Threat Post

FortiGate VPN Default Config Allows MitM Attacks

The client’s default configuration for SSL-VPN has a certificate issue, researchers said. Default configurations of Fortinet’s FortiGate VPN appliance could open organizations to man-in-the-middle ...

Hackers exploit newly patched Fortinet auth bypass flaws

Hackers are exploiting critical-severity vulnerabilities affecting multiple Fortinet products to get unauthorized access to ...

Fortinet products hit by further security flaws - giving hackers access to systems and more

Two critical SAML‑signature flaws (CVE‑2025‑59718/59719) let attackers bypass SSO across multiple Fortinet products; ...
Infosecurity-magazine.com

New Hacking Group Leaks Configuration of 15,000 Fortinet Firewalls

A new threat actor has leaked configuration files and virtual private network (VPN) information for 15,000 firewall devices provided by security vendor Fortinet. On January 15, Kevin Beaumont, an ...
Mobile ID World

Fortinet SSO Admin Login Flaw: New SAML Bypass CVEs Spur Multi-Product Patch Planning

While patching is positioned as the primary fix, interim risk reduction measures cited by advisories include limiting administrative interfaces to trusted networks and, where feasible, temporarily ...
TechRadar

Fortinet FortiGate Firewall

Fortinet FortiGate Firewall is a great first line of defense for small to mid-size network systems, especially with proactive alerting and intrusion-preventing features. It provides users with unified ...
Bleeping Computer

Fortinet discloses second firewall auth bypass patched in January

Update 2/11/25 07:32 PM ET: After publishing our story, Fortinet has informed us that the new CVE-2025-24472 flaw added to FG-IR-24-535 today is not a zero-day and was already fixed in January.
CSO Online

FortiGate firewall credentials being stolen after vulnerabilities discovered

Arctic Wolf says last week’s revelation of authentication holes is leading to attacks on unpatched Fortinet devices.