Tag: fortinet
-
NCSC Uncovers >>UMBRELLA STAND<< Malware: Stealthy Backdoor Targets Fortinet FortiGate Firewalls
The post NCSC Uncovers >>UMBRELLA STAND
-
Silver Fox APT Targets Taiwan with Complex Gh0stCringe and HoldingHands RAT Malware
Cybersecurity researchers are warning of a new phishing campaign that’s targeting users in Taiwan with malware families such as HoldingHands RAT and Gh0stCringe.The activity is part of a broader campaign that delivered the Winos 4.0 malware framework earlier this January by sending phishing messages impersonating Taiwan’s National Taxation Bureau, Fortinet FortiGuard Labs said in a…
-
Silver Fox APT Targets Taiwan with Complex Gh0stCringe and HoldingHands RAT Malware
Cybersecurity researchers are warning of a new phishing campaign that’s targeting users in Taiwan with malware families such as HoldingHands RAT and Gh0stCringe.The activity is part of a broader campaign that delivered the Winos 4.0 malware framework earlier this January by sending phishing messages impersonating Taiwan’s National Taxation Bureau, Fortinet FortiGuard Labs said in a…
-
Over a dozen Fortinet vulnerabilities fixed
First seen on scworld.com Jump to article: www.scworld.com/brief/over-a-dozen-fortinet-vulnerabilities-fixed
-
The critical role that partnerships play in shrinking the cyber skills gap
Building the cyber talent pipeline through partnerships: a real-world example: Fortinet’s work in Morocco offers an example of how uniquely crafted partnerships can help develop cyber-talent pipelines, particularly in under-resourced regions. Through the “Code 212” initiative, Fortinet works with two ministries and 12 Moroccan universities, integrating hands-on cybersecurity training for students across many disciplines. We…
-
Russia-linked PathWiper malware hits Ukrainian infrastructure
Tags: apt, attack, backup, cisco, ciso, compliance, control, cyber, detection, endpoint, finance, fortinet, infrastructure, insurance, intelligence, malware, network, PurpleTeam, resilience, risk, russia, tactics, threat, tool, ukraine, vulnerability, zero-trustEchoes of past attacks: While PathWiper shares tactical similarities with HermeticWiper, its enhanced capabilities reveal a clear evolution in wiper malware sophistication. The new variant employs advanced techniques, such as querying registry keys to locate network drives and dismounting volumes to bypass protections, a stark contrast to HermeticWiper’s simpler approach of sequentially targeting drives numbered…
-
New Qilin ransomware attacks involve Fortinet exploits
First seen on scworld.com Jump to article: www.scworld.com/brief/new-qilin-ransomware-attacks-involve-fortinet-exploits
-
Attackers exploit Fortinet flaws to deploy Qilin ransomware
Tags: cve, exploit, flaw, fortinet, group, intelligence, ransomware, remote-code-execution, threat, vulnerabilityQilin ransomware now exploits Fortinet vulnerabilities to achieve remote code execution on impacted devices. Threat intelligence firm PRODAFT warned that Qilin ransomware (aka Phantom Mantis) group targeted multiple organizations between May and June 2025 by exploiting multiple FortiGate vulnerabilities, including CVE-2024-21762, and CVE-2024-55591. >>Phantom Mantis recently launched a coordinated intrusion campaign targeting multiple organizations between…
-
Critical Fortinet flaws now exploited in Qilin ransomware attacks
The Qilin ransomware operation has recently joined attacks exploiting two Fortinet vulnerabilities that allow bypassing authentication on vulnerable devices and executing malicious code remotely. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/critical-fortinet-flaws-now-exploited-in-qilin-ransomware-attacks/
-
ViperSoftX Malware Used by Threat Actors to Steal Sensitive Information
The AhnLab Security Intelligence Center (ASEC) has recently issued a detailed report confirming the persistent distribution of ViperSoftX malware by threat actors, with notable impact on users in South Korea and beyond. First identified by Fortinet in 2020, ViperSoftX is a sophisticated PowerShell-based malware designed to infiltrate infected systems, execute remote commands, and steal sensitive…
-
New infosec products of the week: June 6, 2025
Here’s a look at the most interesting products from the past week, featuring releases from Akamai, AttackIQ, Barracuda Networks, Bitdefender, Fortinet, Malwarebytes, and … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/06/06/new-infosec-products-of-the-week-june-6-2025/
-
Patch verfügbar – Forscher veröffentlichten PoC für kritische Fortinet-Sicherheitslücke
