< ciso
brief />
Tag Banner

All news with #fortinet tag

220 articles · page 6 of 11

Accelerate 2026: Future Directions in Secure Networking

🔒 Fortinet's Accelerate 2026 returns to Las Vegas March 9–13, bringing customers, partners, and industry leaders together at the Mandalay Bay Convention Center for keynotes, technical sessions, and an expansive Tech Expo. The event emphasizes an integrated platform approach to secure networking, unified SASE, cloud and OT protection, and AI-enhanced detection and automation. Customer-led sessions from organizations such as Lowe’s, TJX, and ExxonMobil will share practical implementations, while attendees can pursue certifications, hands-on workshops, and the Fortinet Ultimate Fabric Challenge to translate strategy into operational outcomes.
read more →

Interlock Ransomware: New Techniques, Same Old Tricks

🔒 Fortinet's FortiGuard Incident Response describes a protracted Interlock intrusion that targeted education organizations, linking MintLoader initial access to NodeSnakeRAT and Interlock RAT implants. The report highlights a novel process-killer, Hotta Killer, that abuses a signed but vulnerable gaming anti-cheat driver (CVE-2025-61155) in a BYOVD technique to terminate security processes. Operators exfiltrated about 250 GB using AZCopy before deploying JavaScript and ELF ransomware across Windows and Nutanix hosts. FortiGuard recommends blocking unnecessary remote-access tools, restricting PowerShell egress, and monitoring anomalous driver installations.
read more →

Fortinet guidance: ongoing CVE-2026-24858 SSO bypass

🔒 Fortinet released guidance after disclosure of CVE-2026-24858, an authentication bypass in FortiCloud single sign-on (SSO) that can allow an attacker with a FortiCloud account to access devices registered to other users. The flaw affects multiple products including FortiOS, FortiManager, FortiWeb, FortiProxy, and FortiAnalyzer. Fortinet temporarily disabled FortiCloud SSO on Jan. 26, 2026 and restored the service with mitigations on Jan. 27; CISA added the CVE to its KEV Catalog and urges operators to check for indicators of compromise and apply vendor updates immediately.
read more →

Critical FortiCloud SSO Zero-Day Forces Emergency Fix

⚠️ Fortinet disclosed a critical authentication-bypass zero-day (CVE-2026-24858) that affects FortiCloud SSO and can let attackers compromise FortiGate, FortiManager, and FortiAnalyzer devices. The vendor temporarily disabled FortiCloud SSO globally on Jan 26 to stop active exploitation and re-enabled it Jan 27 with server-side blocking that prevents logins from vulnerable firmware. FortiOS 7.4.11 is available and additional patched releases are being rolled out; most fixes are still listed as "upcoming."
read more →

Fortinet fixes FortiOS SSO bypass in active exploitation

🔒 Fortinet has released security updates to address a critical authentication bypass (CVE-2026-24858) affecting FortiOS, FortiManager, and FortiAnalyzer. The flaw allows a FortiCloud account with a registered device to access other devices when FortiCloud SSO is enabled, enabling creation of local admin accounts and configuration changes. Fortinet locked malicious FortiCloud accounts, temporarily disabled SSO, and urges customers to update firmware, audit configurations, and rotate credentials.
read more →

Fortinet blocks exploited FortiCloud SSO zero-day; patch due

🔒 Fortinet confirmed a critical FortiCloud SSO authentication bypass (CVE-2026-24858) actively exploited to gain administrative access to customer devices. The company has implemented server-side mitigations that block SSO logins from vulnerable firmware versions while patches for FortiOS, FortiManager, and FortiAnalyzer are developed. Administrators are advised to review accounts and credentials; disabling SSO remains an optional mitigation.
read more →

CISA Adds Fortinet Authentication Bypass CVE to KEV Catalog

🔒 CISA added CVE-2026-24858 to its Known Exploited Vulnerabilities (KEV) Catalog for a Fortinet Multiple Products Authentication Bypass that leverages an alternate path or channel. The agency reports evidence of active exploitation and characterizes this class of flaw as a frequent and serious attack vector. Under BOD 22-01, federal agencies must remediate KEV entries by their due dates; CISA strongly urges all organizations to prioritize timely remediation, apply vendor patches, implement compensating controls, and monitor for indicators of compromise.
read more →

