Fortinet a corrigé 8 failles de sécurité : découvrez les patchs de février 2026 https://www.it-connect.fr/fortinet-a-corrige-8-failles-de-securite-decouvrez-les-patchs-de-fevrier-2026/ #ActuCybersécurité #Vulnérabilités #Cybersécurité #Fortinet
#FortiNet
Fortinet released HIGH-severity patches for flaws enabling unauthenticated command execution & auth bypass on network devices. No known active exploits, but urgent patching is advised. Monitor & restrict access. https://radar.offseq.com/threat/fortinet-patches-high-severity-vulnerabilities-07bf4c77 #OffSeq #Fortinet #Vuln #BlueTeam
Why
do we still
have SQL injection vulnerabilities?
I mean, comeon man.
https://thehackernews.com/2026/02/fortinet-patches-critical-sqli-flaw.html
Fortinet’s CVE-2026-21643 highlights a persistent issue: management and control-plane components remain prime attack surfaces.
SQL injection leading to unauthenticated code execution reinforces the need for rapid patch cycles, continuous monitoring, and segmentation of security tooling.
Source: https://thehackernews.com/2026/02/fortinet-patches-critical-sqli-flaw.html
💬 How are you reducing blast radius for management infrastructure?
🔔 Follow @technadu for threat-focused security coverage
#Infosec #Fortinet #VulnerabilityResearch #SQLInjection #ZeroTrust #CyberDefense #TechNadu
https://www.fortiguard.com/psirt/FG-IR-25-934
FortiGate SSLVPN vuln CVE-2025-68686
(Not) rated highly yet. However, I would promptly patch it (and quickly move away from SSL VPN, regardless of the vendor; instead use IKEv2 EAP-TLS or WireGuard). I think this one might rapidly elevate to a RCE
Fortinet fecha 2025 com receitas recorde e aposta forte no Unified SASE
🔗 https://tugatech.com.pt/t78148-fortinet-fecha-2025-com-receitas-recorde-e-aposta-forte-no-unified-sase
L’offerta di Elmat si allarga a Fortinet e X-Fusion: Elmat, distributore a valore aggiunto in ambito sicurezza e telecomunicazioni, amplia la sua offerta con due nuovi brand: Fortinet (sicurezza informatica e networking)...
#Elmat #Fortinet #X-Fusion http://dlvr.it/TQsWPV
Critical #Fortinet #FortiClientEMS flaw allows remote code execution
https://securityaffairs.com/187787/security/critical-fortinet-forticlientems-flaw-allows-remote-code-execution.html
#securityaffairs #hacking
ahhh… la bonne vuln critique du vendredi qui sent le café ☕️
🕵️♂️ CVE-2026-21643
D’après la fiche : SQL Injection (improper neutralization of special elements used in an SQL command) dans Fortinet FortiClientEMS 7.4.4
➡️ pourrait permettre à un attaquant non authentifié d’exécuter du code/commandes via des requêtes HTTP spécialement forgées.
RCE “unauth” sur un produit exposé, quelle surprise… 🙃
il me manque un traversal path dans l'histoire pour être définitivement comblé
may or may not, qui sait…
attendons l’advisory officiel avant de sortir les fourches (ou les patchs).
👇
https://cve.circl.lu/vuln/CVE-2026-21643 👀
Fortinet FortiOS through 7.6.6 allows attackers to decrypt LDAP credentials stored in device configuration files, as exploited in the wild from 2025-12-16 through 2026.
CVE-2026-25815
"customers "are supposed to enable" a non-default option that eliminates the weakness. " -> disputed
Cybersecurity e carenza di competenze: perche’ l’AI sta diventando un alleato strategico per la difesa digitale: Il settore della cybersecurity si trova oggi ad affrontare un paradosso sempre piu’ evidente: le minacce informatiche crescono per numero e sofisticazione, mentre il...
#cybersecurity #Fortinet #intelligenzaartificiale #AI #datasecurity http://dlvr.it/TQmKgB
WOW, what an sophisticated Attack.
https://cert.pl/uploads/docs/CERT_Polska_Energy_Sector_Incident_Report_2025.pdf
Bitte schnell die betroffenen Systeme aktualisieren und sich einen neuen Hersteller des Vertrauens suchen... z.B. #CheckPoint 🫳 🎤
#Fortinet #FortiCloud #FortiOS #FortiManager #FortiWeb #FortiProxy #FortiAnalyzer #Sicherheitsluecke #EUVD_2026_4712 #CVE_2026_24858
Cyber Policy Outlook 2026: cosa cambia per CISO e General Counsel: Il 2026 segnera’ un passaggio decisivo per la cybersecurity e la governance digitale. In Europa, nel Regno Unito e in Medio Oriente, i principali quadri normativi approvati...
