All news with #fortinet tag

🔒 Fortinet marks the 10-year anniversary of NSE 8, its most rigorous certification that validates expert-level ability to architect, implement, and troubleshoot complex security environments. Unlike memorization-based tests, NSE 8 requires hands-on, real-world problem solving under pressure and synthesis across networking and security domains. The credential signals operational judgment and helps close critical gaps in organizational capability.

🔒 Certification has shifted from a compliance checkbox to a practical control CISOs use to demonstrate how security is designed, governed, and sustained. Fortinet frames credible certification programs as evidence that processes such as vulnerability handling, lifecycle management, and secure development are enforced and repeatable, not ad hoc. The company highlights more than 130 active certifications and its recent IEC 62443-4-1 Maturity Level 2 achievement, and points stakeholders to the Fortinet Trust Portal for transparent, verifiable documentation.

🔒 Fortinet researchers disclosed a phishing campaign that chains a legacy Microsoft Office vulnerability (CVE-2018-0802) with fileless execution to deliver the commercially available XWorm RAT. The attack begins with business-themed lures and a malicious Excel add-in, then pivots into HTA and PowerShell stages to keep most activity off disk. A memory-resident .NET stage is hollowed into msbuild.exe, and XWorm communicates with AES-encrypted C2 while supporting modular plugins that enable credential theft, data exfiltration, and other operator actions.

🤖 AI is now central to cybersecurity strategies, accelerating detection and automation while also enabling more sophisticated attacks. The 2025 Global Cybersecurity Skills Gap report finds 97% of organizations use or plan to use AI, but 48% cite lack of AI expertise as their biggest implementation challenge. Organizations must pair AI tooling with human oversight, training, and validation to avoid misconfiguration and false confidence. Fortinet highlights training and certifications to help close the gap.

🔍 FortiGuard Labs observed a phishing campaign delivering a new XWorm RAT variant via malicious Excel attachments that exploit CVE-2018-0802 to execute embedded shellcode. The chain uses an obfuscated HTA and PowerShell to load a fileless .NET module, which downloads a PE in memory and uses process hollowing into Msbuild.exe to run XWorm. The RAT establishes AES-encrypted C2, supports extensive commands and plugins, and enables data theft, remote control, DDoS, and ransomware operations. Fortinet protections including FortiMail, AV, IPS, and Web Filtering are effective against observed indicators.

⚠️ Fortinet has issued updates to remediate a critical SQL injection vulnerability (CVE-2026-21643) in FortiClientEMS that could allow unauthenticated attackers to execute arbitrary code via specially crafted HTTP requests. The flaw is rated CVSS 9.1 and affects FortiClientEMS 7.4.4; Fortinet advises upgrading to 7.4.5 or later. Gwendal Guégniaud is credited with reporting the issue, and users are urged to apply the fixes promptly.

🔒 Kaspersky has released a set of SIEM correlation rules to detect exploitation of FortiCloud SSO authentication bypasses in Fortinet products. The rules target activity related to CVE-2025-59718, CVE-2025-59719, and CVE-2026-24858, which allow an attacker with a FortiCloud account to access devices when SSO is enabled. The downloadable package ([OOTB] FortiCloud SSO abuse package – ENG) contains IOC, critical admin action, and suspicious activity rule groups; administrators should tune exceptions to reduce false positives and ensure Fortinet events are fully normalized with the "Extra" field populated for effective detection.

🛡️ Fortinet has been named a 2026 Gartner Peer Insights Customers’ Choice for Endpoint Protection Platforms, marking its fourth consecutive year receiving the distinction. The recognition is based on verified end‑user reviews through November 2025, yielding a 4.8/5 overall rating and a 98% willingness to recommend from 168 ratings. Fortinet highlights its unified FortiEndpoint agent — combining FortiEDR and FortiClient — to deliver EPP, EDR, ZTNA, vulnerability management, centralized management, and simplified operations with minimal performance impact.

🔒Fortinet convened a cross-sector panel at the World Economic Forum Annual Meeting in Davos to explore how incentives can shift the economics of cybercrime. Panelists from law enforcement, industry, and civil society highlighted the limits of voluntary intelligence sharing and the need for structured collaboration. Initiatives like the Cybercrime Bounty and the Cybercrime Atlas were presented as practical mechanisms to accelerate validated, anonymous reporting and enable faster action against transnational threats.

🔒 Fortinet's Accelerate 2026 returns to Las Vegas March 9–13, bringing customers, partners, and industry leaders together at the Mandalay Bay Convention Center for keynotes, technical sessions, and an expansive Tech Expo. The event emphasizes an integrated platform approach to secure networking, unified SASE, cloud and OT protection, and AI-enhanced detection and automation. Customer-led sessions from organizations such as Lowe’s, TJX, and ExxonMobil will share practical implementations, while attendees can pursue certifications, hands-on workshops, and the Fortinet Ultimate Fabric Challenge to translate strategy into operational outcomes.