First seen on security-insider.de Jump to article: www.security-insider.de/kritische-sicherheitsluecke-cve-2025-32756-in-fortinet-produkte-a-4e72f4f36713b503cf4e0799e70e4380/
-
Fortinet Veteran Landon Scott Takes Over As Channel Chief
Fortinet veteran Landon Scott will head up the company’s U.S. channel sales organization following the departure of Ken McCray from the channel chief role, the cybersecurity vendor tells CRN. First seen on crn.com Jump to article: www.crn.com/news/security/2025/fortinet-veteran-landon-scott-takes-over-as-channel-chief
-
New Malware Spotted Corrupts Its Own Headers to Block Analysis
Fortinet spots new malware that corrupts its own headers to block forensic analysis, hide behavior, and communicate with its C2 server. First seen on hackread.com Jump to article: hackread.com/new-malware-corrupts-its-headers-block-analysis/
-
Malware Analysis Reveals Sophisticated RAT With Corrupted Headers
Fortinet has identified a new Windows RAT operating stealthily on compromised systems with advanced evasion techniques First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/rat-corrupted-headers/
-
Researchers Drop PoC for Fortinet CVE-2025-32756, Urging Quick Patching
Researchers have released PoC for CVE-2025-32756, a severe security flaw, that is actively being exploited in Fortinet products… First seen on hackread.com Jump to article: hackread.com/researchers-poc-fortinet-cve-2025-32756-quick-patch/
-
Critical infrastructure under attack: Flaws becoming weapon of choice
Tags: access, attack, authentication, breach, china, citrix, communications, control, cve, cyber, cybersecurity, dark-web, data-breach, defense, exploit, flaw, fortinet, government, group, hacker, healthcare, ibm, identity, incident, infrastructure, intelligence, iran, kev, login, mfa, monitoring, moveIT, network, ransomware, risk, service, software, strategy, supply-chain, threat, update, vpn, vulnerability, zero-dayTrade in exploit code: IBM’s X-Force found four of the 10 most mentioned common vulnerabilities and exposures (CVEs) on the dark web were linked to sophisticated threat actor groups, including nation-state intelligence agencies.”Exploit codes for these CVEs were openly traded on numerous forums, fueling a growing market for attacks against power grids, health networks, and…
-
Fortinet Zero-Day Under Attack: PoC Now Publicly Available
Tags: advisory, api, attack, cve, cyber, flaw, fortinet, remote-code-execution, vulnerability, zero-dayFortiGuard Labs released an urgent advisory detailing a critical vulnerability, CVE-2025-32756, affecting several Fortinet products, including FortiCamera, FortiMail, FortiNDR, FortiRecorder, and FortiVoice. The vulnerability is a stack-based buffer overflow located within the administrative API, specifically in the handling of session cookies. This flaw allows for unauthenticated remote code execution, making it a prime target for…
-
Suridata Buy Adds SaaS Posture Management to Fortinet SASE
Deal Aims to Target Identity and AI Risks, SaaS Blind Spots With Unified Security. By acquiring Suridata, Fortinet plans to introduce SaaS Security Posture Management to its SASE platform. The update provides end-to-end visibility into SaaS apps, identity threats and AI plugin misuse, making SSPM a vital control plane in cloud-first security strategies. First seen…
-
Schwachstelle in Fortinet-Produkten betrifft weltweit potenziell bis zu 2.878 Instanzen
Eine Schwachstelle mit einem besonders hohen CVSS-Wert (Common-Vulnerability-Scoring-System) von 9,8 betrifft mehrere Produkte von Fortinet und ermöglicht es nicht-authentifizierten Angreifern, beliebigen Code oder Befehle auszuführen. Dies geschieht, indem Angreifer HTTP-Anfragen mit speziell gestalteten Hash-Cookies senden. Die stapelbasierte Pufferüberlaufschwachstelle betrifft die Produkte , , , und . Der Hersteller veröffentlichte in der vergangenen Woche einen […]…
-
Data-stealing Chrome extensions impersonate Fortinet, YouTube, VPNs
A Google Chrome Web Store campaign uses over 100 malicious browser extensions that mimic legitimate tools, such as VPNs, AI assistants, and crypto utilities, to steal browser cookies and execute remote scripts secretly. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/data-stealing-chrome-extensions-impersonate-fortinet-youtube-vpns/
-
CISA Alerts on Active Exploitation of Zero-Day Vulnerability in Multiple Fortinet Products
