All news with #fortisiem tag

⚡ This week’s roundup highlights active exploitation of a critical Fortinet FortiSIEM vulnerability (CVE-2025-64155) that can lead to full appliance compromise, alongside new malware and supply-chain concerns. Researchers also disclosed a clipboard‑hijacking campaign distributed by RedLineCyber and a Reprompt attack that targeted Microsoft Copilot via P2P prompt injection. Other notable items include a cloud-native Linux framework called VoidLink, disruption of the RedVDS criminal service, and an AWS CodeBuild misconfiguration that raised supply‑chain risks. Defenders should prioritize patching high-severity CVEs, harden CI/CD configurations, and treat AI/chatbot integrations and exposed devices as part of the attack surface.

⚠️ Researchers disclosed that a critical Fortinet FortiSIEM vulnerability (CVE-2025-64155) with public proof-of-concept code is being abused in active attacks. Horizon3.ai described the issue as an unauthenticated OS command injection via exposed phMonitor command handlers that enables arbitrary writes and escalation to root, and Fortinet released security updates plus a port-restriction workaround for phMonitor (7900). Administrators should upgrade affected FortiSIEM versions 6.7 through 7.5 to the patched releases and review phMonitor logs for indicators of compromise.

🔓 A critical FortiSIEM vulnerability, tracked as CVE-2025-25256, enables remote unauthenticated attackers to execute arbitrary commands by invoking exposed phMonitor handlers. Horizon3.ai disclosed technical details and published a demonstrative exploit after Fortinet issued patches across supported branches. The flaw combines arbitrary write with privilege escalation to root and affects a range of FortiSIEM releases; Fortinet advises applying the supplied updates or restricting access to the phMonitor port (7900) as a temporary mitigation.

🔒 Fortinet issued patches for a critical FortiSIEM vulnerability (CVE-2025-64155, CVSS 9.4) that permits unauthenticated OS command injection and remote code execution via the phMonitor service on TCP port 7900. The flaw enables argument injection leading to arbitrary file writes as admin and a cron-triggered escalation to root. Affected releases span 6.7–7.4 with fixed builds; 7.5 and FortiSIEM Cloud are not impacted. Apply vendor updates or restrict access to port 7900 as a temporary mitigation.

🛡️ Fortinet announced that FortiSIEM was named a Challenger in the 2025 Gartner Magic Quadrant for SIEM, marking the vendor's eighth consecutive inclusion. FortiSIEM centralizes IT/OT event collection and combines advanced detection analytics, a CMDB, built-in SOAR automation and FortiAI-Assist GenAI to accelerate detection, investigation and response. Fortinet also notes that FortiSIEM 7.4, released in May 2025 after Gartner’s evaluation, adds federated search, expanded dashboards and enhanced analyst guidance to further improve SOC efficiency.

🔒 Fortinet SecOps unifies telemetry across network, endpoints, cloud, and email into a single data lake, reducing blind spots and simplifying investigation. Powered by FortiGuard AI and integrated tools like FortiSIEM, FortiEDR, FortiNDR, and FortiSOAR, it couples behavior-based detection with automated playbook-driven response. The platform emphasizes analyst-centric dashboards, Security Fabric enforcement, and continuous exposure management to lower false positives and accelerate containment.