All news with #fortinet tag

📧 Fortinet was named a Challenger in the 2025 Gartner Magic Quadrant for Email Security, reflecting continued progress across its email protection portfolio. FortiMail Email Security and FortiMail Workspace Security combine AI-native detection, sandboxing, DMARC, enhanced BEC and account takeover defenses, and flexible on-premises and cloud deployment options. The company positions this suite as a cost-effective, integrated alternative that also extends protection to web browsers, cloud storage, and collaboration apps.

🔒 Fortinet announced expanded integrations with AWS at re:Invent, including Fortinet Managed IPS Rules for AWS Network Firewall, FortiSASE on AWS Marketplace, and participation in the AWS European Sovereign Cloud. These offerings combine AI-driven FortiGuard threat intelligence, simplified procurement and Euro-denominated options for EU customers. The goal is to reduce operational burden, accelerate compliance with standards like PCI-DSS and HIPAA, and enable rapid deployment and scaling across hybrid and multi-cloud environments.

🛡️ FortiGuard Labs reports new Linux-focused eBPF malware updates in 2025, including 151 new BPFDoor samples and three new Symbiote samples. Both families abuse eBPF to install kernel-level packet filters that enable stealthy C2 channels; Symbiote is using UDP port-hopping across high ports while BPFDoor has added IPv6 and DNS-based filtering. Detection is difficult but Fortinet provides AV and IPS protections.

⚠️ This week’s recap spotlights multiple actively exploited vulnerabilities, supply‑chain compromises, and a record cloud DDoS that forced rapid vendor responses. Fortinet disclosed a FortiWeb OS command injection (CVE-2025-58034) that was observed chained with a recent critical fix, raising concerns about silent patching and disclosure timing. Google patched an actively exploited Chrome V8 0‑day (CVE-2025-13223), and attackers continued to abuse browser notifications, malicious updates, and SaaS integrations to phish and persist. The incidents underscore urgent priorities: patch quickly, scrutinize integrations, and strengthen monitoring and response.

🤖 FortiGuard Labs warns that by 2026 cybercrime will transition from ad hoc innovation to industrialized throughput, driven by AI, automation, and a mature supply chain. Attackers will automate reconnaissance, lateral movement, and data monetization, shrinking attack timelines from days to minutes. Defenders must adopt machine-speed operations, continuous threat exposure management, and identity-centric controls to compress detection and response. Global collaboration and targeted disruption will be essential to deter large-scale criminal infrastructure.

⚠️Fortinet has faced criticism for quietly patching two zero-day vulnerabilities in its FortiWeb WAFs before publicly disclosing them. The first, CVE-2025-64446, is rated critical (CVSS 9.4) and involves a GUI path-traversal plus an authentication-bypass flaw; the second, CVE-2025-58034 (CVSS 6.7), is an OS command injection that may allow authenticated code execution. Both fixes were included in the 8.0.2 update on October 28 and have been observed exploited in the wild, prompting calls for greater transparency and urgent patching.

🔒 Fortinet is an official launch partner for third-party rules on AWS Network Firewall, introducing Fortinet Managed IPS Rules powered by FortiGuard AI-Powered Security Services. The managed service uses AI/ML from FortiGuard Labs to automatically translate global threat telemetry into continuously updated IPS rules, removing manual tuning and improving detection timeliness. Deployment is fast via AWS Marketplace and integrates natively with AWS Network Firewall, helping teams scale protection across cloud workloads while supporting compliance objectives.

🔒 AWS Network Firewall now supports managed rule groups from AWS Partners, enabling customers to deploy partner-maintained, automatically updated security rules directly into firewall policies. You can subscribe and deploy these pre-configured rule groups via the AWS Network Firewall console or through AWS Marketplace, with consolidated billing and potential long-term pricing benefits. Available sellers include Check Point, Fortinet, Infoblox, Lumen, Rapid7, ThreatSTOP, and Trend Micro in all AWS commercial regions where the services are offered.

🔒 CISA has ordered U.S. federal agencies to remediate a FortiWeb OS command injection vulnerability (CVE-2025-58034) within seven days after reports of active exploitation. Fortinet warns the flaw can allow an authenticated attacker to execute unauthorized code via crafted HTTP requests or CLI commands. The agency added the issue to its Known Exploited Vulnerabilities Catalog and set a November 25 deadline under BOD 22-01. CISA cited related zero-day activity (CVE-2025-64446) and recommended expedited fixes.

🔔 Fortinet has issued an advisory about a newly discovered FortiWeb vulnerability, CVE-2025-58034, rated CVSS 6.7 and reported as being exploited in the wild. The flaw is an OS command injection that allows an authenticated attacker, who has gained access by other means, to execute arbitrary commands via crafted HTTP requests or CLI input. Fortinet provides version-based upgrade guidance to remediate the issue and credited a Trend Micro researcher for reporting the bug.

