Fortinet Warns of Critical Flaw After FortiCloud SSO Exploitation
Fortinet is rolling out updates for CVE-2026-24858, with fixes for some versions available as of Tuesday, and others in releases that are upcoming at an unspecified date.
All topics
Vulnerabilities
25 Posts
Cybercrime and APT Groups Exploiting WinRAR Bug
Exploitation of CVE-2025-8088 in the wild began before disclosure, with attacks confirmed as early as July 18, 2025.
Microsoft Releases Emergency Patch for CVE-2026-21509
The vulnerability (CVE-2026-21509) requires user interaction for an attack to succeed, with the most likely vector being an attacker sending a malicious Office file to a victim, who then opens it.
Cisco Fixes Unified Communications RCE Flaw Under Attack
Threat actors are attempting to exploit the Cisco remote code execution flaw (CVE-2026-20045) in the wild, according to a new security advisory.
Fortinet FortiGate Devices Targeted in New Campaign
This activity shares some similarities with a campaign that researchers at Arctic Wolf identified in December. That campaign started soon after Fortinet disclosed two authentication bypass flaws (CVE-2025-59718 and CVE-2025-59719).
High-Risk Authentication Bypass Flaw Found in Telnetd
The flaw is in the way that the telnetd server handles some specific user-supplied data. An attacker who exploits this vulnerability would be able to bypass the authentication path and gain root privileges.