FortiOS

Fortinet starts patching exploited FortiCloud SSO zero-day (CVE-2026-24858)

0-day, Don't miss, firewall, Fortinet, FortiOS, Hot stuff, News, SSO, vulnerability /

Fortinet starts patching exploited FortiCloud SSO zero-day (CVE-2026-24858) 2026-01-28 at 02:21 By Zeljka Zorz Fortinet has begun releasing FortiOS versions that fix CVE-2026-24858, a critical zero-day vulnerability that allowed attackers to log into targeted organizations’ FortiGate firewalls. “This vulnerability was found being exploited in the wild by two malicious FortiCloud accounts, which were locked out […]

Fortinet starts patching exploited FortiCloud SSO zero-day (CVE-2026-24858) Read More »

Fully patched FortiGate firewalls are getting compromised via CVE-2025-59718?

Arctic Wolf Networks, Don't miss, firewall, Fortinet, FortiOS, Hot stuff, Huntress, News, privileged accounts, SSO, vulnerability /

Fully patched FortiGate firewalls are getting compromised via CVE-2025-59718? 2026-01-21 at 22:22 By Zeljka Zorz CVE-2025-59718, a critical authentication bypass flaw that attackers exploited in December 2025 to compromise FortiGate appliances, appears to persist in newer, purportedly fixed releases of the underlying FortiOS. According to Fortinet, CVE-2025-59718 had been fixed in FortiOS versions 7.6.4 or

Fully patched FortiGate firewalls are getting compromised via CVE-2025-59718? Read More »

Threat Actor Allegedly Selling Fortinet Firewall Zero-Day Exploit

CVE-2022-42475, CVE-2023-27997, CVE-2024-21762, Fortinet, FortiOS, Malware & Threats, ThreatMon, Vulnerabilities /

Threat Actor Allegedly Selling Fortinet Firewall Zero-Day Exploit 2025-04-14 at 16:49 By Ionut Arghire A threat actor claims to offer a zero-day exploit for an unauthenticated remote code execution vulnerability in Fortinet firewalls. The post Threat Actor Allegedly Selling Fortinet Firewall Zero-Day Exploit appeared first on SecurityWeek. This article is an excerpt from SecurityWeek View

Threat Actor Allegedly Selling Fortinet Firewall Zero-Day Exploit Read More »

Hackers exploit old FortiGate vulnerabilities, use symlink trick to retain limited access to patched devices

BSI, Don't miss, Fortinet, FortiOS, Hot stuff, News, vulnerability /

Hackers exploit old FortiGate vulnerabilities, use symlink trick to retain limited access to patched devices 2025-04-11 at 21:05 By Zeljka Zorz A threat actor that has been using known old FortiOS vulnerabilities to breach FortiGate devices for years has also been leveraging a clever trick to maintain undetected read-only access to them after the original

Hackers exploit old FortiGate vulnerabilities, use symlink trick to retain limited access to patched devices Read More »

87,000+ Fortinet devices still open to attack, are yours among them? (CVE-2024-23113)

CVE, Don't miss, enterprise, Fortinet, FortiOS, Hot stuff, News, Shadowserver, vulnerability, WatchTowr /

87,000+ Fortinet devices still open to attack, are yours among them? (CVE-2024-23113) 2024-10-15 at 14:49 By Zeljka Zorz Last week, CISA added CVE-2024-23113 – a critical vulnerability that allows unauthenticated remote code/command execution on unpatched Fortinet FortiGate firewalls – to its Known Exploited Vulnerabilities catalog, thus confirming that it’s being leveraged by attackers in the

87,000+ Fortinet devices still open to attack, are yours among them? (CVE-2024-23113) Read More »

Fortinet patches pre-auth RCE, update your Fortigate firewalls ASAP! (CVE-2023-27997)

Don't miss, Fortinet, FortiOS, Hot stuff, Lexfo, News, Olympe Cyberdefense, security update, vulnerability /

Fortinet patches pre-auth RCE, update your Fortigate firewalls ASAP! (CVE-2023-27997) 11/06/2023 at 22:06 By Zeljka Zorz Fortinet has released several versions of FortiOS, the OS/firmware powering its Fortigate firewalls and other devices, without mentioning that they include a fix for CVE-2023-27997, a remote code execution (RCE) flaw that does not require the attacker to be

Fortinet patches pre-auth RCE, update your Fortigate firewalls ASAP! (CVE-2023-27997) Read More »

Scroll to Top