All news with #fortinet tag

🔒 Fortinet issued an advisory describing two FortiCloud SSO bypass vulnerabilities (CVE-2025-59718 and CVE-2025-59719) discovered during an internal code audit. The flaws allowed crafted SAML assertions to bypass authentication on FortiOS, FortiWeb, FortiProxy, and FortiSwitch Manager when FortiCloud SSO was enabled. Recent reports show active exploitation, including instances against fully patched devices, indicating a new attack path. Fortinet advises monitoring IOCs, restricting administrative access, disabling FortiCloud SSO as a workaround, and treating affected systems as compromised.

🤖 FortiSIEM 7.5 introduces agentic-AI incident management and data sovereignty options to help multinational SOCs balance centralized operations with localized data storage. The release debuts FortiAI-Assist agents — an investigation assistant and a companion assistant — to automate multi-step threat hunting, evidence enrichment, and response guidance. It also includes a free IT/OT Windows agent that requires no centralized management, enhanced federated search, pipeline enrichment, advanced agent templates, and Osquery support for Linux and Windows.

🚨 Cybersecurity firm Arctic Wolf reports automated attacks against Fortinet FortiGate devices that exploit the FortiCloud SSO feature to create rogue admin accounts and rapidly export firewall configurations. The campaign began January 15 and mirrors December exploitation tied to CVE-2025-59718. Observed indicators include SSO logins from cloud-init@mail.io and IP 104.28.244.114. Administrators are advised to disable FortiCloud SSO until Fortinet issues a complete fix.

🔒 Arctic Wolf warns of a new cluster of automated malicious activity that began on January 15, 2026, involving unauthorized configuration changes to Fortinet FortiGate devices. Attackers exploited SAML-related weaknesses (CVE-2025-59718, CVE-2025-59719) to bypass FortiCloud SSO, create generic admin accounts such as cloud-init@mail.io and names like secadmin or itadmin, and export firewall configurations to external IPs. Administrators are advised to disable the admin-forticloud-sso-login setting until mitigations are confirmed.

🚨Fortinet customers report attackers bypassing a previously patched FortiGate authentication flaw (CVE-2025-59718) to create admin accounts on devices running FortiOS 7.4.9 and 7.4.10. Fortinet reportedly plans releases of FortiOS 7.4.11, 7.6.6 and 8.0.0 to fully remediate the issue. Until those updates are available, admins are advised to disable FortiCloud SSO using the GUI or the CLI mitigation steps Fortinet published. Shadowserver found over 25,000 devices with FortiCloud SSO enabled in mid-December, and CISA has listed the vulnerability as actively exploited and ordered expedited patching.

🔐 At the World Economic Forum Annual Meeting 2026 in Davos, Fortinet argues that cybersecurity has evolved into a strategic leadership imperative. Accelerating geopolitical tensions, rapid AI adoption, and surging cyber-enabled crime mean boards and executives must treat cyber risk as enterprise risk rather than a purely technical issue. Fortinet advocates a systemic, cross-sector approach that embeds resilience, accountability, and responsible AI governance into organizational strategy.

🔐At Davos, cybersecurity has risen to the top of the leadership agenda as geopolitical tensions, rapid AI adoption, and escalating cybercrime converge. Fortinet says this is now a systemic strategic challenge that requires board-level accountability, cross-sector collaboration, and resilience designed into operations. The company emphasizes responsible, enterprise-wide adoption of AI in security and stronger intelligence sharing. Initiatives like Fortinet’s Cybercrime Bounty and a Davos panel led by Derek Manky highlight practical, ecosystem-wide approaches to deter and disrupt cybercriminal markets.

⚡ This week’s roundup highlights active exploitation of a critical Fortinet FortiSIEM vulnerability (CVE-2025-64155) that can lead to full appliance compromise, alongside new malware and supply-chain concerns. Researchers also disclosed a clipboard‑hijacking campaign distributed by RedLineCyber and a Reprompt attack that targeted Microsoft Copilot via P2P prompt injection. Other notable items include a cloud-native Linux framework called VoidLink, disruption of the RedVDS criminal service, and an AWS CodeBuild misconfiguration that raised supply‑chain risks. Defenders should prioritize patching high-severity CVEs, harden CI/CD configurations, and treat AI/chatbot integrations and exposed devices as part of the attack surface.

⚠️ Researchers disclosed that a critical Fortinet FortiSIEM vulnerability (CVE-2025-64155) with public proof-of-concept code is being abused in active attacks. Horizon3.ai described the issue as an unauthenticated OS command injection via exposed phMonitor command handlers that enables arbitrary writes and escalation to root, and Fortinet released security updates plus a port-restriction workaround for phMonitor (7900). Administrators should upgrade affected FortiSIEM versions 6.7 through 7.5 to the patched releases and review phMonitor logs for indicators of compromise.

