All news with #fortinet tag

🔒 Ivanti, Fortinet, SAP, VMware, n8n and dozens of other vendors have released security updates addressing multiple high- and critical-severity flaws that enable authentication bypass, information disclosure, local privilege escalation, and remote code execution. Highlights include a critical Ivanti Xtraction file-name control flaw (CVE-2026-8043), Fortinet authentication and sandbox execution bugs, SAP SQL injection and missing-auth issues, and a TOCTOU local privilege escalation in VMware Fusion. Administrators should prioritize applying the vendor-recommended patches immediately.

🔒 Fortinet released Patch Tuesday updates addressing two critical remote code execution vulnerabilities: FortiAuthenticator (CVE-2026-44277) and FortiSandbox (CVE-2026-26083), both rated 9.1. The flaws permit unauthenticated attackers to execute arbitrary commands; Fortinet advises upgrading FortiAuthenticator to 6.5.7/6.6.9/8.0.3 and FortiSandbox to 4.4.9 or 5.0.2. Both issues were found internally and have not yet been observed exploited in the wild, but Fortinet RCEs have been weaponized previously. Administrators should prioritize immediate patching and monitor credentials and logs.

🔒 Fortinet issued security updates to address two critical remote code execution flaws affecting FortiAuthenticator (CVE-2026-44277) and FortiSandbox (CVE-2026-26083). The FortiAuthenticator issue was fixed in versions 6.5.7, 6.6.9 and 8.0.3, while FortiSandbox and its cloud/PaaS WEB UI received patches for a missing authorization weakness. Fortinet noted the cloud IDaaS service is not impacted and there are no reports of active exploitation.

📡 Fortinet today announced the FortiExtender WAN 50G (FEW-50G), a purpose-built 5G gateway that extends WAN connectivity to the FortiGate Next-Generation Firewall, targeting high-throughput distributed edge and AI workloads. It delivers dual 5GE interfaces and eight internal omnidirectional antennas to provide low-latency, high-bandwidth wireless links that rival fiber in flexibility and deployment speed. Integrated with FortiOS, FortiAIOps, and cloud management, the FEW-50G supports OOB access, VRRP failover, ACLs during outages, and zero-touch provisioning for large-scale deployments.

🔒 Fortinet released its 2025 Sustainability Report, outlining progress in securing the digital world, reducing environmental impact, expanding cybersecurity education, and strengthening governance. The company expanded AI-driven threat protection across its portfolio and introduced quantum-safe capabilities in FortiOS. It also improved product energy efficiency—up to a 62% reduction for select models—and has trained over 914,800 people toward its 1M goal.

🔒 AWS Network Firewall supports expanded managed rule groups from AWS Marketplace partners, allowing rule groups to include up to 10 million domain indicators and 1 million IP addresses. Partners including Infoblox, Lumen, and ThreatSTOP are adding protections for high-risk domains, command-and-control blocking, and sanctions compliance. Managed rules from sellers like Check Point, Fortinet, Rapid7, and Trend Micro provide ready-to-deploy, continuously updated protections and are now available in additional regions.

🔐 AI is compressing the timeline of cyber risk, turning vulnerabilities that once took weeks to exploit into issues weaponized in hours, while also enabling defenders to analyze and mitigate faster. Fortinet has used AI in FortiGuard Labs since 2015 and now leverages generative and frontier models—including early access to Anthropic’s Mythos preview—to scale code analysis, threat hunting, and automated remediation. The recommendation is clear: embed AI across development, detection, and response, shorten mitigation cycles with automation and virtual patches, and design systems for continuous, integrated security.

🔒 Fortinet FortiGuard Labs and Palo Alto Networks Unit 42 report that threat actors are exploiting a command injection flaw, CVE-2024-3721, in TBK DVR devices to deliver a Mirai-family loader tracked as Nexcorium. The loader installs architecture-specific binaries, establishes persistence via crontab and systemd, and uses hard-coded credential lists plus an exploit for CVE-2017-17215 to spread to Huawei HG532 devices. Unit 42 also observed automated scans targeting EoL TP-Link routers via CVE-2023-33538, though initial attempts were flawed and did not achieve compromise. Researchers warn that unpatched, unsupported IoT devices and default credentials continue to enable large-scale DDoS botnets and recommend replacing EoL hardware and removing default passwords.

🛡️ FortiGuard Labs analyzed exploitation of CVE-2024-3721 against TBK DVR devices that delivered a Mirai-style, multi-architecture botnet named Nexcorium. The campaign used a downloader called "dvr" (nexuscorp-prefixed binaries) and a custom "X-Hacked-By" HTTP header linked to a suspected "Nexus Team" actor. Nexcorium includes scanning, brute-force credential lists, multiple persistence methods, integrity checks, and a broad DDoS toolkit controlled by a central C2.

