Tag: fortinet
56 articles

CISA Warns of Active Exploits Targeting FortiSandbox Flaws
Critical FortiSandbox flaws, CVE-2026-39808 and CVE-2026-25089, are under active attack by hackers, allowing them to execute malicious commands without needing login credentials. These severe vulnerabilities, scoring 9.1, require immediate attention to prevent devastating remote code execution attacks.

CISA Warns of Actively Exploited Fortinet Flaws
The US Cybersecurity and Infrastructure Security Agency (CISA) has sounded the alarm on actively exploited Fortinet flaws, warning federal agencies to patch two vulnerabilities in the Fortinet FortiSandbox platform by July 19 to avoid potential breaches. Don't wait - prioritize patching to protect your systems from exploitation.

Phishing Campaign Exploits Font File to Deploy Lua Loader
Beware of a sneaky phishing campaign that's using cleverly disguised font files to deploy a powerful Lua Loader - a stark reminder that security controls can't always trust a file's extension. A recent Fortinet analysis reveals the tactics used by attackers to hide malicious JavaScript payloads in seemingly harmless archives.

FortiBleed Campaign Tied to Lynx Ransomware Operators
Researchers uncovered a massive credential-theft operation, dubbed FortiBleed, which exposed over 73,000 Fortinet device credentials and was surprisingly linked to active ransomware negotiation panels. This shocking discovery offers a rare glimpse into the tactics of threat actors.

NCSC Warns Fortinet Customers of Credential Theft Fallout
A massive database of 75,000 stolen credentials, including usernames, email addresses, and passwords, has been discovered, putting organisations like Oracle, Spotify, and AT&T at risk. The leak, dubbed "FortiBleed," affects customers in 194 countries and over 21,000 domains, with nearly half of all internet-accessible Fortinet firewalls potentially exposed.

Credential Attacks Target Fortinet, Sophos, MSSQL Devices in Large-Scale Campaign
A large-scale password spraying and credential theft campaign, dubbed "FortiBleed," is targeting Fortinet devices, with attempts also seen against MSSQL services and Sophos devices, warns Unit 42. This coordinated attack has sparked concerns over widespread credential attacks.

CISA Warns of Widespread FortiBleed Attacks on 86,644 Devices
The US Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning after a massive cyberattack, dubbed FortiBleed, compromised a staggering 86,644 FortiGate devices, putting countless networks at risk. Take immediate action to protect yourself: shut down active SSL VPN and admin sessions, reset passwords, and enforce strong password policies.

CISA Warns Fortinet Users of Credential Exposure After FortiBleed Leak
Fortinet users are being warned by CISA to take immediate action to protect themselves from credential exposure after a massive leak, known as FortiBleed, exposed nearly 74,000 firewall and VPN credentials. Take steps now to secure your devices and prevent malicious cyber actors from exploiting your compromised credentials.

Fortinet and Ivanti Exploits Fuel LATAM Infrastructure Attacks
In a shocking revelation, a coordinated campaign dubbed Operation Escaneo has been exposed, targeting critical infrastructure across Mexico, Ecuador, and Portugal, with a staggering 3,708 sessions recorded over just 13 days. The attackers exploited vulnerabilities in Fortinet and Ivanti perimeter appliances to gain entry into government, tax authorities, utilities, transport, telecoms, and banks.

Attackers Exploit Critical Fortinet Vulnerabilities Disclosed in April
Security researchers have confirmed that hackers are actively exploiting critical vulnerabilities in Fortinet's FortiSandbox product, first patched in April, with multiple independent groups jumping on the bandwagon. The exploitation attempts, observed as early as June 9, involve OS-command injection and path-traversal flaws.

Fortinet Firewalls Compromised in Massive Password-Stealing Attack
A massive password-stealing attack has compromised around 75,000 Fortinet firewall devices, putting credentials of major corporations across 194 countries at risk and leaving a trail of full network compromises in its wake. The breach, dubbed FortiBleed, has created a verified database of working credentials for some of the world's largest enterprises, threatening nearly every sector of the global economy.

FortiBleed Exposes 73,000 Fortinet VPN Credentials Worldwide
A massive security breach has exposed a whopping 73,000 Fortinet VPN credentials worldwide, putting tens of thousands of firewall endpoints at risk, including those of major companies like Chevron, Samsung, and Mercedes-Benz. The alarming leak, discovered by security researcher Bob Diachenko, contains sensitive information like usernames, email addresses, and plaintext passwords.