🔒 Fortinet's Education Outreach program partners with Latinas in Cyber (LAIC) to increase representation of Latina women in cybersecurity through mentorship, practical training, and career pathways. Participants report that Fortinet's self-paced coursework and hands-on labs built technical confidence and clarified real-world security roles. Complimentary exam vouchers enabled candidates to pursue Fortinet certifications aligned with employer needs, helping translate training into tangible opportunities and career advancement.

🎉 Fortinet announced its 2026 Customer Excellence Award winners, recognizing organizations that have embedded security into core business strategy and delivered measurable outcomes. Awardees include Monolithic Power Systems, Wendy’s, Group 1 Automotive, Marvell Technologies, and Thames Water, showcasing advances in Secure SD‑WAN, OT protection, and security automation. The program highlights how the Fortinet Security Fabric enables consolidation, scalability, and operational resilience across industries.

⚠️ A critical command injection vulnerability in Fortinet FortiSIEM (phMonitor, tracked as CVE-2025-64155) enables unauthenticated attackers to inject commands and write files that are executed as the root user. Exploit code was disclosed publicly after a responsible disclosure to Fortinet in August 2025, and researchers warn the flaw may have allowed remote root access for nearly three years. Fortinet has released patched builds and advises restricting access to TCP port 7900 and applying updates immediately.

🔓 A critical FortiSIEM vulnerability, tracked as CVE-2025-25256, enables remote unauthenticated attackers to execute arbitrary commands by invoking exposed phMonitor handlers. Horizon3.ai disclosed technical details and published a demonstrative exploit after Fortinet issued patches across supported branches. The flaw combines arbitrary write with privilege escalation to root and affects a range of FortiSIEM releases; Fortinet advises applying the supplied updates or restricting access to the phMonitor port (7900) as a temporary mitigation.

🔒 Fortinet issued patches for a critical FortiSIEM vulnerability (CVE-2025-64155, CVSS 9.4) that permits unauthenticated OS command injection and remote code execution via the phMonitor service on TCP port 7900. The flaw enables argument injection leading to arbitrary file writes as admin and a cron-triggered escalation to root. Affected releases span 6.7–7.4 with fixed builds; 7.5 and FortiSIEM Cloud are not impacted. Apply vendor updates or restrict access to port 7900 as a temporary mitigation.

🔒 Fortinet CISO Carl Windsor argues that 2026 will demand resilience as the central organizing principle for security as AI accelerates both innovation and risk. CISOs must act as de facto chief resilience officers, embedding continuity into AI-augmented operations and assuming AI-enabled failures will occur. He outlines five strategic priorities—business continuity, AI governance, hardened identity, cross‑functional collaboration, and continual adaptation—to contain and absorb disruption.

🔒 Fortinet has joined the ISC2 CPE Submitter program, enabling many Fortinet Training Institute offerings to count as continuing professional education (CPE) credits toward CISSP maintenance. Qualifying activities include NSE certification courses, Fast Tracks, webinars, and other online or in-person sessions; ISC2 recognizes one hour of Fortinet instruction as one CPE credit, up to eight credits per day. Participants must log in to their ISC2 portal and submit the Fortinet course name, duration, and completion date to claim credits.

🔒 Bleeping Computer reports that attackers are actively exploiting an older FortiOS vulnerability, CVE-2020-12812, which can bypass two-factor authentication. Although Fortinet issued a patch in July 2020, researchers say at least 10,000 FortiGate firewalls remain unpatched. Administrators are urged to install the latest updates immediately to mitigate account access risks. Additional measures include restricting administrative access, rotating credentials, and monitoring logs for suspicious activity.

⚠ Administrators continue to find more than 10,000 internet-exposed Fortinet firewalls vulnerable to an active two-factor authentication bypass (CVE-2020-12812) that was patched in July 2020. The flaw in FortiOS SSL VPN permits login without a second factor when username case is altered; Fortinet advised disabling username case sensitivity as a mitigation. Shadowserver reports over 1,300 affected IPs in the U.S. — network owners should patch, apply mitigations, and audit LDAP-dependent management interfaces immediately.

🔒 Cybersecurity in 2025 was defined by high-profile breaches, weaponized AI and renewed focus on supply-chain and vulnerability management. Major events included vendor withdrawals from MITRE ATT&CK evaluations, a large-scale IoT proxy network, a critical Fortinet zero-day in active exploitation, and the fast mitigation of an npm package compromise. New risks such as 'quishing', LLM-driven hallucination attacks and agentic AI guidance from OWASP also shaped the year.

🔒 Fortinet warns that attackers continue to exploit a critical FortiOS vulnerability (CVE-2020-12812) that can bypass two-factor authentication on FortiGate SSL VPNs by changing the case of the username. The issue affects configurations where local users requiring FortiToken are linked to LDAP groups and stems from inconsistent case-sensitive matching between local and remote authentication. Fortinet patched the bug in July 2020 and advised disabling username case sensitivity or removing secondary LDAP group fallbacks if patches cannot be deployed; the vendor reports ongoing abuse against appliances with LDAP configured.