ALL POSTS

Key Findings Fortinet confirmed attacks are bypassing FortiCloud SSO authentication, affecting even fully patched devices, similar to recent SSO flaws. Threat actors automate firewall changes, add users, enable VPNs, and steal configs, in campaigns resembling December 2025 exploits of critical FortiCloud SSO flaws. Arctic Wolf researchers reported a new automated attack cluster observed since January 15, 2026, targeting FortiGate devices. Attackers created generic accounts fo

Key Findings A critical vulnerability (CVE-2025-59718, CVE-2025-59719) in Fortinet's FortiCloud Single Sign-On (SSO) feature allows unauthenticated attackers to bypass authentication and gain administrative access to affected devices. The vulnerability, which has a CVSS score of 9.1, stems from improper verification of cryptographic signatures (CWE-347) in the FortiCloud SSO SAML implementation. Affected products include FortiOS, FortiWeb, FortiProxy, and FortiSwitch Manager.