eupolicy.social is one of the many independent Mastodon servers you can use to participate in the fediverse.
This Mastodon server is a friendly and respectful discussion space for people working in areas related to EU policy. When you request to create an account, please tell us something about you.

Server stats:

217
active users

#Fortinet

0 posts0 participants0 posts today
The New Oil<p>Critical <a href="https://mastodon.thenewoil.org/tags/Fortinet" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Fortinet</span></a> flaws now exploited in <a href="https://mastodon.thenewoil.org/tags/Qilin" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Qilin</span></a> <a href="https://mastodon.thenewoil.org/tags/ransomware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ransomware</span></a> attacks</p><p><a href="https://www.bleepingcomputer.com/news/security/critical-fortinet-flaws-now-exploited-in-qilin-ransomware-attacks/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/secu</span><span class="invisible">rity/critical-fortinet-flaws-now-exploited-in-qilin-ransomware-attacks/</span></a></p><p><a href="https://mastodon.thenewoil.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a></p>
securityaffairs<p>Attackers exploit <a href="https://infosec.exchange/tags/Fortinet" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Fortinet</span></a> flaws to deploy <a href="https://infosec.exchange/tags/Qilin" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Qilin</span></a> <a href="https://infosec.exchange/tags/ransomware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ransomware</span></a><br><a href="https://securityaffairs.com/178736/hacking/attackers-exploit-fortinet-flaws-to-deploy-qilin-ransomware.html" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">securityaffairs.com/178736/hac</span><span class="invisible">king/attackers-exploit-fortinet-flaws-to-deploy-qilin-ransomware.html</span></a><br><a href="https://infosec.exchange/tags/securityaffairs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>securityaffairs</span></a> <a href="https://infosec.exchange/tags/hacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>hacking</span></a> <a href="https://infosec.exchange/tags/malware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>malware</span></a></p>
Hackread.com<p>⚠️ Researchers have released PoC for CVE-2025-32756, a severe security flaw, that is actively being exploited in Fortinet products like FortiMail and FortiCamera.</p><p>Read: <a href="https://hackread.com/researchers-poc-fortinet-cve-2025-32756-quick-patch/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">hackread.com/researchers-poc-f</span><span class="invisible">ortinet-cve-2025-32756-quick-patch/</span></a></p><p><a href="https://mstdn.social/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://mstdn.social/tags/Vulnerability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Vulnerability</span></a> <a href="https://mstdn.social/tags/Fortinet" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Fortinet</span></a> <a href="https://mstdn.social/tags/FortiMail" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FortiMail</span></a> <a href="https://mstdn.social/tags/FortiCamera" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FortiCamera</span></a></p>
The New Oil<p>Data-stealing <a href="https://mastodon.thenewoil.org/tags/Chrome" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Chrome</span></a> extensions impersonate <a href="https://mastodon.thenewoil.org/tags/Fortinet" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Fortinet</span></a>, <a href="https://mastodon.thenewoil.org/tags/YouTube" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>YouTube</span></a>, VPNs</p><p><a href="https://www.bleepingcomputer.com/news/security/data-stealing-chrome-extensions-impersonate-fortinet-youtube-vpns/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/secu</span><span class="invisible">rity/data-stealing-chrome-extensions-impersonate-fortinet-youtube-vpns/</span></a></p><p><a href="https://mastodon.thenewoil.org/tags/VPN" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>VPN</span></a> <a href="https://mastodon.thenewoil.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a></p>