#Cybersecurity #governancedigitale #Fortinet #AlessandroLiotta #CISO http://dlvr.it/TQlD8L
It's been a busy 24 hours in the cyber world with critical zero-day and n-day vulnerabilities under active exploitation, new threat actor tradecraft, a significant cyberattack on critical infrastructure, and important discussions around data privacy and AI's impact on security. Let's dive in:
Poland's Power Grid Hit by Coordinated Cyberattack ⚡
- A coordinated cyberattack in late December compromised control and communications systems at approximately 30 facilities linked to Poland's distributed energy generation.
- While the attack, attributed to Russia's Sandworm group, didn't cause power outages, it disabled key equipment beyond repair and prevented remote monitoring/control of systems.
- This incident highlights the growing targeting of distributed energy systems, which often have less cybersecurity investment than centralised infrastructure, by sophisticated adversaries.
🗞️ The Record | https://therecord.media/poland-electrical-grid-cyberattack-30-facilities-affected
Mustang Panda Updates CoolClient Backdoor with Infostealers 🐼
- Chinese espionage group Mustang Panda has updated its CoolClient backdoor, now capable of stealing browser login data and monitoring clipboards.
- The new variant, observed targeting government entities in Myanmar, Mongolia, Malaysia, Russia, and Pakistan, was deployed via legitimate Sangfor software, a shift from previous DLL side-loading tactics.
- It features enhanced core functions, a new clipboard monitoring module, active window title tracking, HTTP proxy credential sniffing, and deploys infostealers using hardcoded API tokens for services like Google Drive to evade detection.
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/chinese-mustang-panda-hackers-deploy-infostealers-via-coolclient-backdoor/
Fake Python Spellcheckers Deliver RATs on PyPI 🐍
- Two malicious packages, "spellcheckerpy" and "spellcheckpy," were found on PyPI, masquerading as legitimate spellcheckers but delivering a full-featured Python Remote Access Trojan (RAT).
- The payload was cleverly hidden within a Basque language dictionary file, base64-encoded, and triggered upon importing the "SpellChecker" module in versions 1.2.0 and later.
- The RAT downloads from a domain linked to Cloudzy, a hosting provider with a history of serving nation-state groups, and is suspected to be from the same actor behind a similar "spellcheckers" campaign in November 2025.
📰 The Hacker News | https://thehackernews.com/2026/01/fake-python-spellchecker-packages-on-pypi-delivered-hidden-remote-access-trojan.html
'Bizarre Bazaar' Operation Hijacks Exposed LLM Endpoints 🤖
- A new cybercrime campaign, dubbed 'Bizarre Bazaar', is actively targeting exposed Large Language Model (LLM) service endpoints to commercialise unauthorised access to AI infrastructure.
- Attackers exploit misconfigurations like unauthenticated Ollama endpoints (port 11434) and OpenAI-compatible APIs (port 8000) within hours of them appearing on Shodan/Censys.
- This operation involves a criminal supply chain for resource theft (crypto mining), reselling API access on darknet markets, data exfiltration from prompts, and lateral movement into internal systems via Model Context Protocol (MCP) servers.
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/hackers-hijack-exposed-llm-endpoints-in-bizarre-bazaar-operation/
Fortinet FortiCloud SSO Zero-Day Under Active Exploitation (CVE-2026-24858) ⚠️
- Fortinet has confirmed a new, actively exploited critical FortiCloud SSO authentication bypass vulnerability (CVE-2026-24858, CVSS 9.4) affecting FortiOS, FortiManager, and FortiAnalyzer.
- Attackers are using FortiCloud accounts and registered devices to log into other customers' devices via FortiCloud SSO, creating rogue admin accounts (e.g., cloud-init@mail.io) and exfiltrating configurations.
- Fortinet has implemented server-side mitigations by blocking SSO connections from vulnerable firmware versions, and patches are currently in development. Admins should still consider disabling FortiCloud SSO if not strictly necessary and review logs for compromise indicators.
