Fortinet News Articles

CISA Adds Four Known Exploited Vulnerabilities to Catalog | CISA

CISA has added four vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-55591(link is external) Fortinet FortiOS Authorization Bypass...

5 hours ago

New SuperBlack ransomware exploits Fortinet auth bypass flaws

A new ransomware operator named 'Mora_001' is exploiting two Fortinet vulnerabilities to gain unauthorized access to firewall appliances and deploy a custom ransomware strain dubbed SuperBlack.

17 hours ago

Fortinet discloses second authentication bypass vulnerability | Tec...

Fortinet on Tuesday disclosed another authentication bypass vulnerability. Tracked as CVE-2025-24472, it affects versions of FortiOS and FortiProxy.

FortiOS & FortiProx 0-Day Allows Attackers Hijacks Firewall & Gain Super Admin Access

Fortinet has issued an urgent warning about actively exploiting an already patched zero-day authentication bypass vulnerability (CVE-2025-24472) affecting its FortiOS and FortiProxy products.

Fortinet FortiOS & FortiProxy Zero-Day Exploited to Hijack Firewall & Gain Super Admin Access

Cybersecurity firm Fortinet has issued an urgent warning regarding a newly discovered zero-day authentication bypass vulnerability (CVE-2025-24472) affecting its FortiOS and FortiProxy products.

Fortinet warns of new zero-day exploited to hijack firewalls

Fortinet warned today that attackers are exploiting another authentication bypass zero-day bug in FortiOS and FortiProxy to hijack Fortinet firewalls and breach enterprise networks.

Fortinet discloses second firewall auth bypass patched in January

Fortinet warned today that attackers are exploiting another now-patched zero-day bug in FortiOS and FortiProxy to hijack Fortinet firewalls and breach enterprise networks.

Hackers Allegedly Selling Fortinet Vulnerability Exploit on Dark Web Forums

A significant cybersecurity threat has emerged as hackers on a prominent Russian dark web forum claim to be selling an active exploit targeting Fortinet devices.The exploit reportedly leverages a critical vulnerability, CVE-2024-55591, which affects FortiOS versions 7.0.0 through 7.0.16. 

Fortinet Zero-Day Gives Attackers Super-Admin Privileges

The firewall specialist has patched the security flaw, which was responsible for a series of attacks reported earlier this month that compromised FortiOS and FortiProxy products exposed to the public Internet.

Fortinet Authentication Vulnerability Exploited to Gain Super-Admin Access

A critical authentication vulnerability in Fortinet's FortiGate SSL VPN appliance tracked as CVE-2024-55591, has been weaponized in active attacks.

Last Week in Security (LWiS) - 2025-01-27

0-click deanonymization (@hackermondev), Subaru hacks (@samwcyo + @infosec_au), 🍪 sandwitch (@d4d89704243), Entra Connect attacks (@hotnops), Kerberos relaying via HTTP (@croco_byte), and more!

FortiOS Authentication Bypass Vulnerability Exploited to Gain Super-Admin Access

A critical zero-day vulnerability in Fortinet's FortiOS and FortiProxy products tracked as CVE-2024-55591, has been actively exploited in the wild, allowing attackers to gain super-admin privileges.

Get FortiRekt, I Am The Super_Admin Now - Fortinet FortiOS Authentication Bypass CVE-2024-55591

Welcome to Monday, and what an excitingly fresh start to the week we're all having. Grab your coffee, grab your vodka - we're diving into a currently exploited-in-the-wild critical Authentication Bypass affecting foRtinet's (we are returning the misspelling gesture 🥰) flagship SSLVPN appliance, th...

48,000+ internet-facing Fortinet firewalls still open to attack - Help Net Security

Too many Fortinet firewalls vulnerable to attack via CVE-2024-55591 are still accessible from the Internet.

50,000 Fortinet Firewalls Remain Vulnerable to Critical Zero-Day Exploit

As of January 22, 2025, nearly 50,000 Fortinet firewall devices remain exposed to a critical zero-day vulnerability (CVE-2024-55591) despite urgent warnings and available patches. The flaw, which has been actively exploited since November 2024, allows attackers to bypass authentication and gain supe...

