All news with #fortinet tag

🔒 The Fortinet NSE 8 Cybersecurity Expert credential represents the pinnacle of technical achievement within Fortinet’s certification program, validating deep design, configuration, and troubleshooting skills for complex enterprise environments. Candidates must demonstrate theoretical, conceptual, and practical mastery, plus extensive real-world experience and continuous learning. The article highlights Swedish partner Avoki, which now counts four NSE 8s among its senior engineers, and notes the company’s 2026 integration into iteam. Readers are invited to sign up for an ebook launching March 17 to learn more about paths to NSE 8.

🔒 FortiAIGate provides dedicated runtime protection for private AI and LLM deployments by monitoring every input and output between applications and models. It detects and blocks threats such as prompt injection, jailbreaking, model poisoning, data exfiltration, and excessive compute abuse while enforcing governance policies in real time. Built for Kubernetes and hybrid environments, it integrates with Fortinet Security Fabric, offers dashboards mapping OWASP Top 10 LLM risks, and uses multi‑GPU and SmartNIC acceleration to preserve performance and control costs.

🚨 Security researchers say an open-source, AI-native offensive platform called CyberStrikeAI was used to automate mass scanning and exploitation of Fortinet FortiGate appliances, contributing to compromises of more than 600 devices across 55 countries. Team Cymru traced activity to a Russian-speaking actor after analyzing an IP address and observed 21 unique IPs running the tool between January 20 and February 26, 2026. The tool's GitHub maintainer, known as Ed1s0nZ, has published a range of exploitation and AI-jailbreak utilities and shows interactions with organizations linked to Chinese state cyber capabilities.

🔍 Researchers warn that the open-source platform CyberStrikeAI was observed on infrastructure linked to a recent campaign that compromised hundreds of Fortinet FortiGate devices. Team Cymru analysts identified the service banner on port 8080 at 212.11.64[.]250 and saw communications between that host and targeted FortiGate appliances. The platform integrates over 100 security tools with AI agents to automate end-to-end attack chains, enabling lower-skilled operators to carry out complex exploitation.

🔒 In February 2026 ESET Chief Security Evangelist Tony Anscombe highlights a series of notable incidents: widespread misuse of commercial generative AI, a novel Android malware campaign, increased ATM jackpotting, and destructive attacks against critical infrastructure. Researchers tied more than 600 compromised FortiGate devices in 55 countries to exposed management ports and weak credentials, while ESET documented PromptSpy, the first known Android malware abusing generative AI for context-aware UI manipulation. The FBI warned US ATM operators about a rise in jackpotting, and ESET analyzed a DynoWiper case targeting an energy company. Businesses are urged to strengthen access controls, enforce MFA, close exposed management ports, and improve monitoring for GenAI-related abuse.

🔐 Fortinet's Academic Partner Program partners with the University of South Australia to expand access to cybersecurity careers by delivering NSE training, hands-on labs, and free exam vouchers that remove financial barriers. With more than 800 partner institutions worldwide and a goal to train 1 million individuals by 2026, the initiative readies students for internships and full-time roles. Industry networking events with distributors such as Wavelink translate certification into interviews and hires, while practical lab work builds technical confidence and employability.

🛡️ The 2025 Global Cybersecurity Skills Gap Report shows that human risk and workforce shortages—not technology alone—are driving frequent, costly breaches: in 2024, 86% of organizations experienced at least one breach and 28% reported five or more. Awareness deficits, phishing, and skills gaps account for most incidents, so training must be preventive, continuous, and role-based. Fortinet pairs security products with a broad training and certification program to help organizations close these gaps and improve detection, response, and recovery.

🔒 FortiGate-as-a-Service (FGaaS) delivers full FortiGate firewall capability as a cloud-hosted, consumption-based service running on purpose-built Fortinet hardware in Fortinet-managed, ISO- and SOC 2-certified data centers. It combines the performance and deep inspection of on-prem FortiGate with unified management, FortiGuard threat services, and optional SOC/MSSP-managed operations for faster deployment and predictable OpEx pricing.

🔍 This Fortinet analysis dissects a recent multi-stage campaign deploying Agent Tesla, which targets Windows users with credential theft and keylogging. The chain uses spearphishing with RAR attachments containing obfuscated JSE loaders that fetch encrypted PowerShell scripts and reflectively load .NET assemblies in memory. Operators leverage process hollowing, virtualization and sandbox checks, and SMTP-based exfiltration to minimize detection. Fortinet telemetry and cross-product protections are highlighted to help organizations mitigate the threat.

📡 Fortinet announced Alliance Partnerships with Parsec Technologies and Westermo to deliver ruggedized, rapidly deployable secure connectivity for mobile and fixed cyber-physical systems. The Parsec Emergency Connectivity Kit (ECK) packages preconfigured Fortinet devices with rugged enclosures and high-gain antennas for quick field deployment, available as Bloodhound (mobility) and Pitbull (resilience) models. Westermo integration brings WeOS switches and cellular routers into the Fortinet Security Fabric via IPsec, while FortiAuthenticator and FortiPAM extend identity and privileged access controls for industrial sites.