🚨 Fortinet has released security updates to remediate a new FortiWeb zero-day tracked as CVE-2025-58034, which the vendor says is being actively exploited in the wild. The vulnerability is an authenticated OS command injection (CWE-78) that can allow an attacker to execute code via crafted HTTP requests or CLI commands without user interaction. Fortinet confirmed observed exploitation and published fixes; administrators should upgrade affected FortiWeb appliances to the patched releases as soon as possible.

🛡️ Fortinet and Crime Stoppers International (CSI) have launched the Cybercrime Bounty program, a global initiative enabling secure, anonymous reporting of cybercriminal activity. Validated reports will feed Fortinet’s threat intelligence to support law enforcement investigations and potential prosecutions. The program scales deterrence by combining community-sourced tips with expert analysis, building on decades of Fortinet collaboration with INTERPOL and other public-private partners.

🔒 Fortinet's FortiWeb appliances are affected by a critical vulnerability tracked as CVE-2025-64446 that researchers say was exploited in the wild before an official advisory. The issue chains a relative path traversal to an internal CGI backend with an HTTP_CGIINFO header authentication bypass that allows unauthenticated admin impersonation and potential remote code execution. Fortinet released fixes in multiple 7.x and 8.x maintenance updates and recommends disabling HTTP/HTTPS on internet-facing management interfaces if upgrades cannot be applied immediately.

⚠️ CISA has added CVE-2025-58034, a Fortinet FortiWeb OS command code injection vulnerability, to its Known Exploited Vulnerabilities (KEV) Catalog after evidence of active exploitation. The agency recommends a reduced remediation timeframe of one week due to recent and ongoing exploitation and points to BOD 23-02 for steps to limit exposure from internet-accessible management interfaces. Although BOD 22-01 applies to Federal Civilian Executive Branch agencies, CISA strongly urges all organizations to prioritize timely remediation and vulnerability management for KEV entries.

🔒 This week's recap highlights a surge in quiet, high-impact attacks that abused trusted software and platform features to evade detection. Researchers observed active exploitation of Fortinet FortiWeb (CVE-2025-64446) to create administrative accounts, prompting CISA to add it to the KEV list. Law enforcement disrupted major malware infrastructure while supply-chain and AI-assisted campaigns targeted package registries and cloud services. The guidance is clear: scan aggressively, patch rapidly, and assume features can be repurposed as attack vectors.

🚨 Fortinet confirmed a silent patch for a critical FortiWeb GUI path confusion zero-day (tracked as CVE-2025-64446) that is being "massively exploited in the wild." The flaw allowed unauthenticated HTTP(S) requests to execute administrative commands and create local admin accounts on internet-exposed devices. Fortinet released fixes in FortiWeb 8.0.2 (Oct 28) and later; administrators should upgrade, disable internet-facing management interfaces if they cannot update immediately, and audit logs for unauthorized accounts.

🛡️ Fortinet partnered with BCIT, Cyber Catalyst, and Tech Vets Canada to deliver a one-week Industrial Control Systems cybersecurity microcredential intensive for Canadian veterans, providing hands-on labs and practical workshops. Through exercises in network segmentation, access control, and threat detection, participants translated military skills—leadership, discipline, resilience—into cybersecurity capabilities protecting critical infrastructure. The program paired technical training with mentorship, career transition support, and pathways to internships and certification, reflecting Fortinet’s commitment to building a more diverse, skilled cyber workforce.

⚠️ Fortinet has released an advisory for FortiWeb addressing CVE-2025-64446, a CWE-23 relative path traversal that can allow unauthenticated actors to execute administrative commands via crafted HTTP/HTTPS requests. Affected releases include multiple 7.x and 8.x versions; Fortinet provides specific upgrade targets (8.0.2+, 7.6.5+, 7.4.10+, 7.2.12+, 7.0.12+). If immediate upgrades are not possible, disable HTTP/HTTPS on internet-facing interfaces and, after remediation, review configurations and logs for unexpected modifications or unauthorized administrator accounts.

🔒 CISA has added CVE-2025-64446 — a Fortinet FortiWeb path traversal vulnerability — to its Known Exploited Vulnerabilities (KEV) Catalog after evidence of active exploitation. Under BOD 22-01, Federal Civilian Executive Branch agencies must remediate cataloged CVEs by the required due date. CISA strongly urges all organizations to prioritize timely patching, apply available mitigations, and monitor for indicators of compromise. CISA will continue to add vulnerabilities that meet catalog criteria.

🚨 Researchers report an authentication bypass in Fortinet FortiWeb that is being actively exploited in the wild, allowing attackers to create privileged administrator accounts and fully compromise devices. watchTowr reproduced the issue, released a proof-of-concept and an artifact generator to help identify vulnerable appliances. The flaw is patched in FortiWeb 8.0.2, but Fortinet has not published a PSIRT advisory or assigned a CVE, and Rapid7 urges emergency patching for older versions.