🔒 April's Patch Tuesday addresses critical vulnerabilities across major vendors. Patches fix a near-critical SQL injection in SAP (CVE-2026-27681) that enables arbitrary database commands, an actively exploited RCE in Adobe Acrobat Reader (CVE-2026-34621), and numerous high-severity Microsoft, Fortinet, and ColdFusion issues. FortiSandbox fixes close authentication-bypass and command-injection holes, while Adobe's ColdFusion updates remediate multiple code execution and path-traversal flaws. Organizations should prioritize vendor updates and apply mitigations where immediate patching is not possible.

🔒 Security researchers have observed a sharp rise in brute-force attempts aimed at edge devices, notably SonicWall and Fortinet appliances, with 88% of observed traffic traced to the Middle East. Barracuda reports most attempts failed, often blocked or directed at invalid usernames. The activity peaked between February and March and accounted for 56% of confirmed incidents targeting perimeter devices. Analysts warn these probes increase the risk posed by weak credentials or misconfigurations and urge stronger controls.

🛡️ CISA on Apr 14, 2026 added six vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog after observing active exploitation. The flaws affect Fortinet FortiClient EMS, Microsoft components (Exchange Server, Windows drivers, Host Process for Windows Tasks, VBA) and Adobe Acrobat Reader, and include SQL injection, deserialization, out-of-bounds read, use-after-free and insecure library loading. Federal civilian agencies must remediate by April 27, 2026.

🏆 Fortinet’s Training Institute has been honored with multiple industry awards that validate its sustained investment in cybersecurity education and certification. The institute continues to expand the NSE Certification program with role-based pathways and a global ecosystem spanning over 150 countries and 800 academic partners. Fortinet also delivers a SaaS-based Security Awareness and Training service—now offered in an education edition free to primary and secondary schools—and has pledged to train 1 million people by the end of 2026.

🔍 Shadow AI describes the unsanctioned use of generative AI by employees, which is growing faster than most organizations can monitor or control. When staff submit internal documents, customer data, or source code to public GenAI services, organizations frequently lack visibility into how that data is processed, stored, or reused. Traditional security architectures and fragmented point solutions cannot correlate the signals needed to assess risk end to end. Fortinet recommends combining network visibility (FortiOS and FortiGuard Labs), endpoint enforcement (FortiDLP), and cloud-delivered policy (FortiSASE) to detect, govern, and control shadow AI usage.

🔍 Fortinet has expanded its portfolio of independently verified environmental product declarations (EPDs) by achieving ISO 14025 certification for the FortiGate 90G/91G series. This milestone makes Fortinet the first cybersecurity vendor to publish International EPDs for three major firewall families, joining the FortiGate 50G and FortiGate 40F. Each EPD is grounded in a Life Cycle Assessment and verified under PCR 2024:06, delivering standardized, auditable environmental data to support procurement, regulatory reporting, and Scope 3 transparency.

🚨 Fortinet has released an emergency hotfix for FortiClient EMS to address a critical authentication-bypass vulnerability tracked as CVE-2026-35616 that permits unauthenticated remote code execution. The flaw carries a CVSS score of 9.1 and affects on-premises EMS versions 7.4.5 and 7.4.6; FortiClient Cloud and FortiSASE were patched server-side and a full fix is planned for 7.4.7. Organizations should apply the hotfix to EMS Linux servers, audit API logs and recent configuration changes, and restore or rebuild instances if compromise is suspected.

🔐 Fortinet has released an emergency hotfix for FortiClient Enterprise Management Server (EMS) to address a critical improper access control flaw tracked as CVE-2026-35616 (CVSS 9.1) that is being exploited in the wild. The vendor said the interim hotfix for EMS 7.4.5 and 7.4.6 fully prevents the issue and that a permanent fix will be included in 7.4.7. Security vendor Defused also reported a separate critical SQL injection, CVE-2026-21643 (CVSS 9.8), with active exploit activity; customers were urged to upgrade to 7.4.5 or later or at minimum disconnect the administrative web interface from the internet.

⚠️ CISA has ordered federal agencies to patch FortiClient EMS instances by April 9 after the discovery of CVE-2026-35616, a pre-authentication API access bypass. Fortinet released emergency hotfixes and said unauthenticated attackers can execute code via specially crafted requests. Administrators are urged to apply hotfixes or upgrade to 7.4.7 immediately to mitigate active exploitation.

🔒 FortiOS 8.0 delivers a unified operating system to simplify security and networking across hybrid, multi-cloud, and IT/OT environments. The release consolidates controls through the Fortinet Security Fabric and adds features such as SASE Outpost, Sovereign SASE, unified SD‑WAN, and multipath IPsec for resilient connectivity. It also extends OT support and compliance with standards like NERC CIP and IEC 62443. Key risk-focused updates include MCP observability, image OCR in FortiGuard DLP, agentic AI automation, and FIPS 204/205 hybrid cryptography to mitigate quantum risk.

⚠ CISA has added one vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog: CVE-2026-35616, an Improper Access Control flaw affecting Fortinet FortiClient EMS. The agency reports evidence of active exploitation and highlights that this vulnerability class is a common attack vector posing significant risks to the federal enterprise. Under BOD 22-01, Federal Civilian Executive Branch agencies must remediate KEV items by their due dates, and CISA urges all organizations to prioritize timely remediation.