Tag “Fortinet”

CISA Updates KEV Catalog with 3 New Vulnerabilities Affecting AMI MegaRAC, D-Link, and Fortinet

On June 26, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added three security vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, all of which are subject to active exploitation. These vulnerabilities affect AMI MegaRAC, D-Link DIR-859 routers, and Fortinet FortiOS. The details of the vulnerabilities are as follows:

  • CVE-2024-54085 (CVSS score: 10.0): An authentication bypass vulnerability in the Redfish Host Interface of AMI MegaRAC SPx, which could enable a remote attacker to gain control.
  • CVE-2024-0769 (CVSS score: 5.3): A path traversal vulnerability in D-Link DIR-859 routers that facilitates privilege escalation and unauthorized control (currently unpatched).
  • CVE-2019-6693 (CVSS score: 4.2): A hard-coded cryptographic key issue in FortiOS, FortiManager, and FortiAnalyzer used for encrypting password data in CLI configurations, potentially allowing an attacker with access to the CLI configuration or backup file to decrypt sensitive information.

CISA Updates KEV Catalog with Three Critical Vulnerabilities Affecting AMI MegaRAC, D-Link, and Fortinet On June 26, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) expanded its Known Exploited Vulnerabilities (KEV) catalog to include three significant security flaws. These vulnerabilities have been identified as actively exploited and are associated…

Read More

CISA Updates KEV Catalog with 3 New Vulnerabilities Affecting AMI MegaRAC, D-Link, and Fortinet

On June 26, 2025, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added three security vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, all of which are subject to active exploitation. These vulnerabilities affect AMI MegaRAC, D-Link DIR-859 routers, and Fortinet FortiOS. The details of the vulnerabilities are as follows:

  • CVE-2024-54085 (CVSS score: 10.0): An authentication bypass vulnerability in the Redfish Host Interface of AMI MegaRAC SPx, which could enable a remote attacker to gain control.
  • CVE-2024-0769 (CVSS score: 5.3): A path traversal vulnerability in D-Link DIR-859 routers that facilitates privilege escalation and unauthorized control (currently unpatched).
  • CVE-2019-6693 (CVSS score: 4.2): A hard-coded cryptographic key issue in FortiOS, FortiManager, and FortiAnalyzer used for encrypting password data in CLI configurations, potentially allowing an attacker with access to the CLI configuration or backup file to decrypt sensitive information.

Coordinated Attack Launches New Brute-Force Campaign Targeting Fortinet SSL VPN

A notable increase in brute-force attacks targeting Fortinet products may indicate the emergence of a new vulnerability. Analysis reveals a significant correlation between attack incidents and reported security flaws. Experts are raising concerns over a recent escalation in cyberattacks directed at Fortinet’s security offerings. On August 3, 2025, cybersecurity firm…

Read MoreCoordinated Attack Launches New Brute-Force Campaign Targeting Fortinet SSL VPN

Malicious Game Optimization Apps Spread Winos 4.0 Malware to Gamers

Cybersecurity experts are raising alarms about a command-and-control (C&C) framework known as Winos, which is being propagated through gaming-related apps, including installation tools, speed boosters, and optimization utilities. According to a report from Fortinet FortiGuard Labs shared with The Hacker News, “Winos 4.0 is a sophisticated malicious framework designed for extensive functionality, stable architecture, and efficient control over various online endpoints for further actions.” This framework, rebuilt from Gh0st RAT, features several modular components, each assigned distinct tasks. Campaigns distributing Winos 4.0 were initially noted in June by Trend Micro and the KnownSec 404 Team, which are monitoring the activity under the names Void Arachne and Silver Fox. These attacks primarily target Chinese-speaking users, utilizing black hat Search Engine Optimization (SEO) methods, along with social media and messaging platforms like Te…

Winos 4.0 Malware Targets Gamers via Malicious Game Optimization Software Cybersecurity experts have issued an alert regarding a sophisticated malware framework known as Winos 4.0, which is infiltrating the gaming community through seemingly legitimate applications. These applications, including game installation tools, speed boosters, and optimization utilities, serve as vectors for…

