Tag: fortinet
-
Critical infrastructure under attack: Flaws becoming weapon of choice
Tags: access, attack, authentication, breach, china, citrix, communications, control, cve, cyber, cybersecurity, dark-web, data-breach, defense, exploit, flaw, fortinet, government, group, hacker, healthcare, ibm, identity, incident, infrastructure, intelligence, iran, kev, login, mfa, monitoring, moveIT, network, ransomware, risk, service, software, strategy, supply-chain, threat, update, vpn, vulnerability, zero-dayTrade in exploit code: IBM’s X-Force found four of the 10 most mentioned common vulnerabilities and exposures (CVEs) on the dark web were linked to sophisticated threat actor groups, including nation-state intelligence agencies.”Exploit codes for these CVEs were openly traded on numerous forums, fueling a growing market for attacks against power grids, health networks, and…
-
Suridata Buy Adds SaaS Posture Management to Fortinet SASE
Deal Aims to Target Identity and AI Risks, SaaS Blind Spots With Unified Security. By acquiring Suridata, Fortinet plans to introduce SaaS Security Posture Management to its SASE platform. The update provides end-to-end visibility into SaaS apps, identity threats and AI plugin misuse, making SSPM a vital control plane in cloud-first security strategies. First seen…
-
Schwachstelle in Fortinet-Produkten betrifft weltweit potenziell bis zu 2.878 Instanzen
Eine Schwachstelle mit einem besonders hohen CVSS-Wert (Common-Vulnerability-Scoring-System) von 9,8 betrifft mehrere Produkte von Fortinet und ermöglicht es nicht-authentifizierten Angreifern, beliebigen Code oder Befehle auszuführen. Dies geschieht, indem Angreifer HTTP-Anfragen mit speziell gestalteten Hash-Cookies senden. Die stapelbasierte Pufferüberlaufschwachstelle betrifft die Produkte , , , und . Der Hersteller veröffentlichte in der vergangenen Woche einen […]…
-
Data-stealing Chrome extensions impersonate Fortinet, YouTube, VPNs
A Google Chrome Web Store campaign uses over 100 malicious browser extensions that mimic legitimate tools, such as VPNs, AI assistants, and crypto utilities, to steal browser cookies and execute remote scripts secretly. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/data-stealing-chrome-extensions-impersonate-fortinet-youtube-vpns/
-
CISA Alerts on Active Exploitation of Zero-Day Vulnerability in Multiple Fortinet Products
Tags: cisa, communications, cve, cyber, cybersecurity, detection, email, exploit, fortinet, infrastructure, network, vulnerability, zero-dayThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding five zero-day vulnerabilities affecting multiple Fortinet products, after evidence emerged of active exploitation in the wild. The vulnerabilities, tracked as CVE-2025-32756, impact Fortinet’s FortiVoice, FortiMail, FortiNDR, FortiRecorder, and FortiCamera platforms, widely used in enterprise environments for unified communications, email, network detection,…
-
Stealth RAT uses a PowerShell loader for fileless attacks
Threat actors have been spotted using a PowerShell-based shellcode loader to stealthily deploy Remcos RAT, a popular espionage-ready tool in line with a broader shift toward fileless techniques.As discovered by Qualys, the campaign executes a number of steps to phish an obfuscated .HTA (HTML Application) file that runs layered PowerShell scripts entirely in memory.”The attackers…
-
New Fortinet and Ivanti Zero Days Exploited in the Wild
Fortinet and Ivanti published advisories on the same day revealing that attackers are exploiting new zero days, one of which is rated critical First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/fortinet-ivanti-zero-days/
-
Fortinet fixed actively exploited FortiVoice zero-day
Fortinet fixed a critical remote code execution zero-day vulnerability actively exploited in attacks targeting FortiVoice enterprise phone systems. Fortinet released security updates to address a critical remote code execution zero-day, tracked as CVE-2025-32756, that was exploited in attacks targeting FortiVoice enterprise phone systems. The vulnerability is a stack-based overflow issue that impacts in FortiVoice, FortiMail, FortiNDR,…
-
Fortinet Patches CVE-2025-32756 Zero-Day RCE Flaw Exploited in FortiVoice Systems