🛡️ AWS security researchers report a Russian-speaking attacker compromised more than 600 FortiGate firewalls between January 11 and February 18, 2026, by exploiting weak or default passwords rather than product vulnerabilities. The actor used a Google Gemini-based AI tool to pivot to additional hosts and deployed reconnaissance tools written in Go and Python. Analysts found clear signs of AI-assisted code generation. Experts urge strong passwords and enabling MFA.

🛡️Fortinet has achieved IEC 62443-4-1 Maturity Level 2 (ML2) certification for its Secure Product Development Lifecycle (SPDL). This independent certification verifies that Fortinet’s secure development processes are formalized, documented, repeatable, and consistently applied across design, development, verification, validation, release, and maintenance of its security products. SPDL embeds threat modeling, secure-by-design engineering, automated and manual testing, supply chain integrity controls, and a transparent FortiGuard Labs PSIRT vulnerability disclosure process to improve product integrity for IT, OT, and critical infrastructure customers.

🤖 Amazon Threat Intelligence says a Russian-speaking actor used commercial generative AI services to compromise hundreds of FortiGate firewalls by exploiting exposed management interfaces and weak, single-factor credentials. Between Jan. 11 and Feb. 18 the group breached over 600 devices across 55+ countries, then accessed Active Directory, extracted credential databases, and targeted backups. Amazon recommends fundamental controls — restrict management access, enforce MFA, patch perimeter devices, improve segmentation, and enhance detection — noting the attacker’s toolkit and operational plans were largely AI-generated and publicly left on infrastructure used in the campaign.

🔍 Amazon Web Services reported a low-skilled, Russian-speaking actor used commercial GenAI services to run an opportunistic campaign that compromised over 600 FortiGate devices across more than 55 countries between 11 January and 18 February 2026. The attacker scanned internet-exposed management interfaces, attempted commonly reused credentials and relied on AI-assisted scripts to parse stolen configurations and automate VPN access. AWS noted no exploitation of FortiGate vulnerabilities and that AWS infrastructure was not involved. Defenders are urged to prioritize patching, credential hygiene and post-exploitation detection.

🔐 A Russian-speaking, financially motivated actor used commercial generative AI to scale scans and credential guessing against exposed FortiGate management ports, compromising over 600 devices across 55 countries. Amazon Threat Intelligence observed the activity between January 11 and February 18, 2026, noting no FortiGate zero-day exploits were used — the campaign relied on internet-exposed interfaces and weak single-factor credentials. Post-compromise activity included Active Directory theft, credential harvesting, NTLM relay and attempts to target Veeam backup servers, consistent with ransomware preparation.

🔍 Amazon says a Russian-speaking threat actor used commercial AI services to help breach over 600 FortiGate firewalls across 55 countries during a five-week campaign in early 2026. The attacker did not rely on zero-day exploits but instead scanned internet-facing management ports and used brute-force attempts against weak credentials lacking MFA. After gaining access, the actor extracted device configurations (including SSL‑VPN and administrative credentials) and deployed AI-assisted Python and Go tools to parse settings, map networks, and automate reconnaissance. Amazon urges administrators to remove exposed management interfaces, enable MFA, ensure VPN passwords differ from Active Directory credentials, and harden backup systems.

🔐 Amazon Threat Intelligence observed a Russian-speaking, financially motivated actor using commercial generative AI to compromise over 600 FortiGate devices across 55+ countries from 2026-01-11 to 2026-02-18. The campaign did not exploit FortiGate vulnerabilities; it abused exposed management ports and weak single-factor credentials. The actor used AI-generated plans, scripts, and developer assistance to scale credential-based access and automate post-exploitation tasks.

🔒 Fortinet’s Education Outreach Program partners with local organizations to expand access to cybersecurity training and industry-recognized certifications. By offering free NSE curriculum and hands-on labs, the program removes cost and access barriers for learners in underserved regions. Partnerships with EduTek in Guatemala and PAICTA in South Africa demonstrate measurable outcomes: participants gain practical skills in firewall management and network security operations, and many progress into employment and improved professional standing.

⚠️FortiGuard Labs observed targeted phishing campaigns in Taiwan delivering Winos 4.0 (ValleyRat) and modular plugins via weaponized attachments and cloud-hosted links. Lures impersonate tax audits, e-invoice portals, and installer packages to trick recipients. Attackers employ rotating domains, malicious LNK files, DLL sideloading, and BYOVD using the vulnerable driver wsftprm.sys to gain kernel privileges and evade defenses. Fortinet detections include W64/Agent.ATW!tr and multiple email and gateway protections.

🚨 Operation Red Card 2.0 demonstrates how synchronized public‑ and private‑sector action can disrupt transnational fraud. Between December 2025 and January 2026, authorities across 16 African countries used shared intelligence and operational coordination to identify victims, arrest operators, seize devices, and dismantle malicious infrastructure. Fortinet supported the effort through data contributions and the Cybercrime Atlas, helping turn intelligence into enforcement outcomes.