All news with #fortinet tag

🔐 This article outlines seven certification programs from leading vendors that validate skills in converged, cloud-native Secure Access Service Edge (SASE) architectures. It summarizes entry to professional-level credentials from Cato Networks, Cisco, Fortinet, Netskope, Palo Alto Networks, Versa, and Zscaler, highlighting target audiences, exam formats, costs, and key competencies such as SD‑WAN, ZTNA, CASB and FWaaS. The piece also notes Gartner’s market projection and emphasizes that these credentials address a widening skills gap as enterprises migrate from perimeter-based defenses.

⚠️ Fortinet warned on December 24, 2025 that attackers are actively abusing a five‑year‑old FortiOS SSL VPN flaw, CVE-2020-12812 (CVSS 5.2), to bypass two‑factor authentication under specific configurations. The issue stems from inconsistent case sensitivity between FortiGate local users and LDAP directories: if a username's case does not exactly match the local entry, FortiGate may fall back to LDAP and accept credentials without 2FA. Fortinet reiterated prior patches and published configuration mitigations and commands to disable username case sensitivity, and advised customers to contact support and reset credentials if unauthorized 2FA bypass is detected.

🔐 Fortinet has observed active abuse of FG-IR-19-283 (CVE-2020-12812) in environments where FortiGate and LDAP username case handling differ. In these configurations, a username entered with any case variation that does not exactly match the local FortiGate entry can bypass local 2FA and instead authenticate via an LDAP group fallback. Administrators should enable the appropriate username sensitivity setting or remove unnecessary secondary LDAP groups to block this bypass.

🔐 Fortinet warns that "harvest-now, decrypt-later" attacks make long-term confidentiality vulnerable now and urges organizations to begin quantum readiness today. The company identifies four essential capabilities for enterprise-grade quantum-safe solutions: minimal performance impact, mandatory crypto-agility, adherence to standards, and deployment flexibility. Fortinet highlights hardware acceleration (NP7 ASICs) to preserve throughput, a required Hybrid Mode to combine classical and PQC key exchanges (e.g., DH + ML-KEM), NIST-approved PQC algorithms for interoperability, and optional QKD for highest-assurance links.

⚡ Over the past week attackers exploited flaws in edge and network products from Fortinet, SonicWall, Cisco, and WatchGuard, targeting firewalls and appliances to gain deeper access. Browser extensions and Android TVs were abused for data theft and botnet recruitment. Campaigns by groups such as Ink Dragon, Kimsuky, and LongNosedGoblin deployed implants and innovative delivery chains, highlighting the urgent need for rapid patching, inventory verification, and tighter controls on trusted systems.

🔒 Shadowserver has identified more than 25,000 Fortinet devices online with FortiCloud SSO enabled, amid active exploitation of a critical authentication bypass (CVE-2025-59718/CVE-2025-59719). Researchers report attackers send malicious SAML messages to perform unauthorized SSO, gain admin-level access, and download system configuration files containing hashed credentials, exposed services, and network details. CISA added the flaw to its list of actively exploited vulnerabilities and ordered U.S. agencies to patch within a week; Fortinet notes FortiCloud SSO is only enabled after device registration, but many management interfaces remain publicly reachable.

🔔 CISA has added one new vulnerability to its Known Exploited Vulnerabilities (KEV) Catalog: CVE-2025-14733, an Out-of-Bounds Write vulnerability affecting WatchGuard Firebox. The agency says there is evidence of active exploitation and highlights that BOD 22-01 requires Federal Civilian Executive Branch agencies to remediate KEV entries by their due dates. CISA also urges all organizations to prioritize timely remediation to reduce exposure to active threats.

🔍 Fortinet and academic partners, including UC Berkeley’s CLTC and the Berkeley Risk and Security Lab, collaborated on global tabletop exercises and analysis to assess how AI is reshaping cybercrime. The Singapore TTX demonstrated that AI amplifies existing attack vectors—speeding reconnaissance, phishing, and malware development—while lowering barriers to entry and fostering criminal specialization. Defenders reported that governance, decision rights, and human judgment often mattered more than specific tools, underscoring the need for strong public-private collaboration and human oversight of AI-assisted detection.

🔎 Fortinet and UC Berkeley partners analyzed a Singapore tabletop exercise to assess how AI is reshaping cybercrime and defense. The practitioner perspective complements CLTC’s academic work and shows AI is amplifying existing attack vectors—speeding phishing, reconnaissance, code generation, and malware iteration—while lowering barriers to entry. The exercise highlighted that governance, human judgment, and cross-sector collaboration frequently determine response effectiveness more than specific tools.

🔒 Security researchers and incident response teams warn that threat actors are rapidly exploiting newly disclosed authentication bypass vulnerabilities in Fortinet's FortiOS that affect FortiGate, FortiWeb, FortiProxy and FortiSwitchManager devices. Arctic Wolf reported seeing tens of intrusions since December 12, 2025, and advises that hashed credentials in exfiltrated configurations should be presumed compromised and rotated immediately. CISA has added CVE-2025-59718 to its Known Exploited Vulnerabilities list and Fortinet has released patches; administrators are urged to disable FortiCloud SSO until devices are upgraded and to follow Fortinet's hardening guidance.

