Fortinet
Coverage of Fortinet in the Nexus archive.
- FortiBleed credential-theft campaign linked to Lynx ransomware
The FortiBleed credential theft campaign has been linked to the INC and Lynx ransomware operations. Stolen Fortinet credentials were likely intended to facilitate future network intrusions.
- CISA warns Fortinet users to secure devices after FortiBleed leak
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) warned Fortinet users to secure their devices following the 'FortiBleed' data leak, which exposed nearly 74,000 firewall and VPN credentials. The incident highlights the need for immediate action to protect affected systems.
- Three critical Fortinet sandbox bugs splattered by unknown attackers
Three critical vulnerabilities in Fortinet's FortiSandbox are being actively exploited by unknown attackers. Fortinet has patched two of the flaws (CVE-2026-39813 and CVE-2026-39808) in April and a third (CVE-2026-25089) last week, all rated 9.1 on the CVSS scale. Threat intelligence firm Defused reported ongoing exploitation attempts, including unpatched vulnerabilities allowing remote code execution and authentication bypass.
- Critical Fortinet FortiSandbox flaws now exploited in attacks
Attackers are exploiting critical vulnerabilities in Fortinet's FortiSandbox cyber threat detection platform, as reported by threat intelligence company Defused.
- Threat Actors Exploit Critical FortiClient EMS Flaw to Deploy Credential Stealer
Threat actors are exploiting a patched security flaw in FortiClient Endpoint Management Server (EMS) to deploy credential-stealing malware. Arctic Wolf reported that the campaign used trusted endpoint management infrastructure to deliver malware across managed endpoints, disguising the payload as a Fortinet endpoint update.
- Ivanti, Fortinet, SAP, VMware, n8n Patch RCE, SQL Injection, Privilege Escalation Flaws
Ivanti, Fortinet, n8n, SAP, and VMware have released security fixes for various vulnerabilities that could be exploited by bad actors to bypass authentication and execute arbitrary code. A critical flaw impacting Ivanti Xtraction could be exploited to achieve information disclosure or client-side attacks. The vulnerabilities affect multiple products from these companies.
- Fortinet warns of critical RCE flaws in FortiSandbox and FortiAuthenticator
Fortinet has released security patches for critical vulnerabilities in FortiSandbox and FortiAuthenticator that could enable attackers to run commands or arbitrary code. The flaws are considered critical RCE vulnerabilities. Fortinet's patches address these issues to prevent potential attacks.
- Fortinet’s stock rockets higher as earnings help dispel fears of AI disruption
Fortinet's stock has increased due to strong earnings, dispelling fears of AI disruption in the cybersecurity industry. The company's offerings are in high demand due to an increasingly complex threat environment. This boost in demand is driving the company's growth.
- Network ‘background noise’ may predict the next big edge-device vulnerability
Research by GreyNoise indicates that spikes in network traffic targeting edge devices can predict upcoming vulnerability disclosures, often up to nine days before public alerts. The study found that 50% of detected activity surges led to vendor disclosures within three weeks, highlighting coordinated attacker behavior against security appliances.
- Patch these critical Fortinet sandbox bugs that let attackers bypass login, run commands over HTTP
Two critical vulnerabilities in Fortinet's sandbox allow unauthenticated attackers to bypass login and execute unauthorized commands over HTTP. No active exploitation reports yet, but warnings urge vigilance against potential future attacks.
- April Patch Tuesday Fixes Critical Flaws Across SAP, Adobe, Microsoft, Fortinet, and More
April's Patch Tuesday addresses critical vulnerabilities in products from Adobe, Fortinet, Microsoft, and SAP. A high-severity SQL injection flaw (CVE-2026-27681) in SAP's Business Planning and Consolidation and Business Warehouse systems could allow arbitrary database execution.
- CISA Adds 6 Known Exploited Flaws in Fortinet, Microsoft, and Adobe Software
CISA added six actively exploited vulnerabilities to its KEV catalog, including an SQL injection flaw in Fortinet FortiClient EMS (CVE-2026-21643) with a CVSS score of 9.1. The vulnerabilities affect software from Fortinet, Microsoft, and Adobe.
- Fortinet Issues Emergency Patch for FortiClient Zero-Day
Fortinet has issued an emergency patch for a zero-day vulnerability in FortiClient, tracked as CVE-2026-35616, which allows authentication bypass. This flaw is part of a series of Fortinet vulnerabilities that have been exploited in the wild.
- Attackers exploited this critical FortiClient EMS bug as a 0-day
A critical vulnerability in FortiClient Enterprise Management Server (EMS) was exploited as a 0-day attack, prompting Fortinet to release an emergency patch. CISA added the flaw to its Known Exploited Vulnerabilities (KEV) list after confirming real-world exploitation since March 31.