Weekly Recap: Firewall Flaws, AI-Built Malware, CVEs

⚡ This weekly recap highlights shifting attack patterns and urgent fixes: an incomplete patch in Fortinet firewalls (CVE-2025-59718/59719) is being actively abused, while the VoidLink Linux malware appears largely produced with AI assistance. Researchers also disclosed a critical GNU InetUtils telnetd flaw (CVE-2026-24061) that can yield root shells. Other notable trends include vishing campaigns targeting major IdPs, malvertising that crashes browsers to deliver a Python RAT, and supply-chain/package compromises; administrators should prioritize exploitable, public-PoC, and KEV-class vulnerabilities.
read more →

Fortinet confirms new zero-day targeting SAML SSO on devices

🔒 Fortinet has confirmed a new attack campaign that exploits an unpatched zero-day vulnerability to bypass authentication across SAML SSO implementations, including FortiCloud SSO. The activity, observed in mid-January, involves extraction of firewall configurations and creation of administrative and VPN-capable accounts. Fortinet is working on a fix and recommends updating to the latest releases, restoring clean backups, rotating all credentials, disabling FortiCloud SSO administrative logins, and restricting administrative access to trusted subnets.
read more →

Fortinet: Active FortiCloud SSO Bypass on Patched FortiGate

🔒 Fortinet confirmed active exploitation of a FortiCloud SSO authentication bypass affecting fully patched FortiGate firewalls. The vendor said attackers exploited a new attack path that can circumvent patches addressing CVE-2025-59718 and CVE-2025-59719 by using crafted SAML messages when FortiCloud SSO is enabled. Observed activity includes creation of generic admin accounts, configuration changes to enable VPN access, and configuration exfiltration. Fortinet recommends restricting internet-facing administrative access and disabling the admin-forticloud-sso-login feature while a full remediation is finalized.
read more →

Fortinet confirms FortiCloud SSO auth bypass remains unpatched

⚠️ Fortinet confirmed it is still addressing a critical FortiCloud SSO authentication bypass (CVE-2025-59718) after reports that attackers are able to bypass patches and compromise fully updated firewalls. Security firm Arctic Wolf says automated attacks beginning January 15 created VPN-access admin accounts and quickly exfiltrated firewall configurations. Fortinet advises disabling FortiCloud SSO, restricting administrative access with a local-in policy, and treating affected systems as compromised while a full fix is developed.
read more →

FortiOS Single Sign-On Abuse: Incident Analysis and Guidance

🔒 Fortinet issued an advisory describing two FortiCloud SSO bypass vulnerabilities (CVE-2025-59718 and CVE-2025-59719) discovered during an internal code audit. The flaws allowed crafted SAML assertions to bypass authentication on FortiOS, FortiWeb, FortiProxy, and FortiSwitch Manager when FortiCloud SSO was enabled. Recent reports show active exploitation, including instances against fully patched devices, indicating a new attack path. Fortinet advises monitoring IOCs, restricting administrative access, disabling FortiCloud SSO as a workaround, and treating affected systems as compromised.
read more →

FortiSIEM 7.5 Adds Agentic AI and Data Sovereignty

🤖 FortiSIEM 7.5 introduces agentic-AI incident management and data sovereignty options to help multinational SOCs balance centralized operations with localized data storage. The release debuts FortiAI-Assist agents — an investigation assistant and a companion assistant — to automate multi-step threat hunting, evidence enrichment, and response guidance. It also includes a free IT/OT Windows agent that requires no centralized management, enhanced federated search, pipeline enrichment, advanced agent templates, and Osquery support for Linux and Windows.
read more →

