiSandbox platform are under active attack, with multiple flaws, including CVE-2026-39813, CVE-2026-39808, and CVE-2026-25089, being exploited by hackers just 24 hours after security updates were issued.

Analyst 207
Laptop screen on a neutral surface in a bright, clean tech facility setting.

Fortinet, Ivanti, SAP Patch Critical Vulnerabilities

This week, Fortinet, Ivanti, and SAP issued urgent patch rollouts to fix critical vulnerabilities that could allow hackers to execute remote code or gain unauthorized access to sensitive systems. The flaws, affecting sandboxing infrastructure, mobile gateway software, and core enterprise apps, carry high severity scores and demand immediate attention.

Analyst 207
Technicians monitor sections of an industrial control room with scattered stations and a large window showing an industrial…

Operational Technology Cybersecurity Gaps Persist Despite Growing Maturity

Many industrial organizations are bolstering their operational technology security, but a significant gap remains: 23% of respondents only have visibility into half of their OT environment. This blind spot leaves them vulnerable to ransomware, nation-state actors, and other cyber threats.

Analyst 207
Network device sits prominently in a server room with management console blurred in background.

Hackers Exploit FortiClient Flaw to Deliver Infostealer Malware

Hackers are exploiting a vulnerability in FortiClient Enterprise Management Server to deliver infostealer malware, cleverly disguising the payload as a legitimate Fortinet endpoint update. This sneaky tactic uses FortiClient-managed VPN scripting workflows to execute the malicious code, putting security teams on high alert.

Analyst 207
Secure facility with a computer terminal on a desk and blurred server racks in the background.

Fortinet Disrupts Critical RCE Flaws in FortiSandbox, FortiAuthenticator

Fortinet has patched a critical remote code execution vulnerability in its FortiAuthenticator and FortiSandbox products, which could have allowed unauthenticated attackers to run unauthorized code or commands. The company has released fixed builds to address the flaw, tracked as CVE-2026-44277, and urges users to update to versions 6.5.7, 6.6.9, or 8.0.3 to stay secure.

Analyst 207
A broken gate lies open in front of a fortified tech company headquarters at dusk, symbolizing security vulnerabilities.

Fortinet Sandbox Flaws Allow Attackers to Bypass Authentication, Execute Commands

Two critical flaws in Fortinet's sandbox could let attackers skip login and run malicious commands, putting your system at risk - so don't wait, patch now! A recent report urges administrators to act fast, as these vulnerabilities could be exploited by unauthenticated attackers over HTTP.

Analyst 207
A padlock with a crack in the shackle lies on a modern desk next to a laptop with an eerie glow, set against a blurred…

SAP Vulnerability Exposes High-Risk Data Breach Potential

A single flaw in widely-used business software can be devastating - and April's Patch Tuesday just revealed a critical SAP vulnerability with an alarmingly high severity score, exposing high-risk data breach potential. This pressing issue demands attention from vendors and security experts alike.

Analyst 207
Cracked laptop screen with warning symbol, surrounded by threat indicators, set against a blurred cityscape background.

CISA Catalog Exposes Actively Exploited Flaws in Fortinet, Microsoft, Adobe Software

The US Cybersecurity and Infrastructure Security Agency (CISA) has just added six new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, warning that flaws in Fortinet, Microsoft, and Adobe software are being actively exploited by hackers. Is your system exposed - and what can you do to protect it?

Analyst 207
Fortinet Rushes Patch for Exploited FortiClient EMS Vulnerability

Fortinet Rushes Patch for Exploited FortiClient EMS Vulnerability

Fortinet has rushed out an emergency patch for a zero-day vulnerability in its FortiClient EMS product, which was being exploited by attackers before the fix was even available. This swift response aims to protect businesses from potential security breaches through its endpoint security clients.

Analyst 207
Fortinet EMS Flaw Exploited in Wild, CISA Warns

Fortinet EMS Flaw Exploited in Wild, CISA Warns

Fortinet has urgently patched a critical flaw in its FortiClient Enterprise Management Server (EMS) after confirming it was being exploited in the wild, sparking a dilemma for organizations: patch now and risk disruption, or wait and risk a potentially devastating cyberattack. The Cybersecurity and Infrastructure Security Agency (CISA) has added the vulnerability to its Known Exploited Vulnerabilities list, underscoring the need for swift action.

Analyst 207
Fortinet Zero-Day Flaw Exploited in Active Attacks

Fortinet Zero-Day Flaw Exploited in Active Attacks

A critical Fortinet zero-day flaw is under active attack, allowing hackers to remotely take control of vulnerable endpoint management servers without authentication - leaving organizations with a pressing choice: patch now or risk a devastating breach. Immediate action is crucial, as attackers have already begun exploiting these vulnerabilities to execute malicious code and commands.

Analyst 207