< ciso
brief />
Tag Banner

All news with #fortinet tag

220 articles

Fortinet Unified SASE: Architecture Built for AI Era

🔒 Fortinet outlines why unified SASE must be genuinely integrated rather than assembled from disparate products. The company highlights AI-driven security, autonomous operations, and digital experience convergence as core innovations within its FortiOS-based platform. Fortinet emphasizes hardware acceleration with FortiASIC, sovereign deployment options, and consistent policy enforcement across cloud, edge, and on-premises environments. Customer recognitions and analyst placements are cited as validation of the platform’s maturity.
read more →

FortiBleed ties stolen Fortinet credentials to ransomware

🛡️ SOCRadar links the FortiBleed credential-theft campaign to the INC and Lynx ransomware operations after finding a Windows server used by FortiBleed that contained access to ransomware negotiation panels. Investigators discovered FortiGate configuration files, harvested credentials, and a custom "FortiGate Sniffer" tool that intercepted VPN and authentication data. The operation targeted hundreds of thousands of devices and deployed sniffers on thousands, with ongoing investigation into additional servers, a suspected Nextcloud zero-day, and overlapping victim data.
read more →

Ousaban banking trojan targets Spain and Portugal

🛡️ Fortinet's FortiGuard Labs uncovered a May 2026 campaign deploying the Brazilian banking trojan Ousaban against Windows users who bank in Spain and Portugal. The attack begins with a deceptive PDF that either prompts victims to click an "Atualizar" button or auto-opens a malicious page; successful targets download a steganographic image that conceals a ZIP containing the malware. Ousaban monitors browser activity for over two dozen Iberian banks and can capture keystrokes, screenshots, tamper with the clipboard, display fake messages, and grant remote control to attackers.
read more →

Fortinet Update on Frontier AI Use in Security

🔒 Fortinet describes its integration of frontier AI models (Anthropic’s Glasswing/Mythos and OpenAI’s Daybreak/GPT 5.5 Cyber) alongside on-premises models to scale security testing across firmware, source code, and penetration testing. The company emphasizes responsible innovation, mature vulnerability management, and human validation of AI findings. Fortinet reports limited exploitable firmware issues but greater findings from source-code analysis and commits to mitigation, virtual patching, and secure-by-default deployments.
read more →

Fortinet Supports INTERPOL Operation CyberProtect III

🔎 Fortinet contributed to INTERPOL’s Operation CyberProtect III by providing intelligence and analysis through its role in the World Economic Forum’s Cybercrime Atlas. The four-day initiative helped identify dozens of suspicious cases, suspect profiles, and potential victims on content subscription platforms. The operation highlighted trends such as encrypted messaging, coded language, cryptocurrency payments, and AI-generated profiles used to facilitate exploitation.
read more →

Shai Hulud CI/CD to Redshift breach analysis

🔍 This FortiGuard Labs analysis examines the Shai Hulud supply chain worm that poisoned CI/CD dependencies to harvest Jenkins credentials and pivot into AWS. The report outlines a mid‑May 2026 incident where FortiCNAPP traced external use of a Jenkins instance role, IAM escalation to a cloudops-monitor identity, and subsequent Redshift data extraction. It highlights detection signals, MITRE mappings, and recommended containment actions.
read more →

Fortinet launches product carbon footprint calculator

🌱 Fortinet has introduced a Product Carbon Footprint (PCF) Calculator that provides greenhouse gas emissions estimates for more than 790 products. The publicly accessible, free tool uses internationally recognized standards like ISO 14040 and ISO 14067 and includes country-specific emission factors. It supports lifecycle analysis across manufacturing, use, and end-of-life stages to help customers and partners incorporate environmental data into procurement and reporting.
read more →

Large-Scale Credential Attacks Targeting Edge Devices

🔐 Unit 42 observed a large-scale password spraying and credential theft campaign (dubbed “FortiBleed”) targeting Fortinet devices, with additional attempts seen against MSSQL and reports of Sophos targeting. The actors use curated password lists derived from prior breaches and vulnerabilities, then perform configuration extraction and offline cracking to escalate privileges and persist. Unit 42 urges auditing remote access logs, applying hardening guidance, requiring MFA, and keeping systems patched to mitigate risk.
read more →

Analysis of Reported Credential Compromise of FortiGate

🔐 Fortinet has observed malicious actors harvesting FortiGate credentials in an activity labeled "FortiBleed." Their initial analysis indicates attackers are reusing credentials from prior incidents and leveraging brute-force techniques against devices lacking strong passwords and multi-factor authentication. This is not a new Fortinet vulnerability and is unrelated to recent advisories. Fortinet is investigating, notifying impacted customers, and recommending immediate defensive actions and hardening.
read more →

CISA Warns Fortinet Customers Amid FortiBleed Campaign

🔒 The U.S. Cybersecurity and Infrastructure Security Agency (CISA) urged Fortinet customers to secure FortiGate appliances after a large-scale campaign, dubbed FortiBleed, compromised 86,644 devices as of June 19, 2026. The campaign, attributed to Russian-speaking actors, used mass scanning and credential spraying against internet-facing VPN and firewall endpoints, leveraging leaked and reused credentials. Telecom, government, and education sectors were heavily affected, prompting guidance to reset passwords, enable MFA, and move to PBKDF2 hashing for admin credentials.
read more →