The New Oil<p><a href="https://mastodon.thenewoil.org/tags/Fortinet" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Fortinet</span></a> fixes critical zero-day exploited in <a href="https://mastodon.thenewoil.org/tags/FortiVoice" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FortiVoice</span></a> attacks</p><p><a href="https://www.bleepingcomputer.com/news/security/fortinet-fixes-critical-zero-day-exploited-in-fortivoice-attacks/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/secu</span><span class="invisible">rity/fortinet-fixes-critical-zero-day-exploited-in-fortivoice-attacks/</span></a></p><p><a href="https://mastodon.thenewoil.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a></p>
securityaffairs<p><a href="https://infosec.exchange/tags/Fortinet" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Fortinet</span></a> fixed actively exploited <a href="https://infosec.exchange/tags/FortiVoice" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FortiVoice</span></a> <a href="https://infosec.exchange/tags/zeroday" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>zeroday</span></a><br><a href="https://securityaffairs.com/177800/hacking/fortinet-fixed-actively-exploited-fortivoice-zero-day.html" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">securityaffairs.com/177800/hac</span><span class="invisible">king/fortinet-fixed-actively-exploited-fortivoice-zero-day.html</span></a><br><a href="https://infosec.exchange/tags/securityaffairs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>securityaffairs</span></a> <a href="https://infosec.exchange/tags/hacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>hacking</span></a></p>
Alexandre Dulaunoy<p>While digging into some <a href="https://infosec.exchange/tags/Fortinet" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Fortinet</span></a> vulnerabilities, I discovered a set of CVEs that were rejected for being unused.</p><p>I'm wondering how this is actually helping vulnerability management. Does this mean those will be never used? or something else?</p><p><a href="https://infosec.exchange/tags/vulnerability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>vulnerability</span></a> <a href="https://infosec.exchange/tags/cve" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cve</span></a> <a href="https://infosec.exchange/tags/vulnerabilities" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>vulnerabilities</span></a> </p><p>🔗 <a href="https://vulnerability.circl.lu/vuln/cve-2025-46221" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">vulnerability.circl.lu/vuln/cv</span><span class="invisible">e-2025-46221</span></a></p>
k3ym𖺀<p>🚨 <strong>New Threat Alert: Rustobot Botnet</strong> 🚨<br>A new Rust-based botnet is making waves — and it's hijacking routers to do it. <span class="h-card" translate="no"><a href="https://infosec.exchange/@FortiGuardLabs" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>FortiGuardLabs</span></a></span> latest research dives into Rustobot, a stealthy, modular botnet that’s fast, evasive, and ready to wreak havoc.</p><p>🔍 Learn how it works, what makes it different, and how to protect your network:<br>👉 <a href="https://www.fortinet.com/blog/threat-research/new-rust-botnet-rustobot-is-routed-via-routers" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">fortinet.com/blog/threat-resea</span><span class="invisible">rch/new-rust-botnet-rustobot-is-routed-via-routers</span></a></p><p><strong>IOCs</strong></p><p><strong>URLs</strong></p><p>hxxp://66[.]63[.]187[.]69/w.sh<br>hxxp://66[.]63[.]187[.]69/wget.sh<br>hxxp://66[.]63[.]187[.]69/t<br>hxxp://66[.]63[.]187[.]69/tftp.sh<br>hxxp://66[.]63[.]187[.]69/arm5<br>hxxp://66[.]63[.]187[.]69/arm6<br>hxxp://66[.]63[.]187[.]69/arm7<br>hxxp://66[.]63[.]187[.]69/mips<br>hxxp://66[.]63[.]187[.]69/mpsl<br>hxxp://66[.]63[.]187[.]69/x86</p><p><strong>Hosts</strong></p><p>dvrhelper[.]anondns[.]net<br>techsupport[.]anondns[.]net<br>rustbot[.]anondns[.]net<br>miraisucks[.]anondns[.]net<br>5[.]255[.]125[.]150</p><p><a href="https://infosec.exchange/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://infosec.exchange/tags/Botnet" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Botnet</span></a> <a href="https://infosec.exchange/tags/RustLang" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>RustLang</span></a> <a href="https://infosec.exchange/tags/Fortinet" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Fortinet</span></a> <a href="https://infosec.exchange/tags/ThreatIntel" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ThreatIntel</span></a> <a href="https://infosec.exchange/tags/IoTSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>IoTSecurity</span></a> <a href="https://infosec.exchange/tags/NetworkSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>NetworkSecurity</span></a></p>