Fortinet has patched a critical security flaw that it said has been exploited as a zero-day in attacks targeting FortiVoice enterprise phone systems.The vulnerability, tracked as CVE-2025-32756, carries a CVSS score of 9.6 out of 10.0.”A stack-based overflow vulnerability [CWE-121] in FortiVoice, FortiMail, FortiNDR, FortiRecorder, and FortiCamera may allow a remote unauthenticated attacker to First…
-
Zero-day exploited to compromise Fortinet FortiVoice systems (CVE-2025-32756)
Fortinet has patched a critical vulnerability (CVE-2025-32756) that has been exploited in the wild to compromise FortiVoice phone / conferencing systems, the company’s … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/05/13/zero-day-exploited-to-compromise-fortinet-fortivoice-systems-cve-2025-32756/
-
Fortinet fixes critical zero-day exploited in FortiVoice attacks
Fortinet released security updates to patch a critical remote code execution vulnerability exploited as a zero-day in attacks targeting FortiVoice enterprise phone systems. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fortinet-fixes-critical-zero-day-exploited-in-fortivoice-attacks/
-
Fortinet FortiVoice Zero-day Vulnerability Actively Exploited in The Wild
A critical stack-based buffer overflow vulnerability (CWE-121) has been discovered in multiple Fortinet products, including FortiVoice, FortiMail, FortiNDR, FortiRecorder, and FortiCamera. A critical zero-day vulnerability in FortiVoice systems is being actively exploited in the wild. It allows unauthenticated attackers to execute arbitrary code or commands remotely through specially crafted HTTP requests, which poses a significant…
-
China-Nexus Nation State Actors Exploit SAP NetWeaver (CVE-2025-31324) to Target Critical Infrastructures
Tags: access, api, apt, attack, authentication, backdoor, backup, breach, business, china, cloud, control, cve, cyber, data, data-breach, detection, dns, encryption, endpoint, espionage, exploit, finance, firewall, fortinet, google, government, group, infection, infrastructure, intelligence, Internet, ivanti, linux, malicious, malware, mandiant, military, network, open-source, programming, rat, remote-code-execution, reverse-engineering, risk, rust, sap, service, strategy, tactics, threat, tool, update, vmware, vpn, vulnerability, windows, zero-dayExecutive Summary EclecticIQ analysts assess with high confidence that, in April 2025, China-nexus nation-state APTs (advanced persistent threat) launched high-temp exploitation campaigns against critical infrastructure networks by targeting SAP NetWeaver Visual Composer. Actors leveraged CVE-2025-31324 [1], an unauthenticated file upload vulnerability that enables remote code execution (RCE). This assessment is based on a publicly…
-
Fortinet Stock Price Sinks Despite ‘Momentum’ For Firewall Refresh
Fortinet executives said during the company’s quarterly call Wednesday that geopolitical uncertainties have not weakened demand. First seen on crn.com Jump to article: www.crn.com/news/security/2025/fortinet-stock-price-sinks-despite-momentum-for-firewall-refresh
-
Iranian Hackers Breach Middle East Infrastructure
Tags: breach, credentials, cyberespionage, fortinet, group, hacker, infrastructure, iran, middle-east, network, technology, theft, threatFortinet Uncovers Long-Term Cyberespionage in Region. An Iranian state-sponsored threat group conducted a years-long cyberespionage campaign targeting a Middle East critical infrastructure provider, with its operational technology network a key target. The attackers focused reconnaissance activity and credential theft on the OT network. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/iranian-hackers-breach-middle-east-infrastructure-a-28284
-
Top cybersecurity products showcased at RSA 2025
Tags: access, ai, attack, automation, awareness, breach, cisco, compliance, control, crowdstrike, cyber, cybersecurity, data, defense, detection, edr, email, firewall, fortinet, framework, identity, incident response, infrastructure, injection, intelligence, login, malicious, open-source, phishing, risk, siem, soc, threat, tool, training, update, vulnerability, zero-trustCisco: Foundational AI Security Model: Cisco introduced its Foundation AI Security Model, an open-source framework designed to standardize safety protocols across AI models and applications. This initiative aims to address the growing concerns around AI security and ensure Safer AI deployments. Cisco also unveiled new agentic AI features in its XDR and Splunk platforms, along…