Read More

Malicious Game Optimization Apps Spread Winos 4.0 Malware to Gamers

Cybersecurity experts are raising alarms about a command-and-control (C&C) framework known as Winos, which is being propagated through gaming-related apps, including installation tools, speed boosters, and optimization utilities. According to a report from Fortinet FortiGuard Labs shared with The Hacker News, “Winos 4.0 is a sophisticated malicious framework designed for extensive functionality, stable architecture, and efficient control over various online endpoints for further actions.” This framework, rebuilt from Gh0st RAT, features several modular components, each assigned distinct tasks. Campaigns distributing Winos 4.0 were initially noted in June by Trend Micro and the KnownSec 404 Team, which are monitoring the activity under the names Void Arachne and Silver Fox. These attacks primarily target Chinese-speaking users, utilizing black hat Search Engine Optimization (SEO) methods, along with social media and messaging platforms like Te…

GLOBAL GROUP RaaS Launches Operations with AI-Powered Negotiation Tools

July 15, 2025
Cybercrime / Ransomware

Cybersecurity researchers have uncovered a new ransomware-as-a-service (RaaS) operation called GLOBAL GROUP, which has been targeting various sectors across Australia, Brazil, Europe, and the United States since its debut in early June 2025. According to EclecticIQ researcher Arda Büyükkaya, GLOBAL GROUP was “advertised on the Ramp4u forum by the threat actor known as ‘$$$.'” This same individual is associated with the BlackLock RaaS and has previously overseen the Mamona ransomware operations. It is believed that GLOBAL GROUP represents a rebranding of BlackLock, following the defacement of its data leak site by the DragonForce ransomware cartel in March. Notably, BlackLock itself was a rebranding of an earlier RaaS scheme called Eldorado. This financially motivated group is known for relying heavily on initial access brokers (IABs) to deploy ransomware, utilizing vulnerable edge appliances from Cisco, Fortinet, and Palo Alto Networks.

GLOBAL GROUP RaaS Expands Operations with Advanced AI Negotiation Tools July 15, 2025 Cybercrime / Ransomware A newly identified ransomware-as-a-service (RaaS) entity, referred to as GLOBAL GROUP, has rapidly gained traction, targeting various sectors across Australia, Brazil, Europe, and the United States since its inception in early June 2025. Researchers…

Read More

GLOBAL GROUP RaaS Launches Operations with AI-Powered Negotiation Tools

July 15, 2025
Cybercrime / Ransomware

Cybersecurity researchers have uncovered a new ransomware-as-a-service (RaaS) operation called GLOBAL GROUP, which has been targeting various sectors across Australia, Brazil, Europe, and the United States since its debut in early June 2025. According to EclecticIQ researcher Arda Büyükkaya, GLOBAL GROUP was “advertised on the Ramp4u forum by the threat actor known as ‘$$$.'” This same individual is associated with the BlackLock RaaS and has previously overseen the Mamona ransomware operations. It is believed that GLOBAL GROUP represents a rebranding of BlackLock, following the defacement of its data leak site by the DragonForce ransomware cartel in March. Notably, BlackLock itself was a rebranding of an earlier RaaS scheme called Eldorado. This financially motivated group is known for relying heavily on initial access brokers (IABs) to deploy ransomware, utilizing vulnerable edge appliances from Cisco, Fortinet, and Palo Alto Networks.

Cybercriminals Leverage Excel Vulnerability to Distribute Fileless Remcos RAT Malware

Nov 11, 2024
Vulnerability / Network Security

Cybersecurity experts have uncovered a new phishing campaign that disseminates a fileless variant of the well-known Remcos RAT malware. According to Fortinet FortiGuard Labs researcher Xiaopeng Zhang, “Remcos RAT offers a comprehensive suite of advanced features for remotely controlling computers purchased by buyers.” However, cybercriminals have exploited Remcos to gather sensitive information and execute further malicious actions on victims’ systems.

The attack typically begins with a phishing email that employs purchase order themes to entice recipients into opening a malicious Microsoft Excel attachment. This Excel document exploits a known remote code execution vulnerability in Office (CVE-2017-0199, CVSS score: 7.8), allowing it to download an HTML Application (HTA) file (“cookienetbookinetcahce.hta”) from a remote server (“192.3.220[.]22”) and execute it using mshta.exe.

Cybercriminals Leverage Excel Vulnerability to Deploy Remcos RAT Malware November 11, 2024 Vulnerability / Network Security Recent cybersecurity investigations have unearthed a phishing campaign that propagates a new fileless variant of the notorious Remcos RAT (Remote Control Software). Fortinet FortiGuard Labs, through researcher Xiaopeng Zhang, provided an in-depth analysis, revealing…

Read More

Cybercriminals Leverage Excel Vulnerability to Distribute Fileless Remcos RAT Malware

Nov 11, 2024
Vulnerability / Network Security

Cybersecurity experts have uncovered a new phishing campaign that disseminates a fileless variant of the well-known Remcos RAT malware. According to Fortinet FortiGuard Labs researcher Xiaopeng Zhang, “Remcos RAT offers a comprehensive suite of advanced features for remotely controlling computers purchased by buyers.” However, cybercriminals have exploited Remcos to gather sensitive information and execute further malicious actions on victims’ systems.