:mastodon: decio<p>[related]<br>"Backdoor symlink sur des VPN SSL Fortinet"<br>⬇️ <br>"A l’heure où nous rédigeons ces quelques lignes (ndr 21.04.2025) , le scan ONYPHE est en cours. Nous mettrons à jour cet article avec le nombre final, voici ce que nous pouvons déjà communiquer :</p><ul><li>Plus de 18,000 équipements compromis"</li></ul><p>💡 "Si vous êtes une organisation, à but lucratif ou non, concurrente ou non de ONYPHE, vous pouvez nous contacter via notre adresse email contact at onyphe.io. Si nous pensons que vous œuvrez dans le sens de la protection contre la cyber criminalité, nous vous communiquerons les détails de détection à distance."<br>👇 <br><a href="https://blog.onyphe.io/backdoor-symlink-sur-des-vpn-ssl-fortinet/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">blog.onyphe.io/backdoor-symlin</span><span class="invisible">k-sur-des-vpn-ssl-fortinet/</span></a></p><p><a href="https://infosec.exchange/tags/CyberVeille" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberVeille</span></a> <a href="https://infosec.exchange/tags/fortinet" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>fortinet</span></a></p>
The New Oil<p>Over 16,000 <a href="https://mastodon.thenewoil.org/tags/Fortinet" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Fortinet</span></a> devices compromised with <a href="https://mastodon.thenewoil.org/tags/symlink" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>symlink</span></a> backdoor</p><p><a href="https://www.bleepingcomputer.com/news/security/over-16-000-fortinet-devices-compromised-with-symlink-backdoor/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/secu</span><span class="invisible">rity/over-16-000-fortinet-devices-compromised-with-symlink-backdoor/</span></a></p><p><a href="https://mastodon.thenewoil.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a></p>
:mastodon: decio<p>Si tu gères un firewall <a href="https://infosec.exchange/tags/Fortigate" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Fortigate</span></a> (ou tu connais quelqu’un qui en administre un) avec SSL-VPN activé, prends 2 min pour vérifier s’il est compromis.</p><p>Depuis les attaques massives de 2024, des cybercriminels laissent des liens symboliques planqués dans les fichiers de langue. Résultat : même après patch, ils gardent accès au système.</p><p>👉 Plus de 16 000 appareils compromis dans le monde, dont <strong>208 en Suisse</strong> (source : Shadowserver).</p><p>Fortinet a publié un correctif + une signature AV/IPS pour nettoyer, mais faut mettre à jour.<br>👇 <br><a href="https://www.fortinet.com/blog/psirt-blogs/analysis-of-threat-actor-activity" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">fortinet.com/blog/psirt-blogs/</span><span class="invisible">analysis-of-threat-actor-activity</span></a><br>⬇️ [dans les news] <br><a href="https://www.bleepingcomputer.com/news/security/over-16-000-fortinet-devices-compromised-with-symlink-backdoor/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/secu</span><span class="invisible">rity/over-16-000-fortinet-devices-compromised-with-symlink-backdoor/</span></a></p><p>📊<br>⬇️ <a href="https://dashboard.shadowserver.org/statistics/combined/tree/?day=2025-04-11&amp;source=compromised_website&amp;source=compromised_website6&amp;tag=fortinet-compromised%2B&amp;geo=all&amp;data_set=count&amp;scale=log" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">dashboard.shadowserver.org/sta</span><span class="invisible">tistics/combined/tree/?day=2025-04-11&amp;source=compromised_website&amp;source=compromised_website6&amp;tag=fortinet-compromised%2B&amp;geo=all&amp;data_set=count&amp;scale=log</span></a></p><p>💡 Et pour rappel : si vous administrez pour une entreprise, institution ou toute entité titulaire d’un AS ou de plages IP définies, vous pouvez recevoir des alertes directes de la fondation <span class="h-card" translate="no"><a href="https://infosec.exchange/@shadowserver" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>shadowserver</span></a></span> si un de vos équipements en frontière est détecté comme compromis.<br>⬇️ <br>Inscription ici : <a href="https://www.shadowserver.org/what-we-do/network-reporting/get-reports/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">shadowserver.org/what-we-do/ne</span><span class="invisible">twork-reporting/get-reports/</span></a></p><p><a href="https://infosec.exchange/tags/CyberVeille" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberVeille</span></a> <a href="https://infosec.exchange/tags/Suisse" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Suisse</span></a> <a href="https://infosec.exchange/tags/fortinet" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>fortinet</span></a> <a href="https://infosec.exchange/tags/vulnerable" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>vulnerable</span></a></p>
