<ciso brief/>
Tag Banner

All news with #saml weakness tag

all tags →

Thu, December 11, 2025

Fortinet admins urged to patch FortiCloud SSO flaws

#Fortinet #FortiCloud #SAML Weakness #Auth Bypass #Security Advisory #Patch

🔒 Fortinet has released patches for two critical cryptographic signature vulnerabilities, CVE-2025-59718 and CVE-2025-59719, that can allow an unauthenticated attacker to bypass FortiCloud SSO using a crafted SAML message on affected FortiOS, FortiWeb, FortiProxy and FortiSwitchManager devices. Administrators are advised to disable FortiCloud SSO immediately if it is enabled, apply vendor updates to non‑vulnerable versions, and then re-enable SSO only after verifying patches. Fortinet notes the feature is not enabled by factory default but can be activated during FortiCare registration; the company and responders recommend using the System -> Settings toggle or the CLI command sequence to disable login until patched.

read more →

Wed, November 26, 2025

Talos Discloses Multiple Dell, Lasso, GL.iNet Flaws

#Security Advisory #Patch #Dell #GL.iNet #SAML Weakness #Buffer Overflow #Privilege Escalation #Hardcoded Secrets

🔒 Cisco Talos disclosed multiple vulnerabilities across Dell ControlVault, the Entr'ouvert Lasso SAML library, and the GL.iNet Slate AX travel router. Issues range from a hard-coded password and privilege escalation in ControlVault to memory corruption and buffer overflows that can enable arbitrary code execution, a type confusion bug and DoS in Lasso, and an OTA firmware downgrade in GL.iNet. Vendors have issued patches under Cisco’s disclosure policy and Snort rule updates are available to detect exploitation. Administrators should apply vendor updates, verify OTA integrity mechanisms, and deploy IDS signatures promptly.

read more →

Mon, November 10, 2025

5 Reasons Attackers Prefer Phishing via LinkedIn Channels

#Account Takeover #SSO #MFA #Credential Stuffing Wave #Identity Threat Detection #SAML Weakness

🔒 Phishing is moving beyond email to platforms like LinkedIn, where direct messages sidestep traditional email defenses and evade many web-based controls. Attackers exploit account takeovers, weak MFA adoption, and AI-driven outreach to scale targeted campaigns against executives and cloud identity services. Because LinkedIn messages are accessed on corporate devices but outside email channels, organizations often rely on user reporting and URL blocking—measures that are slow and ineffective. Vendor Push Security recommends browser-level protections that analyze page code and behavior in real time to block in-browser phishing and SSO-based compromises.

read more →