The Hacker News

Ivanti, Fortinet, and SAP Release Patches for Multiple Critical Vulnerabilities

Fortinet, Ivanti, and SAP patched critical flaws up to CVSS 10.0, reducing RCE, admin takeover, and data exposure risks.
Forbes

New Fortinet Zero-Day Warning—Update Now, Attacks Underway

This voice experience is generated by AI. Learn more. This voice experience is generated by AI. Learn more. Fortinet issues emergency update as zero-day attack confirmed. Updated April 7: Following ...
CRN

Fortinet Confirms Exploitation Of ‘Critical’ Vulnerability In FortiOS, FortiProxy

The confirmation comes after Arctic Wolf researchers said that ‘mass exploitation’ of the vulnerability—which impacts FortiGate firewalls—is ‘likely.’ Fortinet confirmed Tuesday that a ...
ITWire

Fortinet firewalls hit with new zero-day attack, older data leak

Rapid7 is investigating two separate events affecting Fortinet firewall customers: Zero-day exploitation of CVE-2024-55591, an authentication bypass vulnerability in FortiOS and FortiProxy disclosed ...
Bleeping Computer

Fortinet warns of auth bypass zero-day exploited to hijack firewalls

Attackers are exploiting a new authentication bypass zero-day vulnerability in FortiOS and FortiProxy to hijack Fortinet firewalls and breach enterprise networks. This security flaw (tracked as ...
Dark Reading

Actively Exploited Fortinet Zero-Day Gives Attackers Super-Admin Privileges

Fortinet has patched an actively exploited zero-day authentication bypass flaw affecting its FortiOS and FortiProxy products, which attackers have been exploiting to gain super-administrative access ...
Infosecurity-magazine.com

Fortinet Confirms Critical Zero-Day Vulnerability in Firewalls

Fortinet has disclosed a new critical zero-day vulnerability affecting some of its FortiGate firewalls. In a security advisory published on January 14, FortiGuard Labs revealed a new authentication ...
Bleeping Computer

Fortinet: New FortiOS RCE bug "may have been exploited" in attacks

Fortinet says a critical FortiOS SSL VPN vulnerability that was patched last week "may have been exploited" in attacks impacting government, manufacturing, and critical infrastructure organizations.