On Wednesday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) announced the addition of a critical security vulnerability affecting Fortinet products to its Known Exploited Vulnerabilities (KEV) catalog. This action was taken in light of evidence indicating ongoing exploitation of this flaw. Identified as CVE-2024-23113, this vulnerability has a CVSS…
A suspected nation-state actor has been detected exploiting three critical vulnerabilities in the Ivanti Cloud Service Appliance (CSA), leveraging these zero-day flaws to conduct a series of targeted cyberattacks. According to Fortinet’s FortiGuard Labs, these vulnerabilities allowed attackers to gain unauthorized access to the CSA, enumerate users, and access their…
On Monday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) officially included a significant security vulnerability affecting ScienceLogic SL1 in its Known Exploited Vulnerabilities (KEV) list. This action comes in response to confirmed instances of active exploitation as a zero-day vulnerability. The flaw, designated as CVE-2024-9537 (scoring 9.3 on the…
Fortinet Confirms Critical Vulnerability in FortiManager Under Active Exploitation Fortinet has identified a significant security vulnerability affecting its FortiManager product, designated as CVE-2024-47575, with a high CVSS score of 9.8. This vulnerability, also referred to as FortiJump, relates to the FGFM protocol utilized for communication between FortiGate devices and FortiManager.…
In a recent joint advisory, intelligence agencies from Australia, the U.K., and the U.S. have highlighted critical vulnerabilities that were actively exploited during 2020 and 2021. This report underscores how swiftly threat actors can capitalize on publicly disclosed weaknesses in software, posing a significant risk to various organizations worldwide. The…
Cisco Issues Critical Updates for Vulnerability in Adaptive Security Appliance Cisco Systems announced today that it has rolled out urgent security updates to address a significant vulnerability in its Adaptive Security Appliance (ASA) that has been actively exploited. This issue could result in a denial-of-service (DoS) condition, impacting the Remote…
On November 12, 2024, Microsoft disclosed that two significant security vulnerabilities affecting Windows NT LAN Manager (NTLM) and Task Scheduler have been actively exploited in the wild. These vulnerabilities were part of the November Patch Tuesday update, which addressed a total of 90 security flaws across Microsoft products. Among the…
A security vulnerability in Fortinet’s FortiClient for Windows has been exploited by the threat group known as **BrazenBamboo**, allowing them to extract VPN credentials using a modular framework named **DEEPDATA**. This exploitation was disclosed by Volexity, which reported the zero-day vulnerability’s emergence in July 2024. BrazenBamboo is also linked to…
Litigation, Network Firewalls, Network Access Control, Security Operations Pension Funds Accuse Fortinet of Misleading Market with Optimistic Refresh Forecast Michael Novinson (MichaelNovinson) • October 24, 2025 A pair of class action lawsuits have recently been filed against Fortinet, alleging violations of federal securities laws through misleading claims about a “record”…
