All news with #fortinet tag

Fortinet admins urged to patch FortiCloud SSO flaws

🔒 Fortinet has released patches for two critical cryptographic signature vulnerabilities, CVE-2025-59718 and CVE-2025-59719, that can allow an unauthenticated attacker to bypass FortiCloud SSO using a crafted SAML message on affected FortiOS, FortiWeb, FortiProxy and FortiSwitchManager devices. Administrators are advised to disable FortiCloud SSO immediately if it is enabled, apply vendor updates to non‑vulnerable versions, and then re-enable SSO only after verifying patches. Fortinet notes the feature is not enabled by factory default but can be activated during FortiCare registration; the company and responders recommend using the System -> Settings toggle or the CLI command sequence to disable login until patched.

Fortinet, Ivanti, and SAP Release Emergency Patches

🔐 Fortinet, Ivanti, and SAP have released urgent patches to address high-severity authentication and code-execution flaws affecting FortiOS, FortiWeb, FortiProxy, FortiSwitchManager, Ivanti Endpoint Manager, and multiple SAP products. Fortinet's issues (CVE-2025-59718, CVE-2025-59719; CVSS 9.8) can allow FortiCloud SSO bypass via crafted SAML messages when that feature is enabled. Ivanti patched a stored XSS (CVE-2025-10573; CVSS 9.6) and additional bugs that could lead to remote code execution, while SAP's update remedies three critical flaws including a 9.9 CVSS code injection. Administrators are urged to apply vendor updates or temporarily disable affected features until systems are patched.

Fortinet warns of critical FortiCloud SSO bypass flaws

⚠️ Fortinet released patches for two critical FortiCloud SSO authentication bypass vulnerabilities (CVE-2025-59718, CVE-2025-59719) impacting FortiOS, FortiProxy, FortiSwitchManager, and FortiWeb. Attackers can abuse improper cryptographic signature verification in crafted SAML messages to bypass FortiCloud SSO controls. Administrators should disable FortiCloud SSO until devices are patched — either via System -> Settings in the GUI or with the provided CLI command — and apply the vendor firmware updates promptly. Fortinet also fixed related credential and password-hash issues (CVE-2025-59808, CVE-2025-64471).

Debunking Common Cloud Security Misconceptions Today

🔒 In a December 8, 2025 Fortinet post, Ali Bidabadi and Carl Windsor dispel persistent myths about cloud security and emphasize the shared responsibility model. They warn that simple misconfigurations — not sophisticated attacks — often cause large exposures and that cloud-native controls alone leave gaps. The authors recommend adopting CNAPP, third-party NGFW and WAF solutions, and continuous visibility to reduce risk across multi-cloud and hybrid environments.

SANS ICS/OT Security 2025: Key Findings and Actions

🔐 The SANS State of ICS/OT Security 2025 report, sponsored by Fortinet, highlights persistent operational risks across critical infrastructure, with high incident rates, extended remediation times, and remote-access exposures. It calls for treating mean time to recovery (MTTR) as a board-level metric, unifying IT/OT visibility, and automating response playbooks. The analysis urges replacing ad hoc remote connectivity with secure, monitored access and integrating OT-specific threat intelligence into enforcement; FortiPAM and FortiGuard AI-Powered Security Services are cited as solutions to improve segmentation, detection, and recovery.

Fortinet Named Challenger in Gartner Email Security MQ

📧 Fortinet was named a Challenger in the 2025 Gartner Magic Quadrant for Email Security, reflecting continued progress across its email protection portfolio. FortiMail Email Security and FortiMail Workspace Security combine AI-native detection, sandboxing, DMARC, enhanced BEC and account takeover defenses, and flexible on-premises and cloud deployment options. The company positions this suite as a cost-effective, integrated alternative that also extends protection to web browsers, cloud storage, and collaboration apps.

