< ciso
brief />
Tag Banner

All news with #fortinet tag

220 articles · page 2 of 11

Critical patches from Fortinet, Ivanti and SAP released

🛡️ Fortinet, Ivanti, and SAP issued security updates addressing multiple critical vulnerabilities that could enable arbitrary code execution and data disclosure. Fortinet fixed a command injection in FortiSandbox (CVE-2026-25089, CVSS 9.1). Ivanti patched two critical Ivanti Sentry flaws (CVE-2026-10520, CVSS 10.0; CVE-2026-10523, CVSS 9.9) that allow remote code execution and admin account creation. SAP released fixes for four critical issues across NetWeaver, ABAP Platform, Commerce Cloud, and Data Hub.
read more →

2026 OT Security Report: Maturity Rising, Risks Persist

🔒 The 2026 Fortinet State of Operational Technology and Cybersecurity Report examines how OT security has moved to board-level attention as connectivity increases risk. Based on a global survey of over 700 OT professionals, the report finds improved visibility and governance but uneven maturity across organizations. Key gaps remain in segmentation, secure remote access, incident response, and regulation readiness.
read more →

Fortinet Q1 2026 Results and Strategic Momentum

📈 Fortinet reported a strong Q1 2026 driven by broad-based demand across Secure Networking, Unified SASE, and AI-Driven Security Operations. Leadership highlighted 31% billings growth, 20% total revenue growth, record non-GAAP operating margin, and $1.01B free cash flow, attributing performance to platform integration, FortiASIC technology, and FortiOS innovation. Executives noted large AI, OT, and distributed infrastructure wins and raised full-year guidance.
read more →

Fortinet Earns AV‑Comparatives EDR Detection Certification

🛡️ Fortinet announces that FortiEDR earned certification in the AV‑Comparatives 2026 EDR Detection Validation Test, with the same EDR capabilities available via FortiEndpoint. The product demonstrated validated visibility across 12 of 14 attack stages, combining active alerts with telemetry to support investigation and threat hunting. AV‑Comparatives evaluated detection visibility mapped to the MITRE ATT&CK framework, highlighting strong coverage for service‑based staging, process injection, and server lateral movement.
read more →

FIFA World Cup 2026: Rising Cybercrime Threats

🛡️ FortiGuard Labs warns that cybercriminals are actively exploiting FIFA World Cup 2026 demand, registering thousands of themed domains and creating fake ticketing sites, malicious apps, and impersonation accounts to steal credentials and payments. Their research found over 13,000 new tournament-related domains and identified numerous scams across social media, underground forums, and stealer telemetry. Organizations and fans are urged to prepare early and verify official channels.
read more →

Fortinet Achieves AV-Comparatives Process Injection Win

🛡️ Fortinet announces that FortiEDR achieved AV-Comparatives 2026 Shellcode Execution/Process Injection certification by successfully preventing or detecting all 15 tested in-memory attack techniques. The evaluation focused on evasive shellcode execution and process injection methods mapped to MITRE ATT&CK T1055. Fortinet also confirmed these EDR capabilities are delivered through FortiEndpoint, and passed false-positive validation to avoid disrupting legitimate applications.
read more →

Inside C0XMO: Cross-Platform Gafgyt Propagation

🛡️ FortiGuard Labs details a new Gafgyt variant, C0XMO, which exploits CVE-2021-27137 in vulnerable DD-WRT firmware to gain remote control of devices. The malware separates scanning into a standalone Python scanner and distributes architecture-specific ELF payloads to multiple Linux platforms. C0XMO implements multi-stage persistence, kills competing botnets, supports extensive DDoS commands, and communicates with a C2 using a custom handshake. Organizations should update firmware, disable unnecessary remote services, and enforce strong credentials to mitigate risk.
read more →

FortiClient EMS exploit delivers credential stealer

🛡️ Arctic Wolf researchers observed threat actors exploiting a critical FortiClient EMS vulnerability (CVE-2026-35616) in May 2026 to push a credential-stealing payload disguised as an endpoint update. The attackers abused EMS management pathways to run malicious PowerShell commands via FortiClient components, modifying configurations to deploy a .cmd script and Base64-encoded PowerShell that downloads and exfiltrates data. Fortinet patched the flaw in FortiClient EMS 7.4.7 and later; attackers targeted managed endpoints and used fortitray.exe to launch the attack.
read more →

Phishing Delivers JavaScript-Driven PureLogs Variant

🛡️ FortiGuard Labs uncovered a phishing campaign using purchase-order-themed emails to deliver a RAR attachment containing an obfuscated JavaScript file that drops and executes a PowerShell script. The PowerShell payload employs fileless techniques and process hollowing to load .NET modules into a suspended MsBuild.exe process, which then extracts and runs a downloader module. The downloader retrieves a fileless PureLogs plugin from a C2 server to harvest credentials, browser data, Discord tokens, and cryptocurrency wallet information before encrypting and exfiltrating it.
read more →

Threat-Informed OT Security for Critical Infrastructure

🔒 Operational technology (OT) environments differ fundamentally from IT and demand a threat-informed approach to security that balances safety, uptime, and continuity. Traditional IT controls can disrupt industrial processes, so visibility, asset context, segmentation, and collaboration between IT and OT teams are essential. Fortinet recommends phased, visibility-first segmentation aligned with ISA/IEC 62443, OT-aware policies, passive discovery, and tailored protections such as virtual patching and secure remote access.
read more →