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/fortinet-blocks-exploited-forticloud-sso-zero-day-until-patch-is-ready/
📰 The Hacker News | https://thehackernews.com/2026/01/fortinet-patches-cve-2026-24858-after.html
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/01/28/fortinet_forticloud_vuln/
WinRAR Path Traversal Flaw (CVE-2025-8088) Widely Exploited 🎯
- A six-month-old, high-severity WinRAR path traversal vulnerability (CVE-2025-8088, CVSS 8.8) is under widespread active exploitation by both nation-state actors (Russia, China) and financially motivated cybercriminals.
- The exploit method involves crafting malicious RAR archives that, when opened, silently drop a malicious payload into critical system locations like the Windows Startup folder, often using decoy files and Alternate Data Streams (ADS).
- Google Threat Intelligence Group (GTIG) reports that Russian groups like RomCom, Sandworm, Gamaredon, and Turla are targeting Ukrainian military and government entities, while cybercriminals deploy commodity RATs and infostealers globally. Patching WinRAR to version 7.13 or later is crucial.
🤫 CyberScoop | https://cyberscoop.com/winrar-defect-active-exploits-google-threat-intel/
📰 The Hacker News | https://thehackernews.com/2026/01/google-warns-of-active-exploitation-of.html
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/01/28/winrar_bug_under_attack/
Critical RCE and Sandbox Escape Flaws in Node.js vm2 and n8n 💻
- A critical sandbox escape vulnerability (CVE-2026-22709, CVSS 9.8) in the Node.js vm2 library allows attackers to run arbitrary code outside the sandboxed environment due to improper Promise handler sanitisation. Update to vm2 version 3.10.3 immediately.
- The n8n workflow automation platform is also affected by two critical vulnerabilities: CVE-2026-1470 (JavaScript AST sandbox escape) and CVE-2026-0863 (Python AST sandbox escape), both leading to full RCE on the main n8n node, even for authenticated non-admin users.
- These flaws highlight the inherent difficulty in safely sandboxing dynamic languages like JavaScript and Python; self-hosted n8n instances should update to versions 1.123.17, 2.4.5, 2.5.1 (for CVE-2026-1470) and 1.123.14, 2.3.5, 2.4.2 (for CVE-2026-0863) respectively.
📰 The Hacker News | https://thehackernews.com/2026/01/critical-vm2-nodejs-flaw-allows-sandbox-escape-and-arbitrary-code-execution.html
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/new-sandbox-escape-flaw-exposes-n8n-instances-to-rce-attacks/
SolarWinds Web Help Desk Plagued by Critical RCE and Auth Bypass Flaws 🛠️
- SolarWinds has released patches for multiple critical vulnerabilities in its Web Help Desk (WHD) software, including authentication bypass flaws (CVE-2025-40552, CVE-2025-40554) and remote code execution (RCE) bugs (CVE-2025-40553, CVE-2025-40551).
- These RCE flaws, stemming from untrusted data deserialisation, can be exploited by unauthenticated attackers to run commands on vulnerable hosts, while authentication bypasses allow remote unauthenticated access.
- Given WHD's widespread use in critical sectors and a history of its vulnerabilities being actively exploited, admins should upgrade to Web Help Desk 2026.1 without delay.
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/solarwinds-warns-of-critical-web-help-desk-rce-auth-bypass-flaws/
AI's Impact on Zero-Trust and Data Accuracy 🤖
- Gartner predicts that by 2028, 50% of organisations will adopt a zero-trust data governance posture due to the rise of "unverified AI-generated data," leading to "model collapse" where LLMs degrade by training on their own erroneous outputs.
- This degradation can lead to confident-yet-plausible errors in critical tasks like code reviews and security triaging, eroding guardrails and creating prompt injection opportunities.
- To combat this, organisations need to identify and tag AI-generated data, establish active metadata practices, and filter out synthetic or toxic data from training inputs, treating human-generated data as the "gold standard."
🌑 Dark Reading | https://www.darkreading.com/application-security/ai-death-accuracy-zero-trust
Latin America Becomes Riskiest Region for Cyberattacks 📈
- Latin America and the Caribbean now lead globally in cyberattack frequency, experiencing an average of 3,065 attacks per week last year, a 26% year-over-year increase.