Secure SD-WAN as the Foundation for Successful SASE

🔒Fortinet positions secure SD-WAN as the essential foundation for effective SASE, arguing that unified networking and security deliver consistent policy enforcement and optimized connectivity across hybrid and cloud environments. Integrated capabilities such as local internet breakout, built-in ZTNA, and application-aware routing reduce latency and attack surface while improving user experience. AI-enhanced operations and centralized management simplify troubleshooting and accelerate deployments.

Fortinet and AWS at re:Invent: Expanding Cloud Security

🔒 Fortinet announced expanded integrations with AWS at re:Invent, including Fortinet Managed IPS Rules for AWS Network Firewall, FortiSASE on AWS Marketplace, and participation in the AWS European Sovereign Cloud. These offerings combine AI-driven FortiGuard threat intelligence, simplified procurement and Euro-denominated options for EU customers. The goal is to reduce operational burden, accelerate compliance with standards like PCI-DSS and HIPAA, and enable rapid deployment and scaling across hybrid and multi-cloud environments.

ShadowV2 IoT Botnet Exploits Multiple Device Flaws

⚠️ FortiGuard Labs observed a Mirai-derived botnet named ShadowV2 actively exploiting multiple known IoT firmware vulnerabilities to deliver a downloader and ELF payloads that enable remote takeover and DDoS operations. The activity, detected during a late‑October global AWS connectivity disruption, targeted a wide range of devices including D-Link, TP‑Link, DD‑WRT variants and DVR systems. ShadowV2 decodes a XOR-encoded configuration (key 0x22), contacts a hardcoded C2 (silverpath.shadowstresser.info / 81.88.18.108), and supports UDP, TCP and HTTP flood methods. Fortinet provides AV detections, IPS signatures for the exploited CVEs, and recommends firmware updates, network hardening, and continuous monitoring.

Fortinet, Chrome 0-days and Supply-Chain Attacks Recap

⚠️ This week’s recap spotlights multiple actively exploited vulnerabilities, supply‑chain compromises, and a record cloud DDoS that forced rapid vendor responses. Fortinet disclosed a FortiWeb OS command injection (CVE-2025-58034) that was observed chained with a recent critical fix, raising concerns about silent patching and disclosure timing. Google patched an actively exploited Chrome V8 0‑day (CVE-2025-13223), and attackers continued to abuse browser notifications, malicious updates, and SaaS integrations to phish and persist. The incidents underscore urgent priorities: patch quickly, scrutinize integrations, and strengthen monitoring and response.

Industrialization of Cybercrime: AI, Speed, Defense

🤖 FortiGuard Labs warns that by 2026 cybercrime will transition from ad hoc innovation to industrialized throughput, driven by AI, automation, and a mature supply chain. Attackers will automate reconnaissance, lateral movement, and data monetization, shrinking attack timelines from days to minutes. Defenders must adopt machine-speed operations, continuous threat exposure management, and identity-centric controls to compress detection and response. Global collaboration and targeted disruption will be essential to deter large-scale criminal infrastructure.

Fortinet Criticized for Silent Patching of Two Zero-Days

⚠️Fortinet has faced criticism for quietly patching two zero-day vulnerabilities in its FortiWeb WAFs before publicly disclosing them. The first, CVE-2025-64446, is rated critical (CVSS 9.4) and involves a GUI path-traversal plus an authentication-bypass flaw; the second, CVE-2025-58034 (CVSS 6.7), is an OS command injection that may allow authenticated code execution. Both fixes were included in the 8.0.2 update on October 28 and have been observed exploited in the wild, prompting calls for greater transparency and urgent patching.

Fortinet Adds AI-Driven Managed IPS Rules for AWS Cloud

🔒 Fortinet is an official launch partner for third-party rules on AWS Network Firewall, introducing Fortinet Managed IPS Rules powered by FortiGuard AI-Powered Security Services. The managed service uses AI/ML from FortiGuard Labs to automatically translate global threat telemetry into continuously updated IPS rules, removing manual tuning and improving detection timeliness. Deployment is fast via AWS Marketplace and integrates natively with AWS Network Firewall, helping teams scale protection across cloud workloads while supporting compliance objectives.