50K Fortinet firewalls still vulnerable to latest zero-day

Fortinet customers need to get with the program and apply the latest updates as nearly 50,000 management interfaces are still vulnerable to the latest zero-day exploit. Data from the Shadowserver Foundation...

Week in review: AWS S3 data encrypted without ransomware, data of 15k Fortinet firewalls leaked - Help Net Security

Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Attackers are encrypting AWS S3 data without using

Fortinet Confirms Critical Zero-Day Vulnerability in Firewalls

The security provider published mitigation measures to prevent exploitation

Fortinet zero-day allows hackers to access corporate networks

Fortinet warns of a critical zero-day vulnerability in their firewalls that is being actively exploited to invade corporate networks.

Fortinet Confirms New Zero-Day Exploitation 

Fortinet patches critical vulnerabilities, including a zero-day that has been exploited in the wild since at least November 2024. 

Fortinet fixes FortiOS zero-day exploited by attackers for months (CVE-2024-55591) - Help Net Security

Fortinet has patched a FortiOS authentication bypass vulnerability (CVE-2024-55591) that has been exploited as a zero-day by attackers.

Attackers exploiting critical Fortinet zero-day vulnerability | Te...

Fortinet received reports of exploitation regarding a zero-day vulnerability affecting its firewalls and SSL VPN products.

Fortinet warns of auth bypass zero-day exploited to hijack firewalls

​Attackers are exploiting a new authentication bypass zero-day vulnerability in FortiOS and FortiProxy to hijack Fortinet firewalls and breach enterprise networks.

Fortinet urges immediate action: Critical RCE flaw exposes systems

Fortinet has addressed critical vulnerabilities in its Wireless LAN Manager (FortiWLM) that could lead to unauthenticated remote code execution (RCE) and

Hackers Exploiting Critical Fortinet EMS Vulnerability to Deploy Remote Access Tools

Fortinet EMS flaw (CVE-2023-48788, CVSS 9.3) exploited globally, dropping remote access tools and stealing credentials.

Fortinet Addresses Unpatched Critical RCE Vector

Fortinet has patched CVE-2023-34990 and CVE-2023-48782 in its Wireless LAN Manager (FortiWLM), which combined allow for unauthenticated remote code execution (RCE) and the ability to read all log files.

Fortinet warns of FortiWLM bug giving hackers admin privileges

Fortinet has disclosed a critical vulnerability in Fortinet Wireless Manager (FortiWLM) that allows remote attackers to take over devices by executing unauthorized code or commands through specially crafted web requests.

Hackers Exploiting FortiClient EMS Vulnerability (CVE-2023-48788) in the Wild

Cybersecurity researchers have uncovered active exploitation of a critical vulnerability in Fortinet's FortiClient Enterprise Management Server (EMS), tracked as CVE-2023-48788.

Fortinet warns about Critical flaw in Wireless LAN Manager FortiWLM

Fortinet warns of a patched FortiWLM vulnerability that could allow admin access and sensitive information disclosure.

Fortinet Warns of Critical FortiWLM Flaw That Could Lead to Admin Access Exploits

Fortinet patches critical flaws in FortiWLM and FortiManager. CVE-2023-34990 risks sensitive data, while CVE-2024-48889 enables command injection.

Fortinet Vulnerabilities Let Attackers Execute Arbitrary Code Remotely

Fortinet, a leading cybersecurity solutions provider, has issued urgent advisories regarding two critical vulnerabilities affecting its FortiWLM and FortiManager products.

Fortinet patches FortiClientLinux critical RCE vulnerability

The vulnerability is due to a “dangerous nodejs configuration” and has a CVSS score of 9.4.

FortiClient EMS exploited: Inside the attack chain and post-exploitation tactics | Darktrace Blog

Soon after CVE-2023-48788 was publicly disclosed in late March 2024, Darktrace began to see compromises in FortiClient EMS devices on customer networks. Read on to find out more about what our Threat Research team uncovered.