AI6YR Ben<p>LOL Fortinet</p><p>BleepingComputer: Over 16,000 Fortinet devices compromised with symlink backdoor</p><p><a href="https://www.bleepingcomputer.com/news/security/over-16-000-fortinet-devices-compromised-with-symlink-backdoor/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/secu</span><span class="invisible">rity/over-16-000-fortinet-devices-compromised-with-symlink-backdoor/</span></a></p><p><a href="https://m.ai6yr.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://m.ai6yr.org/tags/fortinet" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>fortinet</span></a></p>
Hackread.com<p>Hackers exploit Fortinet flaws to plant stealth backdoors on FortiGate devices, maintaining access even after patches. </p><p>Read: <a href="https://hackread.com/fortinet-fixe-attackers-bypass-patches-maintain-access/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">hackread.com/fortinet-fixe-att</span><span class="invisible">ackers-bypass-patches-maintain-access/</span></a></p><p><a href="https://mstdn.social/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://mstdn.social/tags/Vulnerability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Vulnerability</span></a> <a href="https://mstdn.social/tags/FortiGate" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FortiGate</span></a> <a href="https://mstdn.social/tags/Fortinet" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Fortinet</span></a> <a href="https://mstdn.social/tags/Backdoor" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Backdoor</span></a></p>
The New Oil<p><a href="https://mastodon.thenewoil.org/tags/Fortinet" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Fortinet</span></a>: Hackers retain access to patched <a href="https://mastodon.thenewoil.org/tags/FortiGate" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FortiGate</span></a> VPNs using symlinks</p><p><a href="https://www.bleepingcomputer.com/news/security/fortinet-hackers-retain-access-to-patched-fortigate-vpns-using-symlinks/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/secu</span><span class="invisible">rity/fortinet-hackers-retain-access-to-patched-fortigate-vpns-using-symlinks/</span></a></p><p><a href="https://mastodon.thenewoil.org/tags/VPN" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>VPN</span></a> <a href="https://mastodon.thenewoil.org/tags/symlink" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>symlink</span></a> <a href="https://mastodon.thenewoil.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a></p>
securityaffairs<p><a href="https://infosec.exchange/tags/Symbolic" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Symbolic</span></a> <a href="https://infosec.exchange/tags/Link" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Link</span></a> trick lets attackers bypass <a href="https://infosec.exchange/tags/FortiGate" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FortiGate</span></a> patches, <a href="https://infosec.exchange/tags/Fortinet" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Fortinet</span></a> warns<br><a href="https://securityaffairs.com/176473/hacking/symbolic-link-trick-lets-attackers-bypass-fortigate-patches-fortinet-warns.html" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">securityaffairs.com/176473/hac</span><span class="invisible">king/symbolic-link-trick-lets-attackers-bypass-fortigate-patches-fortinet-warns.html</span></a><br><a href="https://infosec.exchange/tags/securityaffairs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>securityaffairs</span></a> <a href="https://infosec.exchange/tags/hacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>hacking</span></a></p>
Impish4249<p><span class="h-card" translate="no"><a href="https://cyberplace.social/@GossiTheDog" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>GossiTheDog</span></a></span> </p><p>Rough time to have DOGE running around cutting staff in US Government in seemingly random ways...</p><p><a href="https://mastodon.social/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://mastodon.social/tags/VPN" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>VPN</span></a> <a href="https://mastodon.social/tags/firewall" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>firewall</span></a> <a href="https://mastodon.social/tags/FortinetFirewall" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FortinetFirewall</span></a> <a href="https://mastodon.social/tags/Fortinet" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Fortinet</span></a> <a href="https://mastodon.social/tags/threatactors" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>threatactors</span></a></p>