Fortinet Sandbox Flaws Under Active Exploitation
Critical Fortinet Sandbox vulnerabilities are under active attack, with hackers exploiting flaws like CVE-2026-39813, a severe path traversal bug that allows authentication bypass. Fortinet patched these bugs in April, but users must upgrade ASAP to avoid being compromised.

Fortinet Flaws Exposed to Active Exploitation
Critical vulnerabilities in Fortinet's FortiSandbox platform are under active attack, with multiple flaws, including CVE-2026-39813, CVE-2026-39808, and CVE-2026-25089, being exploited by hackers just 24 hours after security updates were issued.

Fortinet, Ivanti, SAP Patch Critical Vulnerabilities
This week, Fortinet, Ivanti, and SAP issued urgent patch rollouts to fix critical vulnerabilities that could allow hackers to execute remote code or gain unauthorized access to sensitive systems. The flaws, affecting sandboxing infrastructure, mobile gateway software, and core enterprise apps, carry high severity scores and demand immediate attention.

Operational Technology Cybersecurity Gaps Persist Despite Growing Maturity
Many industrial organizations are bolstering their operational technology security, but a significant gap remains: 23% of respondents only have visibility into half of their OT environment. This blind spot leaves them vulnerable to ransomware, nation-state actors, and other cyber threats.

Hackers Exploit FortiClient Flaw to Deliver Infostealer Malware
Hackers are exploiting a vulnerability in FortiClient Enterprise Management Server to deliver infostealer malware, cleverly disguising the payload as a legitimate Fortinet endpoint update. This sneaky tactic uses FortiClient-managed VPN scripting workflows to execute the malicious code, putting security teams on high alert.

Fortinet Disrupts Critical RCE Flaws in FortiSandbox, FortiAuthenticator
Fortinet has patched a critical remote code execution vulnerability in its FortiAuthenticator and FortiSandbox products, which could have allowed unauthenticated attackers to run unauthorized code or commands. The company has released fixed builds to address the flaw, tracked as CVE-2026-44277, and urges users to update to versions 6.5.7, 6.6.9, or 8.0.3 to stay secure.

Fortinet Sandbox Flaws Allow Attackers to Bypass Authentication, Execute Commands
Two critical flaws in Fortinet's sandbox could let attackers skip login and run malicious commands, putting your system at risk - so don't wait, patch now! A recent report urges administrators to act fast, as these vulnerabilities could be exploited by unauthenticated attackers over HTTP.

SAP Vulnerability Exposes High-Risk Data Breach Potential
A single flaw in widely-used business software can be devastating - and April's Patch Tuesday just revealed a critical SAP vulnerability with an alarmingly high severity score, exposing high-risk data breach potential. This pressing issue demands attention from vendors and security experts alike.

CISA Catalog Exposes Actively Exploited Flaws in Fortinet, Microsoft, Adobe Software
The US Cybersecurity and Infrastructure Security Agency (CISA) has just added six new vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, warning that flaws in Fortinet, Microsoft, and Adobe software are being actively exploited by hackers. Is your system exposed - and what can you do to protect it?

Fortinet Rushes Patch for Exploited FortiClient EMS Vulnerability
Fortinet has rushed out an emergency patch for a zero-day vulnerability in its FortiClient EMS product, which was being exploited by attackers before the fix was even available. This swift response aims to protect businesses from potential security breaches through its endpoint security clients.

Fortinet EMS Flaw Exploited in Wild, CISA Warns
Fortinet has urgently patched a critical flaw in its FortiClient Enterprise Management Server (EMS) after confirming it was being exploited in the wild, sparking a dilemma for organizations: patch now and risk disruption, or wait and risk a potentially devastating cyberattack. The Cybersecurity and Infrastructure Security Agency (CISA) has added the vulnerability to its Known Exploited Vulnerabilities list, underscoring the need for swift action.

Fortinet Zero-Day Flaw Exploited in Active Attacks
A critical Fortinet zero-day flaw is under active attack, allowing hackers to remotely take control of vulnerable endpoint management servers without authentication - leaving organizations with a pressing choice: patch now or risk a devastating breach. Immediate action is crucial, as attackers have already begun exploiting these vulnerabilities to execute malicious code and commands.