Articles tagged "Fortinet"

Found 43 articles

Fortinet, Ivanti, and ServiceNow have all issued important patches for various vulnerabilities in their products. A notable issue was found in the ServiceNow AI platform, where a critical security flaw could allow remote attackers to execute arbitrary code. This vulnerability poses a significant risk to users, as it could enable unauthorized access and control over affected systems. Organizations using the ServiceNow platform should act quickly to apply the available updates to protect against potential exploitation. The situation serves as a reminder for companies to regularly update their software to mitigate risks from such vulnerabilities.

Read Original
Actively Exploited

The FortiBleed credential theft campaign has been tied to the operations of the INC group and Lynx ransomware, indicating that attackers are using stolen Fortinet credentials for future network attacks. This campaign has raised concerns among organizations that rely on Fortinet products, as it could lead to further intrusions into their networks. The stolen credentials can enable cybercriminals to bypass security measures, making it easier for them to deploy ransomware or steal sensitive data. Companies must be vigilant and review their security practices to mitigate the risk posed by these ongoing attacks. This incident serves as a reminder of the importance of securing credentials and monitoring for suspicious activity.

Read Original

In a recent discussion, cybersecurity expert Sandy Bird addressed the challenges of maintaining cloud visibility and the risks associated with vulnerabilities like FortiBleed. This specific flaw affects Fortinet's FortiOS and FortiProxy, which are widely used in enterprise environments. If exploited, it can allow attackers to gain unauthorized access to sensitive data. The conversation also touched on how many security incidents occur due to simple oversights, emphasizing the need for better monitoring and security practices. As more organizations move their operations to the cloud, understanding these vulnerabilities is crucial for safeguarding against potential breaches.

Read Original
Actively Exploited

A Russian initial access broker has been linked to the FortiBleed campaign, employing a custom sniffer to capture more than 110 million user credentials since at least February 2026. This campaign raises significant concerns as it highlights the scale at which attackers are operating and the potential dangers to various organizations that may be compromised by these stolen credentials. The threat actor's methods indicate a sophisticated approach to infiltrating networks, which could lead to further exploitation or data breaches. Organizations need to be vigilant and enhance their security measures to protect against such attacks, particularly as the stolen credentials could be used in various malicious activities. The implications of this breach extend beyond immediate threats, as it underscores the ongoing risk posed by credential theft in the cybersecurity landscape.

Read Original
Actively Exploited

Fortinet has acknowledged a serious credential-harvesting campaign known as FortiBleed, which has resulted in the collection of over 86,000 confirmed working credentials. This campaign poses a significant risk to users and organizations that utilize Fortinet's products, as attackers can exploit these credentials for unauthorized access to sensitive systems. The incident is particularly alarming because it affects a wide range of users, potentially including businesses that rely on Fortinet's security solutions. Companies should take immediate steps to secure their systems and monitor for any suspicious activities, as the implications of this data breach could lead to further attacks or data leaks. This situation underscores the ongoing challenges in cybersecurity and the need for constant vigilance.

Read Original

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning to users of Fortinet devices after a significant data leak exposed around 74,000 firewall and VPN credentials, an incident referred to as 'FortiBleed.' This breach puts numerous organizations at risk as attackers could potentially exploit these exposed credentials to gain unauthorized access to sensitive networks. Fortinet customers are urged to take immediate action to secure their devices and change their passwords. The leak serves as a stark reminder of the importance of maintaining strong security practices, especially for critical infrastructure. Organizations using Fortinet products should prioritize this issue to prevent potential breaches.

Read Original
Actively Exploited

Researchers at Defused have reported that attackers are actively exploiting multiple serious vulnerabilities in Fortinet's FortiSandbox, a platform designed for detecting cyber threats. These flaws could allow unauthorized access to systems that rely on FortiSandbox for security measures, potentially leading to significant breaches. Organizations using FortiSandbox should be particularly vigilant as these vulnerabilities are now being targeted in the wild. It's crucial for affected users to assess their exposure and implement recommended security measures promptly. The situation highlights the ongoing risks associated with cybersecurity tools, where vulnerabilities can be exploited by malicious actors.