Tags: cisa, communications, cve, cyber, cybersecurity, detection, email, exploit, fortinet, infrastructure, network, vulnerability, zero-dayThe U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued an urgent warning regarding five zero-day vulnerabilities affecting multiple Fortinet products, after evidence emerged of active exploitation in the wild. The vulnerabilities, tracked as CVE-2025-32756, impact Fortinet’s FortiVoice, FortiMail, FortiNDR, FortiRecorder, and FortiCamera platforms, widely used in enterprise environments for unified communications, email, network detection,…
-
Stealth RAT uses a PowerShell loader for fileless attacks
Threat actors have been spotted using a PowerShell-based shellcode loader to stealthily deploy Remcos RAT, a popular espionage-ready tool in line with a broader shift toward fileless techniques.As discovered by Qualys, the campaign executes a number of steps to phish an obfuscated .HTA (HTML Application) file that runs layered PowerShell scripts entirely in memory.”The attackers…
-
New Fortinet and Ivanti Zero Days Exploited in the Wild
Fortinet and Ivanti published advisories on the same day revealing that attackers are exploiting new zero days, one of which is rated critical First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/fortinet-ivanti-zero-days/
-
Fortinet fixed actively exploited FortiVoice zero-day
Fortinet fixed a critical remote code execution zero-day vulnerability actively exploited in attacks targeting FortiVoice enterprise phone systems. Fortinet released security updates to address a critical remote code execution zero-day, tracked as CVE-2025-32756, that was exploited in attacks targeting FortiVoice enterprise phone systems. The vulnerability is a stack-based overflow issue that impacts in FortiVoice, FortiMail, FortiNDR,…
-
Fortinet Patches CVE-2025-32756 Zero-Day RCE Flaw Exploited in FortiVoice Systems
Fortinet has patched a critical security flaw that it said has been exploited as a zero-day in attacks targeting FortiVoice enterprise phone systems.The vulnerability, tracked as CVE-2025-32756, carries a CVSS score of 9.6 out of 10.0.”A stack-based overflow vulnerability [CWE-121] in FortiVoice, FortiMail, FortiNDR, FortiRecorder, and FortiCamera may allow a remote unauthenticated attacker to First…
-
Zero-day exploited to compromise Fortinet FortiVoice systems (CVE-2025-32756)
Fortinet has patched a critical vulnerability (CVE-2025-32756) that has been exploited in the wild to compromise FortiVoice phone / conferencing systems, the company’s … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/05/13/zero-day-exploited-to-compromise-fortinet-fortivoice-systems-cve-2025-32756/
-
Fortinet FortiVoice Zero-day Vulnerability Actively Exploited in The Wild
A critical stack-based buffer overflow vulnerability (CWE-121) has been discovered in multiple Fortinet products, including FortiVoice, FortiMail, FortiNDR, FortiRecorder, and FortiCamera. A critical zero-day vulnerability in FortiVoice systems is being actively exploited in the wild. It allows unauthenticated attackers to execute arbitrary code or commands remotely through specially crafted HTTP requests, which poses a significant…
-
Fortinet fixes critical zero-day exploited in FortiVoice attacks
Fortinet released security updates to patch a critical remote code execution vulnerability exploited as a zero-day in attacks targeting FortiVoice enterprise phone systems. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fortinet-fixes-critical-zero-day-exploited-in-fortivoice-attacks/
-
China-Nexus Nation State Actors Exploit SAP NetWeaver (CVE-2025-31324) to Target Critical Infrastructures
Tags: access, api, apt, attack, authentication, backdoor, backup, breach, business, china, cloud, control, cve, cyber, data, data-breach, detection, dns, encryption, endpoint, espionage, exploit, finance, firewall, fortinet, google, government, group, infection, infrastructure, intelligence, Internet, ivanti, linux, malicious, malware, mandiant, military, network, open-source, programming, rat, remote-code-execution, reverse-engineering, risk, rust, sap, service, strategy, tactics, threat, tool, update, vmware, vpn, vulnerability, windows, zero-dayExecutive Summary EclecticIQ analysts assess with high confidence that, in April 2025, China-nexus nation-state APTs (advanced persistent threat) launched high-temp exploitation campaigns against critical infrastructure networks by targeting SAP NetWeaver Visual Composer. Actors leveraged CVE-2025-31324 [1], an unauthenticated file upload vulnerability that enables remote code execution (RCE). This assessment is based on a publicly…