CISA Urges Fortinet Users to Secure Devices Now

🔒 The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned Fortinet customers to secure devices after nearly 74,000 firewall and VPN credentials were exposed in a leak dubbed "FortiBleed." The agency advised terminating SSL VPN and admin sessions, resetting passwords, enabling phishing-resistant multifactor authentication, and reviewing logs for signs of unauthorized access. CISA also recommended using PBKDF2 for admin credential storage and restricting management interfaces from the public internet.
read more →

CISA urges hardening of Fortinet devices after breaches

🔒 CISA warns that malicious actors have targeted internet-accessible Fortinet devices using compromised credentials, a campaign dubbed FortiBleed affecting roughly 74,000 devices including firewalls and VPN gateways. The agency urges immediate actions such as terminating active SSL VPN and administrative sessions, resetting credentials, enforcing strong password policies, and ensuring secure credential storage using PBKDF2. Organizations should review logs for suspicious activity, enable phishing-resistant MFA for remote and administrative access, and restrict management interfaces from public internet exposure.
read more →

Operation Escaneo exposes Latin American intrusions

🔍 New research from CloudSEK reveals Operation Escaneo, a coordinated campaign targeting government and financial entities across Latin America after attackers left a staging server exposed. The group exploited internet-facing appliances and known vulnerabilities in Fortinet and Ivanti devices, plus Apache Tomcat, Windows, and Log4Shell flaws. Attackers used custom reconnaissance (Kimera), webshells, reverse tunnels and a compromised Cisco router to exfiltrate large volumes of sensitive data.
read more →

Fortibleed campaign exposes 75,000 Fortinet firewalls

🔒 Researchers have uncovered a large credential-compromise campaign called Fortibleed that exposed tens of thousands of Fortinet FortiGate devices worldwide. Analysis by SOCRadar, Hudson Rock, and independent researchers found stolen configuration files, administrator and SSL VPN credentials, and tooling used to automate collection and cracking. Affected devices span 194 countries, with roughly 75,000 devices reportedly compromised, prompting urgent remediation advice including credential rotation and upgrading to modern FortiOS hashes.
read more →

FortiBleed leak exposes Fortinet VPN credentials

🔒 A newly discovered data leak called FortiBleed appears to expose Fortinet and FortiGate VPN credentials for 73,932 firewall URLs worldwide. Researcher Bob Diachenko discovered a server containing usernames, emails, and plaintext passwords and linked the collection to a Russian-speaking multi-operator group that performed massive credential harvesting and cracking. Hudson Rock and other researchers validated the dataset, noting impacts across many industries and countries, and urged affected organizations to rotate credentials and enforce MFA.
read more →

Attackers Exploit Multiple Fortinet FortiSandbox Bugs

🔍 Threat intelligence firm Defused Cyber reports active exploitation of three high-severity Fortinet FortiSandbox vulnerabilities observed within 24 hours. The flaws — CVE-2026-39813, CVE-2026-39808, and CVE-2026-25089 — are high-severity (CVSS 9.1) issues involving path traversal and OS command injection that can enable unauthenticated attackers to bypass authentication or execute commands. Fortinet issued patches for the first two in April 2026 and fixed the third last week; defenders are cautioned to apply updates promptly.
read more →

Critical FortiSandbox Vulnerabilities Actively Exploited

🛡️ Fortinet's FortiSandbox platform is being actively targeted by attackers exploiting multiple recently patched critical vulnerabilities. The flaws (CVE-2026-39813, CVE-2026-39808, CVE-2026-25089) enable unauthenticated privilege escalation and remote code execution through low-complexity command injection, requiring no user interaction. Administrators are urged to upgrade affected systems to the latest releases to block ongoing attacks and reduce exposure.
read more →

Public‑Private Cooperation Is Critical for AI Cyber Defense

🔒 Fortinet highlights World Economic Forum guidance showing how AI is transforming cybersecurity and why public-private cooperation matters. The piece notes that while 91% of organizations are using or testing AI security tools, skill shortages persist and create risk. The Forum’s “Empowering Defenders” paper, to which Fortinet contributed, emphasizes operational integration, governance, workforce readiness, and practical pilot-to-scale approaches for AI in security.
read more →

Fortinet and MITRE CTID Strengthen Threat-Informed Defense

🔍 Fortinet highlights its role as a research partner with the MITRE Center for Threat-Informed Defense (CTID), contributing threat intelligence, operational expertise, and research to practical R&D projects. The CTID impact report (2019–2025) demonstrates collaborative efforts to map adversary behavior to detection, controls, and cloud security. Fortinet’s contributions focus on operationalizing ATT&CK-based frameworks, improving detection quality, and advancing program maturity across cloud, identity, and AI-driven workflows.
read more →

Fake AI Guides Used to Deliver AsyncRAT Trojan

🛡️ Fortinet researchers uncovered a campaign where threat actors disguise malware as AI study guides and developer resources to deliver a multi-stage attack culminating in the AsyncRAT trojan. The booby-trapped archives contain shortcut (LNK) files and hidden documents that trigger staged scripts, using trusted system tools and AutoHotkey repurposed as an execution engine to evade detection. Attackers deploy scheduled tasks disguised as Realtek services, process hollowing to run payloads inside legitimate .NET processes, and hide components in decoy files to keep victims unaware while PowerShell stages execute silently.
read more →