🔒 Fortinet's FortiGuard Incident Response describes a protracted Interlock intrusion that targeted education organizations, linking MintLoader initial access to NodeSnakeRAT and Interlock RAT implants. The report highlights a novel process-killer, Hotta Killer, that abuses a signed but vulnerable gaming anti-cheat driver (CVE-2025-61155) in a BYOVD technique to terminate security processes. Operators exfiltrated about 250 GB using AZCopy before deploying JavaScript and ELF ransomware across Windows and Nutanix hosts. FortiGuard recommends blocking unnecessary remote-access tools, restricting PowerShell egress, and monitoring anomalous driver installations.

🔒 Fortinet released guidance after disclosure of CVE-2026-24858, an authentication bypass in FortiCloud single sign-on (SSO) that can allow an attacker with a FortiCloud account to access devices registered to other users. The flaw affects multiple products including FortiOS, FortiManager, FortiWeb, FortiProxy, and FortiAnalyzer. Fortinet temporarily disabled FortiCloud SSO on Jan. 26, 2026 and restored the service with mitigations on Jan. 27; CISA added the CVE to its KEV Catalog and urges operators to check for indicators of compromise and apply vendor updates immediately.

⚠️ Fortinet disclosed a critical authentication-bypass zero-day (CVE-2026-24858) that affects FortiCloud SSO and can let attackers compromise FortiGate, FortiManager, and FortiAnalyzer devices. The vendor temporarily disabled FortiCloud SSO globally on Jan 26 to stop active exploitation and re-enabled it Jan 27 with server-side blocking that prevents logins from vulnerable firmware. FortiOS 7.4.11 is available and additional patched releases are being rolled out; most fixes are still listed as "upcoming."

🔒 Fortinet has released security updates to address a critical authentication bypass (CVE-2026-24858) affecting FortiOS, FortiManager, and FortiAnalyzer. The flaw allows a FortiCloud account with a registered device to access other devices when FortiCloud SSO is enabled, enabling creation of local admin accounts and configuration changes. Fortinet locked malicious FortiCloud accounts, temporarily disabled SSO, and urges customers to update firmware, audit configurations, and rotate credentials.

🔒 Fortinet confirmed a critical FortiCloud SSO authentication bypass (CVE-2026-24858) actively exploited to gain administrative access to customer devices. The company has implemented server-side mitigations that block SSO logins from vulnerable firmware versions while patches for FortiOS, FortiManager, and FortiAnalyzer are developed. Administrators are advised to review accounts and credentials; disabling SSO remains an optional mitigation.

🔒 CISA added CVE-2026-24858 to its Known Exploited Vulnerabilities (KEV) Catalog for a Fortinet Multiple Products Authentication Bypass that leverages an alternate path or channel. The agency reports evidence of active exploitation and characterizes this class of flaw as a frequent and serious attack vector. Under BOD 22-01, federal agencies must remediate KEV entries by their due dates; CISA strongly urges all organizations to prioritize timely remediation, apply vendor patches, implement compensating controls, and monitor for indicators of compromise.

⚡ This weekly recap highlights shifting attack patterns and urgent fixes: an incomplete patch in Fortinet firewalls (CVE-2025-59718/59719) is being actively abused, while the VoidLink Linux malware appears largely produced with AI assistance. Researchers also disclosed a critical GNU InetUtils telnetd flaw (CVE-2026-24061) that can yield root shells. Other notable trends include vishing campaigns targeting major IdPs, malvertising that crashes browsers to deliver a Python RAT, and supply-chain/package compromises; administrators should prioritize exploitable, public-PoC, and KEV-class vulnerabilities.

🔒 Fortinet has confirmed a new attack campaign that exploits an unpatched zero-day vulnerability to bypass authentication across SAML SSO implementations, including FortiCloud SSO. The activity, observed in mid-January, involves extraction of firewall configurations and creation of administrative and VPN-capable accounts. Fortinet is working on a fix and recommends updating to the latest releases, restoring clean backups, rotating all credentials, disabling FortiCloud SSO administrative logins, and restricting administrative access to trusted subnets.

🔒 Fortinet confirmed active exploitation of a FortiCloud SSO authentication bypass affecting fully patched FortiGate firewalls. The vendor said attackers exploited a new attack path that can circumvent patches addressing CVE-2025-59718 and CVE-2025-59719 by using crafted SAML messages when FortiCloud SSO is enabled. Observed activity includes creation of generic admin accounts, configuration changes to enable VPN access, and configuration exfiltration. Fortinet recommends restricting internet-facing administrative access and disabling the admin-forticloud-sso-login feature while a full remediation is finalized.

⚠️ Fortinet confirmed it is still addressing a critical FortiCloud SSO authentication bypass (CVE-2025-59718) after reports that attackers are able to bypass patches and compromise fully updated firewalls. Security firm Arctic Wolf says automated attacks beginning January 15 created VPN-access admin accounts and quickly exfiltrated firewall configurations. Fortinet advises disabling FortiCloud SSO, restricting administrative access with a local-in policy, and treating affected systems as compromised while a full fix is developed.