-
SC Award Winners 2025 Fortinet Best Cloud Workload Protection Solution
First seen on scworld.com Jump to article: www.scworld.com/news/sc-award-winners-2025-fortinet-best-cloud-workload-protection-solution
-
KeyPlug Malware Server Leak Exposes Fortinet Firewall and VPN Exploitation Tools
Cybersecurity researchers have stumbled upon a treasure trove of operational tools and scripts linked to the KeyPlug malware, associated with the threat group RedGolf, also known as APT41. The server, which was inadvertently exposed for less than 24 hours, provided an unprecedented glimpse into the sophisticated tactics, techniques, and procedures (TTPs) employed by this advanced…
-
Over 17,000 Fortinet Devices Hacked Using Symbolic Link Exploit
According to cybersecurity nonprofit Shadowserver, a major cyberattack has compromised more than 17,000 Fortinet devices globally, exploiting a sophisticated symbolic link persistence technique. The incident marks a rapid escalation from early reports, which initially identified approximately 14,000 affected devices just days ago. Security experts believe the number may continue to rise as investigations progress, as…
-
Toll of symlink backdoor-compromised Fortinet devices increases
First seen on scworld.com Jump to article: www.scworld.com/brief/toll-of-symlink-backdoor-compromised-fortinet-devices-increases
-
Your Network Is Showing Time to Go Stealth
Tags: access, ai, attack, authentication, backdoor, breach, china, cisco, cloud, computer, control, credentials, cyberattack, cybersecurity, data, data-breach, defense, detection, encryption, endpoint, exploit, firewall, firmware, fortinet, group, Hardware, infrastructure, mfa, network, software, theft, threat, tool, update, vpn, vulnerability, zero-day -
Over 16,000 Fortinet devices compromised with symlink backdoor
Over 16,000 internet-exposed Fortinet devices have been detected as compromised with a new symlink backdoor that allows read-only access to sensitive files on previously compromised devices. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/over-16-000-fortinet-devices-compromised-with-symlink-backdoor/
-
Hacker bleiben auch nach Patches im System Weiteres Update erforderlich
Hacker haben eine Möglichkeit gefunden, auch nach der Installation von Sicherheitsupdates in den Systemen von FortiGate-Geräten zu verbleiben. Diesen Zugriff soll ein neues Update nun beenden. First seen on 8com.de Jump to article: www.8com.de/cyber-security-blog/fortinet-hacker-bleiben-auch-nach-patches-im-system—weiteres-update-erforderlich
-
Fortinet FortiGate fixes circumvented by symlink exploit
First seen on scworld.com Jump to article: www.scworld.com/brief/fortinet-fortigate-fixes-circumvented-by-symlink-exploit
-
Fortinet Zero-Day Bug May Lead to Arbitrary Code Execution
A threat actor posted about the zero-day exploit on the same day that Fortinet published a warning about known vulnerabilities under active exploitation. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/fortinet-zero-day-arbitrary-code-execution
-
Over 14K Fortinet devices compromised via new attack method
Fortinet last week warned that a threat actor was using a novel post-exploitation trick to maintain access to devices after they were patched. First seen on cybersecuritydive.com Jump to article: www.cybersecuritydive.com/news/14k-fortinet-devices-compromised-new-attack-method/745259/
-
Attackers Maintaining Access to Fully Patched Fortinet Gear
Symbolic Links Planted by Attackers Survived Patching, Provide Read-Only Access. Attackers have been using a new type of post-exploitation technique to maintain remote access to hacked Fortinet FortiGuard devices – even if they had the latest patches – by dropping symbolic links in the device’s filesystem designed to survive the patching process, the vendor has…
-
Threat Actor Allegedly Selling Fortinet Firewall Zero-Day Exploit
A threat actor claims to offer a zero-day exploit for an unauthenticated remote code execution vulnerability in Fortinet firewalls. The post Threat Actor Allegedly Selling Fortinet Firewall Zero-Day Exploit appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/threat-actor-allegedly-selling-fortinet-firewall-zero-day-exploit/