- Attacks are driven by a shift towards data-leak extortion, credential-stealing campaigns, exploitation of edge devices, and increased use of AI by attackers, with ransomware activity expected to accelerate further.
- The region's rapid digitalisation, valuable yet vulnerable industries, and increased interest from major cyber powers (including China-linked espionage) contribute to its elevated risk profile, urging improved ransomware resilience and GenAI governance.
🌑 Dark Reading | https://www.darkreading.com/cyber-risk/surging-cyberattacks-latin-america-riskiest-region
Moltbot AI Assistant Raises Data Security Concerns 🧠
- The viral open-source Moltbot (formerly Clawdbot) AI assistant, popular for local hosting and deep system integration, is raising significant data security concerns due to insecure enterprise deployments.
- Careless configurations, especially behind reverse proxies, often lead to exposed admin interfaces allowing unauthenticated access, credential theft, conversation history leaks, and even root-level command execution.
- Security researchers warn that info-stealing malware will likely adapt to target Moltbot's local storage, stressing the importance of isolating AI instances in virtual machines with strict firewall rules rather than running them directly on host OS with broad permissions.
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/viral-moltbot-ai-assistant-raises-concerns-over-data-security/
WhatsApp Rolls Out 'Strict Account Settings' for High-Risk Users 🔒
- Meta's WhatsApp is introducing "Strict Account Settings," a new one-click lockdown mode designed to provide extreme safeguards for high-risk individuals like journalists and public figures against sophisticated cyberattacks, including spyware.
- This feature, found under Settings > Privacy > Advanced, automatically enables two-step verification, blocks media from unknown senders, silences calls from unknown numbers, turns off link previews, and restricts access to profile information.
- The move comes as WhatsApp also transitions to the Rust programming language for media processing to boost security, following past incidents of zero-day exploits and spyware attacks targeting its users.
🕵🏼 The Register | https://go.theregister.com/feed/www.theregister.com/2026/01/27/whatsapp_strict_account_settings_meta_rust/
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/whatsapp-gets-new-lockdown-feature-that-blocks-cyberattacks/
FBI Seizes RAMP Cybercrime Forum 🚨
- The FBI has seized the RAMP cybercrime forum, a notorious platform known for openly allowing the promotion of ransomware operations and advertising various malware and hacking services.
- Both the forum's Tor site and clearnet domain (ramp4u.io) now display an FBI seizure notice, indicating law enforcement has likely gained access to significant user data, including emails, IP addresses, and private messages.
- RAMP was launched in July 2021 by "Orange" (later identified as Mikhail Matveev, indicted by the U.S. DOJ for ransomware involvement) after other major Russian-speaking forums banned ransomware promotion, becoming a hub for gangs to recruit affiliates and sell network access.
🤖 Bleeping Computer | https://www.bleepingcomputer.com/news/security/fbi-seizes-ramp-cybercrime-forum-used-by-ransomware-gangs/
#CyberSecurity #ThreatIntelligence #Vulnerabilities #ZeroDay #RCE #ActiveExploitation #WinRAR #Fortinet #NodeJS #SolarWinds #ThreatActors #MustangPanda #Malware #RAT #LLMjacking #AI #DataPrivacy #Regulatory #Darknet #Cybercrime #IncidentResponse
Who feels like too much of the Cyber operating model is luck?
#Fortinet Confirms New #zeroday Behind Malicious SSO Logins. To stop the ongoing attacks, the #cybersecurity vendor took the drastic step of temporarily disabling #FortiCloud single sign-on (#SSO) authentication for all devices.
https://www.darkreading.com/vulnerabilities-threats/fortinet-new-zero-day-malicious-sso-logins
Fortinet schließt kritische Sicherheitslücke CVE-2026-24858 nach aktiver Ausnutzung
Eine neu entdeckte Schwachstelle in der FortiCloud-Infrastruktur hat Angreifern den Zugang zu Firewall-Systemen verschiedener Organisationen ermöglicht. Fortinet reagierte mit der vorübergehenden Abschaltung der Single-Sign-On-Funktionalität und veröffentlichte Handlungsempfehlungen für betroffene Nutzer.
#Fortinet Releases Guidance to Address Ongoing Exploitation of Authentication Bypass Vulnerability CVE-2026-24858
Client Info
Server: https://mastodon.social
Version: 2025.07
Repository: https://github.com/cyevgeniy/lmst