🔒 Researchers report active exploitation of two critical FortiCloud SSO authentication bypasses (CVE-2025-59718, CVE-2025-59719) that can grant unauthenticated admin access to multiple Fortinet products. The flaws stem from improper verification of SAML cryptographic signatures, enabling forged assertions to bypass login controls. Attacks observed from December 12 targeted admin accounts and led to exfiltration of system configuration files. Administrators should disable FortiCloud SSO if unable to upgrade and apply vendor patches immediately.

🔔 CISA has added CVE-2025-59718 to its Known Exploited Vulnerabilities (KEV) Catalog after evidence of active exploitation. The vulnerability is described as an improper verification of cryptographic signature affecting multiple Fortinet products and represents a high-risk attack vector. Under BOD 22-01, Federal Civilian Executive Branch agencies must remediate KEV entries by mandated due dates. CISA strongly urges all organizations to prioritize timely remediation and apply vendor fixes or mitigations promptly.

🔒 Arctic Wolf observed active intrusions on December 12, 2025 exploiting two critical Fortinet authentication bypass vulnerabilities (CVE-2025-59718 and CVE-2025-59719). The flaws, both scored 9.8, permit unauthenticated bypass of SSO login via crafted SAML messages when FortiCloud SSO is enabled; Fortinet published patches for FortiOS, FortiWeb, FortiProxy and FortiSwitchManager last week. Attackers used hosting IPs tied to providers such as The Constant Company llc, Bl Networks and Kaopu Cloud Hk Limited to log in as "admin" and export device configurations. Organizations should apply updates immediately, disable FortiCloud SSO until systems are patched, restrict management access and assume compromise if IoCs are present.

🏆 Fortinet has been named a 2025 Gartner Peer Insights™ Customers’ Choice for Enterprise Wired and Wireless LAN Infrastructure, marking the eighth consecutive year of recognition. Based on feedback from 458 verified end users, Fortinet earned a 4.9/5 average rating with 97% saying they would recommend the product. The company attributes the result to its Secure Networking platform that converges networking and security via FortiOS, FortiLink and AI-enabled operations to simplify management and lower risk.

🔒 Fortinet has released patches for two critical cryptographic signature vulnerabilities, CVE-2025-59718 and CVE-2025-59719, that can allow an unauthenticated attacker to bypass FortiCloud SSO using a crafted SAML message on affected FortiOS, FortiWeb, FortiProxy and FortiSwitchManager devices. Administrators are advised to disable FortiCloud SSO immediately if it is enabled, apply vendor updates to non‑vulnerable versions, and then re-enable SSO only after verifying patches. Fortinet notes the feature is not enabled by factory default but can be activated during FortiCare registration; the company and responders recommend using the System -> Settings toggle or the CLI command sequence to disable login until patched.

🔐 Fortinet, Ivanti, and SAP have released urgent patches to address high-severity authentication and code-execution flaws affecting FortiOS, FortiWeb, FortiProxy, FortiSwitchManager, Ivanti Endpoint Manager, and multiple SAP products. Fortinet's issues (CVE-2025-59718, CVE-2025-59719; CVSS 9.8) can allow FortiCloud SSO bypass via crafted SAML messages when that feature is enabled. Ivanti patched a stored XSS (CVE-2025-10573; CVSS 9.6) and additional bugs that could lead to remote code execution, while SAP's update remedies three critical flaws including a 9.9 CVSS code injection. Administrators are urged to apply vendor updates or temporarily disable affected features until systems are patched.

⚠️ Fortinet released patches for two critical FortiCloud SSO authentication bypass vulnerabilities (CVE-2025-59718, CVE-2025-59719) impacting FortiOS, FortiProxy, FortiSwitchManager, and FortiWeb. Attackers can abuse improper cryptographic signature verification in crafted SAML messages to bypass FortiCloud SSO controls. Administrators should disable FortiCloud SSO until devices are patched — either via System -> Settings in the GUI or with the provided CLI command — and apply the vendor firmware updates promptly. Fortinet also fixed related credential and password-hash issues (CVE-2025-59808, CVE-2025-64471).

🔒 In a December 8, 2025 Fortinet post, Ali Bidabadi and Carl Windsor dispel persistent myths about cloud security and emphasize the shared responsibility model. They warn that simple misconfigurations — not sophisticated attacks — often cause large exposures and that cloud-native controls alone leave gaps. The authors recommend adopting CNAPP, third-party NGFW and WAF solutions, and continuous visibility to reduce risk across multi-cloud and hybrid environments.

🔐 The SANS State of ICS/OT Security 2025 report, sponsored by Fortinet, highlights persistent operational risks across critical infrastructure, with high incident rates, extended remediation times, and remote-access exposures. It calls for treating mean time to recovery (MTTR) as a board-level metric, unifying IT/OT visibility, and automating response playbooks. The analysis urges replacing ad hoc remote connectivity with secure, monitored access and integrating OT-specific threat intelligence into enforcement; FortiPAM and FortiGuard AI-Powered Security Services are cited as solutions to improve segmentation, detection, and recovery.

🔒Fortinet positions secure SD-WAN as the essential foundation for effective SASE, arguing that unified networking and security deliver consistent policy enforcement and optimized connectivity across hybrid and cloud environments. Integrated capabilities such as local internet breakout, built-in ZTNA, and application-aware routing reduce latency and attack surface while improving user experience. AI-enhanced operations and centralized management simplify troubleshooting and accelerate deployments.