ALL POSTS

Key Findings Fortinet confirmed attacks are bypassing FortiCloud SSO authentication, affecting even fully patched devices, similar to recent SSO flaws. Threat actors automate firewall changes, add users, enable VPNs, and steal configs, in campaigns resembling December 2025 exploits of critical FortiCloud SSO flaws. Arctic Wolf researchers reported a new automated attack cluster observed since January 15, 2026, targeting FortiGate devices. Attackers created generic accounts fo

Key Findings Arctic Wolf observed a new cluster of automated malicious activity targeting Fortinet FortiGate firewalls since January 15, 2026. The attacks involve the creation of generic user accounts for persistence, configuration changes granting VPN access to those accounts, and exfiltration of firewall configurations. This activity shares similarities with a December 2025 campaign that exploited critical Fortinet authentication bypass vulnerabilities (CVE-2025-59718 and C

Key Findings Palo Alto Networks addressed a high-severity vulnerability, tracked as CVE-2026-0227 (CVSS score: 7.7), affecting GlobalProtect Gateway and Portal. A proof-of-concept (PoC) exploit for the vulnerability exists. The flaw allows an unauthenticated attacker to cause a denial-of-service (DoS) condition that can force the firewall into maintenance mode, disrupting network traffic and firewall protection. The vulnerability affects multiple versions of Palo Alto Network