Tag “Fortinet”

New Vulnerabilities Discovered in Leading Antivirus Software Could Increase Computer Risks

Security Vulnerabilities Discovered in Popular Antivirus Solutions, Risking System Integrity Cybersecurity experts have recently uncovered significant security vulnerabilities in widely-used antivirus software, potentially allowing attackers to escalate privileges and solidify malware presence on compromised systems. A report from CyberArk researcher Eran Shimony, shared with The Hacker News, highlights the critical…

Read MoreNew Vulnerabilities Discovered in Leading Antivirus Software Could Increase Computer Risks

Surge in Brute-Force Attacks on Fortinet SSL VPNs Precedes Focus on FortiManager

August 12, 2025
Threat Intelligence / Enterprise Security

Cybersecurity experts are reporting a significant increase in brute-force traffic directed at Fortinet SSL VPN devices. A coordinated effort, noted by threat intelligence firm GreyNoise, was detected on August 3, 2025, involving over 780 unique IP addresses participating in the attack. In the last 24 hours alone, 56 unique malicious IP addresses have been identified, originating from countries including the United States, Canada, Russia, and the Netherlands.

Targets of this brute-force activity span across the United States, Hong Kong, Brazil, Spain, and Japan. GreyNoise emphasized that the attacks were specifically aimed at their FortiOS profile, indicating a deliberate targeting strategy rather than opportunistic behavior. The firm also reported observing two distinct waves of assaults before and after August 5, with one being a prolonged brute-force attack.

Fortinet SSL VPNs Targeted by Surge in Brute-Force Attacks as Threat Actors Shift Focus to FortiManager August 12, 2025 Threat Intelligence / Enterprise Security Cybersecurity experts have identified a notable increase in brute-force attack traffic directed at Fortinet SSL VPN devices, raising alarms in the cybersecurity community. According to the…

Read More

Surge in Brute-Force Attacks on Fortinet SSL VPNs Precedes Focus on FortiManager

August 12, 2025
Threat Intelligence / Enterprise Security

Cybersecurity experts are reporting a significant increase in brute-force traffic directed at Fortinet SSL VPN devices. A coordinated effort, noted by threat intelligence firm GreyNoise, was detected on August 3, 2025, involving over 780 unique IP addresses participating in the attack. In the last 24 hours alone, 56 unique malicious IP addresses have been identified, originating from countries including the United States, Canada, Russia, and the Netherlands.

Targets of this brute-force activity span across the United States, Hong Kong, Brazil, Spain, and Japan. GreyNoise emphasized that the attacks were specifically aimed at their FortiOS profile, indicating a deliberate targeting strategy rather than opportunistic behavior. The firm also reported observing two distinct waves of assaults before and after August 5, with one being a prolonged brute-force attack.

Phishing Scheme Exploits UpCrypter in Fake Voicemail Emails to Deploy RAT Payloads

Aug 25, 2025
Malware / Cloud Security

Cybersecurity experts have identified a new phishing scheme utilizing deceptive voicemail and purchase order emails to distribute a malware loader named UpCrypter. According to Fortinet FortiGuard Labs researcher Cara Lin, the campaign employs “carefully crafted emails to deliver malicious URLs linked to convincing phishing pages.” These pages are designed to lure recipients into downloading JavaScript files that serve as droppers for UpCrypter. Since early August 2025, the attacks have predominantly targeted sectors such as manufacturing, technology, healthcare, construction, and retail/hospitality worldwide. Significant infections have been recorded in countries including Austria, Belarus, Canada, Egypt, India, and Pakistan. UpCrypter acts as a conduit for various remote access tools (RATs), including PureHVNC RAT, DCRat (also known as DarkCrystal RAT), and Babylon RAT, allowing attackers to gain complete control over compromised systems.

Phishing Campaign Exploits UpCrypter to Distribute RAT Malware via Fake Voicemail Emails On August 25, 2025, cybersecurity researchers identified a sophisticated phishing campaign utilizing counterfeit voicemail notifications and purchase orders to disseminate a malware loader known as UpCrypter. According to Cara Lin, a researcher at Fortinet’s FortiGuard Labs, the attackers…

Read More

Phishing Scheme Exploits UpCrypter in Fake Voicemail Emails to Deploy RAT Payloads

Aug 25, 2025
Malware / Cloud Security

Cybersecurity experts have identified a new phishing scheme utilizing deceptive voicemail and purchase order emails to distribute a malware loader named UpCrypter. According to Fortinet FortiGuard Labs researcher Cara Lin, the campaign employs “carefully crafted emails to deliver malicious URLs linked to convincing phishing pages.” These pages are designed to lure recipients into downloading JavaScript files that serve as droppers for UpCrypter. Since early August 2025, the attacks have predominantly targeted sectors such as manufacturing, technology, healthcare, construction, and retail/hospitality worldwide. Significant infections have been recorded in countries including Austria, Belarus, Canada, Egypt, India, and Pakistan. UpCrypter acts as a conduit for various remote access tools (RATs), including PureHVNC RAT, DCRat (also known as DarkCrystal RAT), and Babylon RAT, allowing attackers to gain complete control over compromised systems.