Read Original

Fortinet has issued urgent security patches to address two serious vulnerabilities in its FortiSandbox and FortiAuthenticator products. These flaws could allow attackers to execute commands or arbitrary code, posing a significant risk to organizations using these systems. The vulnerabilities affect both security and authentication processes, making them critical to address promptly. Users and administrators are advised to apply the patches immediately to protect their environments from potential exploitation. This situation underscores the need for ongoing vigilance in managing software security and ensuring systems are updated.

Read Original

Federal agencies in the U.S. are facing significant security challenges as they modernize their systems under new fiscal mandates for 2026. Robert Imhof, a federal architect at Fortinet, warns that the merging of cloud services, IT, and operational technology has outpaced existing security measures, which are often disjointed and ineffective. This lack of visibility creates vulnerabilities that could be exploited by cybercriminals. As agencies rush to update their infrastructures, they need to prioritize the integration of their security architectures to protect against potential attacks. This situation affects not only government operations but could also have broader implications for national security and public safety.

Read Original
Mirai Variant Nexcorium Exploits CVE-2024-3721 to Hijack TBK DVRs for DDoS Botnet

The Hacker News

Actively Exploited

Researchers from Fortinet FortiGuard Labs and Palo Alto Networks Unit 42 have identified that attackers are exploiting a command injection vulnerability, CVE-2024-3721, in TBK DVRs and outdated TP-Link Wi-Fi routers. This medium-severity flaw, which has a CVSS score of 6.3, allows malicious actors to hijack these devices to create a botnet for DDoS attacks. The compromised TBK DVRs and EoL TP-Link routers are particularly concerning as they can be easily targeted due to their lack of ongoing support and security updates. This situation poses a significant risk to users, as their devices can be turned into tools for larger-scale cyberattacks without their knowledge. Users of these devices should take immediate action to secure their systems against potential exploitation.

Read Original

Fortinet has addressed serious vulnerabilities in its FortiSandbox product that could allow attackers to bypass authentication and execute arbitrary commands through HTTP requests. These flaws pose a significant risk, as they could lead to unauthorized access and control over affected systems. Users of FortiSandbox should prioritize applying the patches released by Fortinet to protect their environments. The vulnerabilities highlight the ongoing need for vigilance in cybersecurity practices, especially for companies using Fortinet's security solutions. Timely updates and patches are crucial in preventing potential exploitation of these weaknesses.

Read Original

Fortinet has released an emergency patch for a serious authentication bypass vulnerability, identified as CVE-2026-35616. This flaw allows attackers to bypass authentication mechanisms, potentially granting unauthorized access to systems using FortiClient. The vulnerability is part of a troubling trend, as it has been exploited in the wild, meaning that it poses an immediate risk to users. Organizations that rely on Fortinet's products should prioritize applying this patch to protect their networks from potential breaches. This incident underscores the importance of timely updates and vigilance in cybersecurity practices.

Read Original

Fortinet has issued an emergency security update for a serious vulnerability found in its FortiClient Enterprise Management Server (EMS). This flaw is currently being exploited in the wild, posing a significant risk to organizations using the software. Users of FortiClient EMS should prioritize applying the patch released over the weekend to protect their systems from potential attacks. The vulnerability affects the management of client devices, which could allow unauthorized access or control if not addressed promptly. The urgency of this update highlights the ongoing challenges companies face in securing their environments against evolving threats.

Read Original
Actively Exploited

Researchers from Defused have reported ongoing attacks exploiting a serious SQL injection vulnerability in Fortinet's FortiClient EMS, identified as CVE-2026-21643. These intrusions have been active since March 24, raising concerns for organizations using this software. SQL injection vulnerabilities allow attackers to manipulate database queries, potentially leading to unauthorized access and data breaches. Companies utilizing FortiClient EMS are urged to take immediate action to protect their systems and data from these exploits. The situation emphasizes the need for regular security updates and vigilance against emerging threats.

Read Original

A previously reported vulnerability in Fortinet's BIG-IP product, identified as CVE-2025-53521, has been reclassified from a denial-of-service (DoS) flaw to a remote code execution (RCE) vulnerability. This change indicates that the bug poses a much greater risk, allowing attackers to potentially execute arbitrary code on affected systems. Initially disclosed in October, this vulnerability is now known to be actively exploited, increasing the urgency for users to take action. Organizations using Fortinet BIG-IP devices should be especially vigilant, as this issue may compromise the security of their networks. Users are advised to implement necessary patches and monitor for unusual activity to safeguard their systems.

Read Original
Page 1 of 3Next