The New Oil<p>Critical <a href="https://mastodon.thenewoil.org/tags/FortiSwitch" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FortiSwitch</span></a> flaw lets hackers change admin passwords remotely</p><p><a href="https://www.bleepingcomputer.com/news/security/critical-fortiswitch-flaw-lets-hackers-change-admin-passwords-remotely/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">bleepingcomputer.com/news/secu</span><span class="invisible">rity/critical-fortiswitch-flaw-lets-hackers-change-admin-passwords-remotely/</span></a></p><p><a href="https://mastodon.thenewoil.org/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>cybersecurity</span></a> <a href="https://mastodon.thenewoil.org/tags/Fortinet" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Fortinet</span></a></p>
securityaffairs<p>Critical <a href="https://infosec.exchange/tags/Fortinet" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Fortinet</span></a> <a href="https://infosec.exchange/tags/FortiSwitch" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FortiSwitch</span></a> flaw allows remote attackers to change admin passwords<br><a href="https://securityaffairs.com/176380/security/fortinet-fortiswitch-flaw.html" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">securityaffairs.com/176380/sec</span><span class="invisible">urity/fortinet-fortiswitch-flaw.html</span></a><br><a href="https://infosec.exchange/tags/securityaffairs" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>securityaffairs</span></a> <a href="https://infosec.exchange/tags/hacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>hacking</span></a></p>
DFN-CERT<p>CERT.at investigates ransomware attacks via critical Fortinet vulnerabilities (FortiOS, FortiProxy) and recommends urgent forensic investigations of all devices that didn't have FortiOS 7.0.16 installed before 2025-01-27, when the PoC for CVE-2024-55591 was published. Those devices may be compromised despite having been patched later.</p><p>Check (German) warning by <span class="h-card" translate="no"><a href="https://ioc.exchange/@CERT_at" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@<span>CERT_at</span></a></span> <br><a href="https://www.cert.at/de/warnungen/2025/3/ransomware-gruppen-nutzen-weiterhin-kritische-fortinet-schwachstellen-warnung-vor-gepatchten-aber-bereits-kompromittierten-geraten" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">cert.at/de/warnungen/2025/3/ra</span><span class="invisible">nsomware-gruppen-nutzen-weiterhin-kritische-fortinet-schwachstellen-warnung-vor-gepatchten-aber-bereits-kompromittierten-geraten</span></a></p><p>Long story with Forescout:<br><a href="https://www.forescout.com/blog/new-ransomware-operator-exploits-fortinet-vulnerability-duo/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://www.</span><span class="ellipsis">forescout.com/blog/new-ransomw</span><span class="invisible">are-operator-exploits-fortinet-vulnerability-duo/</span></a></p><p><a href="https://infosec.exchange/tags/ransomware" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>ransomware</span></a> <a href="https://infosec.exchange/tags/fortinet" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>fortinet</span></a> <a href="https://infosec.exchange/tags/Mora_001" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Mora_001</span></a></p>
Hackread.com<p>🚨 A critical <a href="https://mstdn.social/tags/FortiOS" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>FortiOS</span></a> vulnerability (CVE-2024-40591) allows privilege escalation to super-admin level! Affected versions: 7.6.0, 7.4.x, 7.2.x, 7.0.x, and all 6.4. Update ASAP!</p><p>Read: <a href="https://hackread.com/fortios-vulnerability-super-admin-privilege-escalation/" rel="nofollow noopener noreferrer" translate="no" target="_blank"><span class="invisible">https://</span><span class="ellipsis">hackread.com/fortios-vulnerabi</span><span class="invisible">lity-super-admin-privilege-escalation/</span></a></p><p><a href="https://mstdn.social/tags/CyberSecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>CyberSecurity</span></a> <a href="https://mstdn.social/tags/Fortinet" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Fortinet</span></a> <a href="https://mstdn.social/tags/InfoSec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>InfoSec</span></a> <a href="https://mstdn.social/tags/Vulnerability" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#<span>Vulnerability</span></a></p>