Fortinet FortiGate SSO Exploited to Steal Configs Remotely

🚨 Cybersecurity firm Arctic Wolf reports automated attacks against Fortinet FortiGate devices that exploit the FortiCloud SSO feature to create rogue admin accounts and rapidly export firewall configurations. The campaign began January 15 and mirrors December exploitation tied to CVE-2025-59718. Observed indicators include SSO logins from cloud-init@mail.io and IP 104.28.244.114. Administrators are advised to disable FortiCloud SSO until Fortinet issues a complete fix.
read more →

Automated Attacks Target Fortinet FortiGate SSO Configurations

🔒 Arctic Wolf warns of a new cluster of automated malicious activity that began on January 15, 2026, involving unauthorized configuration changes to Fortinet FortiGate devices. Attackers exploited SAML-related weaknesses (CVE-2025-59718, CVE-2025-59719) to bypass FortiCloud SSO, create generic admin accounts such as cloud-init@mail.io and names like secadmin or itadmin, and export firewall configurations to external IPs. Administrators are advised to disable the admin-forticloud-sso-login setting until mitigations are confirmed.
read more →

Patched FortiGate Firewalls Still Being Compromised

🚨Fortinet customers report attackers bypassing a previously patched FortiGate authentication flaw (CVE-2025-59718) to create admin accounts on devices running FortiOS 7.4.9 and 7.4.10. Fortinet reportedly plans releases of FortiOS 7.4.11, 7.6.6 and 8.0.0 to fully remediate the issue. Until those updates are available, admins are advised to disable FortiCloud SSO using the GUI or the CLI mitigation steps Fortinet published. Shadowserver found over 25,000 devices with FortiCloud SSO enabled in mid-December, and CISA has listed the vulnerability as actively exploited and ordered expedited patching.
read more →

Cybersecurity as a Leadership Imperative at Davos 2026

🔐 At the World Economic Forum Annual Meeting 2026 in Davos, Fortinet argues that cybersecurity has evolved into a strategic leadership imperative. Accelerating geopolitical tensions, rapid AI adoption, and surging cyber-enabled crime mean boards and executives must treat cyber risk as enterprise risk rather than a purely technical issue. Fortinet advocates a systemic, cross-sector approach that embeds resilience, accountability, and responsible AI governance into organizational strategy.
read more →

At Davos: Cybersecurity as a Leadership Imperative

🔐At Davos, cybersecurity has risen to the top of the leadership agenda as geopolitical tensions, rapid AI adoption, and escalating cybercrime converge. Fortinet says this is now a systemic strategic challenge that requires board-level accountability, cross-sector collaboration, and resilience designed into operations. The company emphasizes responsible, enterprise-wide adoption of AI in security and stronger intelligence sharing. Initiatives like Fortinet’s Cybercrime Bounty and a Davos panel led by Derek Manky highlight practical, ecosystem-wide approaches to deter and disrupt cybercriminal markets.
read more →

Weekly Recap: Fortinet Exploits, RedLine & Emerging Threats

⚡ This week’s roundup highlights active exploitation of a critical Fortinet FortiSIEM vulnerability (CVE-2025-64155) that can lead to full appliance compromise, alongside new malware and supply-chain concerns. Researchers also disclosed a clipboard‑hijacking campaign distributed by RedLineCyber and a Reprompt attack that targeted Microsoft Copilot via P2P prompt injection. Other notable items include a cloud-native Linux framework called VoidLink, disruption of the RedVDS criminal service, and an AWS CodeBuild misconfiguration that raised supply‑chain risks. Defenders should prioritize patching high-severity CVEs, harden CI/CD configurations, and treat AI/chatbot integrations and exposed devices as part of the attack surface.
read more →

Critical Fortinet FortiSIEM Flaw Now Exploited in Attacks

⚠️ Researchers disclosed that a critical Fortinet FortiSIEM vulnerability (CVE-2025-64155) with public proof-of-concept code is being abused in active attacks. Horizon3.ai described the issue as an unauthenticated OS command injection via exposed phMonitor command handlers that enables arbitrary writes and escalation to root, and Fortinet released security updates plus a port-restriction workaround for phMonitor (7900). Administrators should upgrade affected FortiSIEM versions 6.7 through 7.5 to the patched releases and review phMonitor logs for indicators of compromise.
read more →