top of page
ALL POSTS
FortiBleed: Global Credential Breach Affects 73,932 Fortinet Firewalls Across 194 Countries
Key Findings FortiBleed campaign exposed valid login credentials for 73,932 Fortinet firewall URLs across 194 countries, affecting 21,632 unique domains Attackers conducted approximately 1.16 billion credential attempts against over 320,000 FortiGate targets using a self-feeding system Compromised organizations include Samsung, Oracle, Foxconn, Comcast, Siemens, Lenovo, Spotify, Sony, and numerous government and critical infrastructure entities The operation leverages previou
Jun 184 min read
Palo Alto PAN-OS Zero-Day Vulnerability Under Active Exploitation
Key Findings Critical buffer overflow vulnerability CVE-2026-0300 in Palo Alto Networks PAN-OS is actively being exploited in the wild with limited confirmed attacks Flaw affects authentication portals on PA-Series and VM-Series firewalls, allowing unauthenticated attackers to execute code with root privileges CVSS score of 9.3 with low attack complexity means the vulnerability is easily exploitable and automatable for mass campaigns More than 5,800 publicly exposed VM-Series
May 62 min read
Palo Alto Networks PAN-OS Zero-Day Under Active Exploitation for Remote Code Execution
Key Findings Critical buffer overflow vulnerability (CVE-2026-0300) in Palo Alto Networks PAN-OS is actively exploited in the wild CVSS score of 9.3 allows unauthenticated remote code execution with root privileges on PA-Series and VM-Series firewalls Exploitation primarily targets User-ID Authentication Portals exposed to the internet or untrusted networks Patches begin rolling out May 13, 2026, with staggered availability across multiple PAN-OS versions Risk significantly r
May 62 min read
Fortinet Warns of Active FortiCloud SSO Bypass Impacting Patched Devices
Key Findings Fortinet confirmed attacks are bypassing FortiCloud SSO authentication, affecting even fully patched devices, similar to recent SSO flaws. Threat actors automate firewall changes, add users, enable VPNs, and steal configs, in campaigns resembling December 2025 exploits of critical FortiCloud SSO flaws. Arctic Wolf researchers reported a new automated attack cluster observed since January 15, 2026, targeting FortiGate devices. Attackers created generic accounts fo
Jan 231 min read
Automated FortiGate Attacks Exploit FortiCloud SSO to Alter Firewall Configurations
Key Findings Arctic Wolf observed a new cluster of automated malicious activity targeting Fortinet FortiGate firewalls since January 15, 2026. The attacks involve the creation of generic user accounts for persistence, configuration changes granting VPN access to those accounts, and exfiltration of firewall configurations. This activity shares similarities with a December 2025 campaign that exploited critical Fortinet authentication bypass vulnerabilities (CVE-2025-59718 and C
Jan 222 min read
Palo Alto Networks Fixes GlobalProtect Flaw Allowing Unauthenticated Denial of Service
Key Findings Palo Alto Networks addressed a high-severity vulnerability, tracked as CVE-2026-0227 (CVSS score: 7.7), affecting GlobalProtect Gateway and Portal. A proof-of-concept (PoC) exploit for the vulnerability exists. The flaw allows an unauthenticated attacker to cause a denial-of-service (DoS) condition that can force the firewall into maintenance mode, disrupting network traffic and firewall protection. The vulnerability affects multiple versions of Palo Alto Network
Jan 152 min read
bottom of page
