Threat Post

FortiGate VPN Default Config Allows MitM Attacks

The client’s default configuration for SSL-VPN has a certificate issue, researchers said. Default configurations of Fortinet’s FortiGate VPN appliance could open organizations to man-in-the-middle ...
The Hacker News

Fortinet Warns of Active Exploitation of FortiOS SSL VPN 2FA Bypass Vulnerability

Fortinet reports active attacks exploiting CVE-2020-12812, a FortiOS SSL VPN flaw that can bypass two-factor authentication ...
SecurityWeek

In-the-Wild Exploitation of Fresh Fortinet Flaws Begins

Threat actors are exploiting two recent critical Fortinet vulnerabilities to bypass SSO login authentication on FortiGate ...
Dark Reading

15K Fortinet Device Configs Leaked to the Dark Web

Dated configuration data and virtual private network (VPN) credentials for 15,474 Fortinet devices have been posted for free to the Dark Web. On Jan. 14, Fortinet disclosed a severe authentication ...

Fortinet products hit by further security flaws - giving hackers access to systems and more

Two new critical vulnerabilities have been discovered in Fortinet products, and since they are being actively abused in the ...
heise online

Unknown group releases Fortinet config files and VPN passwords to the darknet

Complete config files and VPN passwords in plain text for Fortinet devices have been released by a new group. heise security takes a look at the data set. Usually, you'll get only small gifts in ...

Hackers exploit newly patched Fortinet auth bypass flaws

Hackers are exploiting critical-severity vulnerabilities affecting multiple Fortinet products to get unauthorized access to ...
Bleeping Computer

Mandiant says new Fortinet flaw has been exploited since June

A new Fortinet FortiManager flaw dubbed "FortiJump" and tracked as CVE-2024-47575 has been exploited since June 2024 in zero-day attacks on over 50 servers, according to a new report by Mandiant. For ...