fortinet

Fortinet has confirmed a new, actively exploited authentication‑bypass flaw—tracked as CVE‑2026‑24858—that allows an attacker who controls a FortiCloud account and a registered device to gain administrative access to other Fortinet devices where FortiCloud single sign‑on (SSO) is enabled. This...

CISA’s addition of a Fortinet authentication‑bypass bug to the Known Exploited Vulnerabilities (KEV) Catalog spotlights a high‑risk class of flaws: improper verification of cryptographic signatures in SAML responses. The vulnerability, tracked as CVE‑2025‑59718, affects multiple Fortinet...

SendQuick says its Conexa authentication platform has achieved FIDO2 server certification from the FIDO Alliance, a milestone the company claims will help enterprises cut password risk with phishing‑resistant, standards‑based sign‑ins. While this announcement signals a strategic shift toward...

The evolving landscape of cybersecurity challenges underscores that no organization, regardless of size or sector, can afford complacency. This reality was highlighted once again as the Cybersecurity and Infrastructure Security Agency (CISA) announced the addition of a new entry to its Known...

From the engines powering modern factories to switches safeguarding citywide power grids, Siemens’ RUGGEDCOM APE1808 devices serve as the backbone of critical infrastructure worldwide. Designed for the extreme, these robust devices are workhorses of the industrial edge, trusted by sectors that...

In an era where digital infrastructure underpins critical government operations, financial systems, healthcare, and defense networks, the risks associated with software vulnerabilities continue to grow exponentially. Recent developments underscore this concern as the Cybersecurity and...

New Post-Exploitation Technique in Fortinet Devices Raises Security Concerns A recent advisory from Fortinet has sent ripples through the cybersecurity community after revealing a sophisticated post-exploitation technique targeting known Fortinet vulnerabilities. The technique involves the...

CISA has recently expanded its Known Exploited Vulnerabilities Catalog with two new entries that underscore the persistent threat posed by actively exploited vulnerabilities. While the vulnerabilities detailed in this update may not target Microsoft Windows directly, the implications resonate...

As the cybersecurity threat landscape continues to evolve, vigilance is no longer optional—it's mandatory. In its recent advisory, the Cybersecurity and Infrastructure Security Agency (CISA) is urging all organizations, federal or otherwise, to take heed: they’ve added four critical...

The cybersecurity world is buzzing with news that Fortinet has just released updated security patches for a broad range of its products. If you're thinking this is just another run-of-the-mill update announcement, hold on to your keyboards! These fixes address vulnerabilities so significant...

In a cybersecurity revelation as chilling as discovering that the spare key to your house is missing, attackers are actively exploiting a patched vulnerability (CVE-2023-48788) in Fortinet's FortiClient Endpoint Management System (EMS). The bug, which enables SQL injection attacks, might already...

Fortinet is back in the spotlight with the release of a critical security update aimed at addressing a severe vulnerability in its FortiManager product. This vulnerability, if left unpatched, has the potential to allow remote cyber threat actors to seize control of affected systems. For system...

On November 12, 2024, Fortinet took a proactive stance against cybersecurity threats by releasing essential security updates aimed at multiple products, most notably FortiOS. These updates address a variety of vulnerabilities that, if left unchecked, could allow cybercriminals to exploit...

The world of cybersecurity is riddled with Harlequin jests and serious risks, and Fortinet has recently stepped into the spotlight with an urgent update regarding a critical security vulnerability in their FortiManager product (CVE-2024-47575). This vulnerability poses a significant threat...

In an ongoing effort to keep cyber threats at bay, the Cybersecurity and Infrastructure Security Agency (CISA) has recently added one new vulnerability to its Known Exploited Vulnerabilities Catalog. This catalog serves as a crucial resource for organizations keen on understanding and mitigating...

Original release date: November 17, 2021 Summary Actions to Take Today to Protect Against Iranian State-Sponsored Malicious Cyber Activity • Immediately patch software affected by the following vulnerabilities: CVE-2021-34473, 2018-13379, 2020-12812, and 2019-5591. • Implement Link Removed. •...

Original release date: October 9, 2020 Summary This joint cybersecurity advisory uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise framework for all referenced threat actor techniques. Note: the analysis in this joint...

Hi, I am having a problem when trying to connect to SSL-VPN on a FortiGate 60B. I have 3 customers where I can connect using https on IE or Firefox, with both XP and Vista. But when I try with Windows 7, it does connect to the firewall, the first time add the add-in as it should, it then shows...