Dark Reading

Fortinet Firewalls Hit With Malicious Configuration Changes

A threat actor has been compromising Fortinet firewalls through single sign-on (SSO) logins over the past week, raising the specter that a previously disclosed and mitigated authentication bypass ...
Ars Technica

FortiGate admins report active exploitation 0-day. Vendor isn’t talking.

Fortinet, a maker of network security software, has kept a critical vulnerability under wraps for more than a week amid reports that attackers are using it to execute malicious code on servers used by ...
heise online

Unknown group releases Fortinet config files and VPN passwords to the darknet

Complete config files and VPN passwords in plain text for Fortinet devices have been released by a new group. heise security takes a look at the data set. Usually, you'll get only small gifts in ...
GIGAZINE

Russian-speaking hackers exploiting generative AI to compromise over 600 FortiGate devices in 55 countries

On February 20, 2026, Amazon Threat Intelligence, Amazon's security team, reported that Russian-speaking hackers had exploited multiple commercially available AI services to compromise over 600 ...
Ars Technica

VOIP calls sometimes missing audio: Fortinet firewall-what to config?

The firewall has 5060 and 10000-20000 open to the SIP provider (voip.ms), and a static NAT to the FreePBX server but we are getting some set of calls with no audio on either end. Anyone have any ideas ...
Bleeping Computer

Fortinet blocks exploited FortiCloud SSO zero day until patch is ready

Fortinet has confirmed a new, actively exploited critical FortiCloud single sign-on (SSO) authentication bypass vulnerability, tracked as CVE-2026-24858, and says it has mitigated the zero-day attacks ...
SecurityWeek

Fortinet Patches Critical FortiSandbox Vulnerabilities

Fortinet patched 27 vulnerabilities, including two critical FortiSandbox flaws leading to authentication bypass and code ...