Critical Patches for Ivanti, Fortinet, SAP, VMware, n8n

🔒 Ivanti, Fortinet, SAP, VMware, n8n and dozens of other vendors have released security updates addressing multiple high- and critical-severity flaws that enable authentication bypass, information disclosure, local privilege escalation, and remote code execution. Highlights include a critical Ivanti Xtraction file-name control flaw (CVE-2026-8043), Fortinet authentication and sandbox execution bugs, SAP SQL injection and missing-auth issues, and a TOCTOU local privilege escalation in VMware Fusion. Administrators should prioritize applying the vendor-recommended patches immediately.
read more →

PawsRunner Steganography Delivers PureLogs Infostealer

🛡️ FortiGuard Labs details a phishing campaign that uses TXZ attachments and environment-variable obfuscation to execute a fileless .NET loader. The loader, tracked as PawsRunner, retrieves encrypted payloads hidden inside PNG images using steganography and delivers the PureLogs infostealer. The campaign abuses multiple network APIs, prioritizes image responses, and uses cat images as cover, with final-stage C2 communication via HTTPS.
read more →

Fortinet fixes critical RCE flaws in Authenticator, Sandbox

🔒 Fortinet released Patch Tuesday updates addressing two critical remote code execution vulnerabilities: FortiAuthenticator (CVE-2026-44277) and FortiSandbox (CVE-2026-26083), both rated 9.1. The flaws permit unauthenticated attackers to execute arbitrary commands; Fortinet advises upgrading FortiAuthenticator to 6.5.7/6.6.9/8.0.3 and FortiSandbox to 4.4.9 or 5.0.2. Both issues were found internally and have not yet been observed exploited in the wild, but Fortinet RCEs have been weaponized previously. Administrators should prioritize immediate patching and monitor credentials and logs.
read more →

Fortinet: RCE in FortiSandbox and FortiAuthenticator

🔒 Fortinet issued security updates to address two critical remote code execution flaws affecting FortiAuthenticator (CVE-2026-44277) and FortiSandbox (CVE-2026-26083). The FortiAuthenticator issue was fixed in versions 6.5.7, 6.6.9 and 8.0.3, while FortiSandbox and its cloud/PaaS WEB UI received patches for a missing authorization weakness. Fortinet noted the cloud IDaaS service is not impacted and there are no reports of active exploitation.
read more →

Fortinet FortiExtender WAN 50G for Distributed Edge

📡 Fortinet today announced the FortiExtender WAN 50G (FEW-50G), a purpose-built 5G gateway that extends WAN connectivity to the FortiGate Next-Generation Firewall, targeting high-throughput distributed edge and AI workloads. It delivers dual 5GE interfaces and eight internal omnidirectional antennas to provide low-latency, high-bandwidth wireless links that rival fiber in flexibility and deployment speed. Integrated with FortiOS, FortiAIOps, and cloud management, the FEW-50G supports OOB access, VRRP failover, ACLs during outages, and zero-touch provisioning for large-scale deployments.
read more →

Fortinet 2025 Sustainability Report: Security and Impact

🔒 Fortinet released its 2025 Sustainability Report, outlining progress in securing the digital world, reducing environmental impact, expanding cybersecurity education, and strengthening governance. The company expanded AI-driven threat protection across its portfolio and introduced quantum-safe capabilities in FortiOS. It also improved product energy efficiency—up to a 62% reduction for select models—and has trained over 914,800 people toward its 1M goal.
read more →

AWS Marketplace Expands Network Firewall Managed Rules

🔒 AWS Network Firewall supports expanded managed rule groups from AWS Marketplace partners, allowing rule groups to include up to 10 million domain indicators and 1 million IP addresses. Partners including Infoblox, Lumen, and ThreatSTOP are adding protections for high-risk domains, command-and-control blocking, and sanctions compliance. Managed rules from sellers like Check Point, Fortinet, Rapid7, and Trend Micro provide ready-to-deploy, continuously updated protections and are now available in additional regions.
read more →

Supercharged Security: Responding to Frontier AI Risks

🔐 AI is compressing the timeline of cyber risk, turning vulnerabilities that once took weeks to exploit into issues weaponized in hours, while also enabling defenders to analyze and mitigate faster. Fortinet has used AI in FortiGuard Labs since 2015 and now leverages generative and frontier models—including early access to Anthropic’s Mythos preview—to scale code analysis, threat hunting, and automated remediation. The recommendation is clear: embed AI across development, detection, and response, shorten mitigation cycles with automation and virtual patches, and design systems for continuous, integrated security.
read more →

Mirai Variant 'Nexcorium' Exploits TBK DVR, TP‑Link Flaws

🔒 Fortinet FortiGuard Labs and Palo Alto Networks Unit 42 report that threat actors are exploiting a command injection flaw, CVE-2024-3721, in TBK DVR devices to deliver a Mirai-family loader tracked as Nexcorium. The loader installs architecture-specific binaries, establishes persistence via crontab and systemd, and uses hard-coded credential lists plus an exploit for CVE-2017-17215 to spread to Huawei HG532 devices. Unit 42 also observed automated scans targeting EoL TP-Link routers via CVE-2023-33538, though initial attempts were flawed and did not achieve compromise. Researchers warn that unpatched, unsupported IoT devices and default credentials continue to enable large-scale DDoS botnets and recommend replacing EoL hardware and removing default passwords.
read more →

Nexcorium Mirai Variant Exploits TBK DVR Vulnerability

🛡️ FortiGuard Labs analyzed exploitation of CVE-2024-3721 against TBK DVR devices that delivered a Mirai-style, multi-architecture botnet named Nexcorium. The campaign used a downloader called "dvr" (nexuscorp-prefixed binaries) and a custom "X-Hacked-By" HTTP header linked to a suspected "Nexus Team" actor. Nexcorium includes scanning, brute-force credential lists, multiple persistence methods, integrity checks, and a broad DDoS toolkit controlled by a central C2.
read more →