Fortinet Edge Devices Under Attack - Again

Hackers may have circumvented a months-old patch for Fortinet gateway devices leading to a warning from the U.S. federal government over its active exploitation.

Spot the Difference: Earth Kasha's New LODEINFO Campaign And The Correlation Analysis With The APT10 Umbrella

LODEINFO is a malware used in attacks targeting mainly Japan since 2019. Trend Micro has been tracking the group as Earth Kasha. We have identified a new campaign connected to this group with significant updates to their strategy, tactics, and arsenals.

Post Exploitation Activities on Fortinet Devices: A Network-Based Analysis | Darktrace Blog

This blog explores recent findings from Darktrace's Threat Research team on active exploitation campaigns targeting Fortinet appliances. This analysis focuses on the September 2024 exploitation of FortiManager via CVE-2024-47575, alongside related malicious activity observed in June 2024.

Hop-Skip-FortiJump-FortiJump-Higher - Fortinet FortiManager CVE-2024-47575

It’s been a tricky time for Fortinet (and their customers) lately - arguably, even more so than usual. Adding to the steady flow of vulnerabilities in appliances recently was a nasty CVSS 9.8 vulnerability in FortiManager, their tool for central management of FortiGate appliances. As always, the op...

FortiManager May Still Be Vulnerable Despite FortiJump Patch

The FortiJump vulnerability in Fortinet FortiManager may not have been completely fixed by last month's patch. Users are urged to apply mitigations.

1 Million Vulnerable Fortinet, SonicWall Devices Exposed

1 million Fortinet and SonicWall devices with actively exploited vulnerabilities are exposed on the internet, and WordPress and IoT devices face cyberattacks.

UNC5820 Exploits FortiManager Zero-Day Vulnerability (CVE-2024-47575)

Fortinet and Mandiant investigate the mass exploitation of FortiManager devices via CVE-2024-47575, impacting 50+ systems across industries.

FortiManager Devices Mass Compromise Exploiting CVE-2024-47575 Vulnerability

Shadowserver has issued a critical warning about the widespread exploitation of Fortinet FortiManager devices using the recently disclosed CVE-2024-47575 vulnerability.

Critical Bug Exploited in Fortinet's Management Console

An attacker compromised one of Fortinet's most sensitive products and mopped up all kinds of reconnaissance data helpful for future mass device attacks.

High-severity FortiManager bug being exploited by hackers

The bug carries a critical severity score of 9.8 and could allow hackers to steal troves of sensitive information that would facilitate further access.

FortiJump flaw CVE-2024-47575 has been exploited in zero-day attacks since June 2024

The "FortiJump" flaw (CVE-2024-47575) has been exploited in zero-day attacks since June 2024, impacting over 50 servers, says Mandiant.

Fortinet FortiManager flaw exploited in zero-day attacks (CVE-2024-47575) - Help Net Security

Fortinet has publicly released information about CVE-2024-47575, a FortiManager flaw under active exploitation.

Fortinet Warns of Critical Vulnerability in FortiManager Under Active Exploitation

Discover critical details on Fortinet's FortiManager vulnerability (CVE-2024-47575) and essential mitigation strategies.

Fortinet confirms zero day exploitation of CVE-2024-47575

Fortinet confirms zero day exploitation: Pre-auth RCE now allocated CVE-2024-47575. What's going on with Fortinet product security again?

Fortinet discloses critical zero-day flaw in FortiManager | TechTarget

Fortinet confirmed reports of a critical zero-day vulnerability in FortiManager, which CISA added to its Known Exploited Vulnerabilities catalog.

Fortinet warns of new critical FortiManager flaw used in zero-day attacks

Fortinet publicly disclosed today a critical FortiManager API vulnerability, tracked as CVE-2024-47575, that was exploited in zero-day attacks to steal sensitive files containing configurations, IP addresses, and credentials for managed devices.