AWS Network Firewall Adds Managed Rules from AWS Partners

🔒 AWS Network Firewall now supports managed rule groups from AWS Partners, enabling customers to deploy partner-maintained, automatically updated security rules directly into firewall policies. You can subscribe and deploy these pre-configured rule groups via the AWS Network Firewall console or through AWS Marketplace, with consolidated billing and potential long-term pricing benefits. Available sellers include Check Point, Fortinet, Infoblox, Lumen, Rapid7, ThreatSTOP, and Trend Micro in all AWS commercial regions where the services are offered.

CISA Orders Rapid Patching for New FortiWeb Flaw Directive

🔒 CISA has ordered U.S. federal agencies to remediate a FortiWeb OS command injection vulnerability (CVE-2025-58034) within seven days after reports of active exploitation. Fortinet warns the flaw can allow an authenticated attacker to execute unauthorized code via crafted HTTP requests or CLI commands. The agency added the issue to its Known Exploited Vulnerabilities Catalog and set a November 25 deadline under BOD 22-01. CISA cited related zero-day activity (CVE-2025-64446) and recommended expedited fixes.

Fortinet Warns: FortiWeb Command Injection CVE-2025-58034

🔔 Fortinet has issued an advisory about a newly discovered FortiWeb vulnerability, CVE-2025-58034, rated CVSS 6.7 and reported as being exploited in the wild. The flaw is an OS command injection that allows an authenticated attacker, who has gained access by other means, to execute arbitrary commands via crafted HTTP requests or CLI input. Fortinet provides version-based upgrade guidance to remediate the issue and credited a Trend Micro researcher for reporting the bug.

Fortinet warns of FortiWeb zero-day being exploited

🚨 Fortinet has released security updates to remediate a new FortiWeb zero-day tracked as CVE-2025-58034, which the vendor says is being actively exploited in the wild. The vulnerability is an authenticated OS command injection (CWE-78) that can allow an attacker to execute code via crafted HTTP requests or CLI commands without user interaction. Fortinet confirmed observed exploitation and published fixes; administrators should upgrade affected FortiWeb appliances to the patched releases as soon as possible.

Fortinet and CSI Launch Global Cybercrime Bounty Program

🛡️ Fortinet and Crime Stoppers International (CSI) have launched the Cybercrime Bounty program, a global initiative enabling secure, anonymous reporting of cybercriminal activity. Validated reports will feed Fortinet’s threat intelligence to support law enforcement investigations and potential prosecutions. The program scales deterrence by combining community-sourced tips with expert analysis, building on decades of Fortinet collaboration with INTERPOL and other public-private partners.

Silent FortiWeb Patch Raises Alarm as Critical Flaw Exploited

🔒 Fortinet's FortiWeb appliances are affected by a critical vulnerability tracked as CVE-2025-64446 that researchers say was exploited in the wild before an official advisory. The issue chains a relative path traversal to an internal CGI backend with an HTTP_CGIINFO header authentication bypass that allows unauthenticated admin impersonation and potential remote code execution. Fortinet released fixes in multiple 7.x and 8.x maintenance updates and recommends disabling HTTP/HTTPS on internet-facing management interfaces if upgrades cannot be applied immediately.

CISA Adds Fortinet FortiWeb Command Injection CVE Advisory

⚠️ CISA has added CVE-2025-58034, a Fortinet FortiWeb OS command code injection vulnerability, to its Known Exploited Vulnerabilities (KEV) Catalog after evidence of active exploitation. The agency recommends a reduced remediation timeframe of one week due to recent and ongoing exploitation and points to BOD 23-02 for steps to limit exposure from internet-accessible management interfaces. Although BOD 22-01 applies to Federal Civilian Executive Branch agencies, CISA strongly urges all organizations to prioritize timely remediation and vulnerability management for KEV entries.