ALL POSTS

Key Findings Fortinet confirmed attacks are bypassing FortiCloud SSO authentication, affecting even fully patched devices, similar to recent SSO flaws. Threat actors automate firewall changes, add users, enable VPNs, and steal configs, in campaigns resembling December 2025 exploits of critical FortiCloud SSO flaws. Arctic Wolf researchers reported a new automated attack cluster observed since January 15, 2026, targeting FortiGate devices. Attackers created generic accounts fo

Key Findings Fortinet reported active exploitation of a five-year-old security vulnerability, CVE-2020-12812 (CVSS score: 5.2), in FortiOS SSL VPN. The vulnerability is an improper authentication flaw that may allow users to bypass two-factor authentication (2FA) by changing the case of the username, enabling successful login without being prompted for the second authentication factor. The issue occurs when FortiGate has local 2FA users linked to LDAP, the same users belong t

Key Findings Despite being over two decades old, the NTLM authentication protocol remains a critical security liability in 2025. Cybercriminals are actively exploiting newly discovered vulnerabilities to launch sophisticated attacks across the globe. One of the most alarming vulnerabilities is CVE-2024-43451, which allows attackers to steal a user's NTLMv2 hash with virtually no interaction. The vulnerability abuses the MSHTML engine to trigger an NTLM authentication attempt