The attack typically begins with a phishing email that employs purchase order themes to entice recipients into opening a malicious Microsoft Excel attachment. This Excel document exploits a known remote code execution vulnerability in Office (CVE-2017-0199, CVSS score: 7.8), allowing it to download an HTML Application (HTA) file (“cookienetbookinetcahce.hta”) from a remote server (“192.3.220[.]22”) and execute it using mshta.exe.

Fortinet Issues Critical Patch for SQL Injection Vulnerability in FortiWeb (CVE-2025-25257)

July 11, 2025, United States

Fortinet has unveiled a patch addressing a severe security vulnerability in FortiWeb, which could allow unauthenticated attackers to execute arbitrary database commands on affected systems. Designated as CVE-2025-25257, this flaw has a CVSS score of 9.6 out of 10. According to Fortinet’s advisory, the vulnerability stems from “improper neutralization of special elements used in an SQL command (SQL Injection) [CWE-89],” enabling unauthorized SQL code execution through specially crafted HTTP or HTTPS requests.

The vulnerability affects the following FortiWeb versions:

  • FortiWeb 7.6.0 to 7.6.3 (Upgrade to 7.6.4 or higher)
  • FortiWeb 7.4.0 to 7.4.7 (Upgrade to 7.4.8 or higher)
  • FortiWeb 7.2.0 to 7.2.10 (Upgrade to 7.2.11 or higher)
  • FortiWeb 7.0.0 to 7.0.10 (Upgrade to 7.0.11 or higher)

Kentaro Kawane from GMO Cybersecurity is credited with reporting this significant vulnerability, as well as several critical issues in Cisco systems.

Fortinet Issues Critical Patch for SQL Injection Vulnerability in FortiWeb On July 11, 2025, Fortinet announced the release of urgent patches for a significant security vulnerability in FortiWeb, a web application firewall. This flaw, designated CVE-2025-25257, poses a serious risk, allowing unauthorized attackers the potential to execute arbitrary SQL commands…

Read More

Fortinet Issues Critical Patch for SQL Injection Vulnerability in FortiWeb (CVE-2025-25257)

July 11, 2025, United States

Fortinet has unveiled a patch addressing a severe security vulnerability in FortiWeb, which could allow unauthenticated attackers to execute arbitrary database commands on affected systems. Designated as CVE-2025-25257, this flaw has a CVSS score of 9.6 out of 10. According to Fortinet’s advisory, the vulnerability stems from “improper neutralization of special elements used in an SQL command (SQL Injection) [CWE-89],” enabling unauthorized SQL code execution through specially crafted HTTP or HTTPS requests.

The vulnerability affects the following FortiWeb versions:

  • FortiWeb 7.6.0 to 7.6.3 (Upgrade to 7.6.4 or higher)
  • FortiWeb 7.4.0 to 7.4.7 (Upgrade to 7.4.8 or higher)
  • FortiWeb 7.2.0 to 7.2.10 (Upgrade to 7.2.11 or higher)
  • FortiWeb 7.0.0 to 7.0.10 (Upgrade to 7.0.11 or higher)

Kentaro Kawane from GMO Cybersecurity is credited with reporting this significant vulnerability, as well as several critical issues in Cisco systems.

⚡ Weekly Highlights: Scattered Spider Arrests, Car Hacks, macOS Malware, Fortinet RCE, and More

This week in cybersecurity has shed light on critical vulnerabilities and significant criminal activity affecting major organizations. Precision is paramount in this field; minor oversights can cascade into enormous security breaches. In this context, notable incidents underline systemic issues, such as reliance on outdated tools, sluggish risk responses, and a…

Read More⚡ Weekly Highlights: Scattered Spider Arrests, Car Hacks, macOS Malware, Fortinet RCE, and More

Is IT-OT Integration Essential?

Governance & Risk Management, Operational Technology (OT) Security Experts Advocate for Coordinated Autonomy Instead of Complete Integration Suparna Goswami (gsuparna) • August 4, 2025 Image: Shutterstock The divide between IT and OT teams can be likened to two groups speaking entirely different languages. While IT departments focus on data integrity…

Read MoreIs IT-OT Integration Essential?