Unresolved Remote Hacking Vulnerability Found in Fortinet’s FortiWeb WAF

Aug 18, 2021

Recent revelations highlight a serious, unpatched security flaw in Fortinet’s web application firewall (WAF) that could enable a remote authenticated attacker to execute harmful commands on the system. According to cybersecurity firm Rapid7, an OS command injection vulnerability in FortiWeb’s management interface (versions 6.3.11 and earlier) allows this exploitation through the SAML server configuration page. This issue is linked to CVE-2021-22123, which was noted in advisory FG-IR-20-120. Rapid7 identified and reported the vulnerability in June 2021, and Fortinet plans to release a fix in late August with FortiWeb version 6.4.1. While this command injection flaw has not yet been assigned a CVE identifier, it carries a severity rating of 8.7 on the CVSS scoring system. Exploiting this vulnerability could enable authenticated users to execute arbitrary commands.

Unresolved Remote Hacking Vulnerability Uncovered in Fortinet’s FortiWeb WAF Published on August 18, 2021 A newly identified, unaddressed security vulnerability has been reported in Fortinet’s FortiWeb Web Application Firewall (WAF) appliances, raising concerns among cybersecurity experts. This flaw could potentially permit a remote, authenticated attacker to execute arbitrary commands on…

Read More

Unresolved Remote Hacking Vulnerability Found in Fortinet’s FortiWeb WAF

Aug 18, 2021

Recent revelations highlight a serious, unpatched security flaw in Fortinet’s web application firewall (WAF) that could enable a remote authenticated attacker to execute harmful commands on the system. According to cybersecurity firm Rapid7, an OS command injection vulnerability in FortiWeb’s management interface (versions 6.3.11 and earlier) allows this exploitation through the SAML server configuration page. This issue is linked to CVE-2021-22123, which was noted in advisory FG-IR-20-120. Rapid7 identified and reported the vulnerability in June 2021, and Fortinet plans to release a fix in late August with FortiWeb version 6.4.1. While this command injection flaw has not yet been assigned a CVE identifier, it carries a severity rating of 8.7 on the CVSS scoring system. Exploiting this vulnerability could enable authenticated users to execute arbitrary commands.

Attackers Exploit Zero-Day Vulnerability in Fortinet Security Software

Governance & Risk Management, Network Firewalls, Network Access Control, Patch Management Vendor Releases Emergency Patch for Critical Vulnerability in FortiClient Endpoint Management Server Mathew J. Schwartz (euroinfosec) • April 6, 2026 Image: Shutterstock Fortinet has initiated an urgent response to a significant security threat by releasing emergency patches in light…

Read MoreAttackers Exploit Zero-Day Vulnerability in Fortinet Security Software

🔍 Weekly Overview: Fortinet Vulnerability, Chrome Zero-Day, BadIIS Malware, Record DDoS Attack, SaaS Security Incident & More

Cybersecurity Weekly Update: New Vulnerabilities and Persistent Threats This week, the cybersecurity landscape revealed alarming developments as multiple organizations fell victim to sophisticated attacks, highlighting the evolving tactics employed by cybercriminals. Notably, Fortinet disclosed a serious vulnerability affecting its FortiWeb application firewall, categorized as CVE-2025-58034. This flaw, assigned a medium…

Read More🔍 Weekly Overview: Fortinet Vulnerability, Chrome Zero-Day, BadIIS Malware, Record DDoS Attack, SaaS Security Incident & More

Fortinet Alerts Users to New Authentication Bypass Vulnerability in FortiGate and FortiProxy

Security Alert: Critical Vulnerability Discovered in Fortinet Products Fortinet has issued a private alert regarding a serious security vulnerability affecting its FortiGate firewalls and FortiProxy web proxies. This issue has the potential to enable unauthorized actions on vulnerable devices, raising significant concerns for businesses relying on these solutions. The vulnerability,…

Read MoreFortinet Alerts Users to New Authentication Bypass Vulnerability in FortiGate and FortiProxy

Fortinet Alerts on Ongoing Exploitation of Critical Authentication Bypass Vulnerability

Fortinet Confirms Active Exploitation of Critical Vulnerability in Firewall and Proxy Products On Monday, Fortinet disclosed a critical security vulnerability affecting its firewall and proxy offerings, warning that the flaw is currently being exploited in the wild. This vulnerability, tracked as CVE-2022-40684 and rated with a CVSS score of 9.6,…

Read MoreFortinet Alerts on Ongoing Exploitation of Critical Authentication Bypass Vulnerability

Numerous Campaigns Target VMware Vulnerability to Distribute Crypto Miners and Ransomware

A recently patched vulnerability in VMware Workspace ONE Access has been leveraged to distribute both cryptocurrency mining malware and ransomware across affected systems. This information comes from Fortinet’s FortiGuard Labs, where researcher Cara Lin highlighted that the attackers aim to exploit victims’ resources extensively. The goal appears to involve not…

Read MoreNumerous Campaigns Target VMware Vulnerability to Distribute Crypto Miners and Ransomware