The Hacker News

Automated FortiGate Attacks Exploit FortiCloud SSO to Alter Firewall Configurations

Arctic Wolf reports automated attacks on FortiGate devices abusing FortiCloud SSO flaws to change firewall settings and steal ...
The Manila Times

Fortinet to Bring Cyber Leadership to World Economic Forum Annual Meeting 2026

Fortinet joins global leaders to engage in dialogue highlighting cross-sector strategies to incentivize, drive accountability ...
International Business Times

FortiCloud SSO Exposure — 25,000 Devices Vulnerable and Cyber Attacks Active

A critical security flaw in FortiCloud SSO has left over 25,000 Fortinet devices vulnerable to hijack attempts. A critical security gap in FortiCloud's Single Sign-On (SSO) system has left more than ...
ITWeb

Fortinet Web application firewall earns 'Recommended' rating in latest NSS Labs tests

Fortinet (NASDAQ: FTNT), a global leader in high-performance network security, today announced the FortiWeb-1000D is one of the industry's top-ranked Web application firewalls, blocking 99.85% of WAF ...
Security Boulevard

Fortinet FortiWeb Authentication Bypass and Command Injection Vulnerability (CVE-2025-64446/CVE-2025-58034) Notice

Recently, NSFOCUS CERT detected that Fortinet issued a security bulletin to fix the FortiWeb authentication bypass and command injection vulnerability (CVE-2025-64446 ...
heise online

Many Fortinet Security Updates, Renewed Attacks on FortiWeb

Attackers have repeatedly targeted Fortinet's Web Application Firewall (WAF) FortiWeb. There is now a security patch. However, other products from the network security appliance vendor are still ...
techzine

Fortinet hit again by zero-day vulnerability in FortiWeb

Fortinet is once again under fire after the discovery of a second zero-day vulnerability in FortiWeb within a week. The security company released an update to fix the problem. The Register has already ...
SDxCentral

Fortinet unearths second FortiWeb firewall vulnerability in as many weeks

Fortinet has uncovered a bug in its FortiWeb firewall offering, the second issue to be reported with the product in a month. First reported by The Register, the vulnerability (CVE-2025-58034) could ...
CSOonline

Fortinet criticized for ‘silent’ patching after disclosing second zero-day vulnerability in same equipment

Only days after Fortinet was criticized by researchers for ‘silently’ patching a zero-day vulnerability without informing its customers, it has emerged that it did the same for a second zero-day that ...
TechRadar

Fortinet admits it found another worrying zero-day being exploited in attacks

Fortinet has issued an urgent patch for a high-severity vulnerability in FortiWeb which is apparently being abused in the wild. FortiWeb is the company’s dedicated web application firewall (WAF), ...
theregister

Fortinet 'fesses up to second 0-day within a week

Fortinet has confirmed that another flaw in its FortiWeb web application firewall has been exploited as a zero-day and issued a patch, just days after disclosing a critical bug in the same product ...
SecurityWeek

Fortinet Discloses Second Exploited FortiWeb Zero-Day in a Week

Fortinet on Tuesday announced patches for 17 vulnerabilities, including a zero-day resolved with the latest FortiWeb updates. Tracked as CVE-2025-58034 (CVSS score of 6.7), the bug is described as an ...