Daniel Kuhl ✌🏻☮️☕️Feb 4

Bitte schnell die betroffenen Systeme aktualisieren und sich einen neuen Hersteller des Vertrauens suchen... z.B. #CheckPoint 🫳 🎤

https://www.security-insider.de/fortinet-forticloud-sso-sicherheitsluecke-update-hinweis-a-d9d9dfe68f01b9e30623b3074dacc635/

#Fortinet #FortiCloud #FortiOS #FortiManager #FortiWeb #FortiProxy #FortiAnalyzer #Sicherheitsluecke #EUVD_2026_4712 #CVE_2026_24858

Neue SSO-Schwachstelle in FortiCloud wird aktiv ausgenutzt

Eine kritische Sicherheitslücke, die erneut die SSO-Anmeldung von Fortinets FortiCloud betrifft, wird aktiv ausgenutzt. Angreifer sind dadurch in der Lage, sich auf anderen Geräten anzumelden. Fortinet-Kunden sollten ihre Systeme dringend aktualisieren, um langfristige Risiken zu minimieren.

Security-Insider
Teddy / Domingo (🇨🇵/🇬🇧)Jan 29
#Fortinet Confirms New #zeroday Behind Malicious SSO Logins. To stop the ongoing attacks, the #cybersecurity vendor took the drastic step of temporarily disabling #FortiCloud single sign-on (#SSO) authentication for all devices.
https://www.darkreading.com/vulnerabilities-threats/fortinet-new-zero-day-malicious-sso-logins
Show threadKevin Karhan Jan 29

@hagen_bauer ja, das mal ECHTES #SSO*!

#Sarasmus #Kommentar #Shitpost #FortiCloud

AllAboutSecurityJan 29

Fortinet schließt kritische Sicherheitslücke CVE-2026-24858 nach aktiver Ausnutzung

Eine neu entdeckte Schwachstelle in der FortiCloud-Infrastruktur hat Angreifern den Zugang zu Firewall-Systemen verschiedener Organisationen ermöglicht. Fortinet reagierte mit der vorübergehenden Abschaltung der Single-Sign-On-Funktionalität und veröffentlichte Handlungsempfehlungen für betroffene Nutzer.

https://www.all-about-security.de/fortinet-schliesst-kritische-sicherheitsluecke-cve-2026-24858-nach-aktiver-ausnutzung/

#cve #fortinet #update #FortiCloud

Fortinet schließt kritische Sicherheitslücke CVE-2026-24858 nach aktiver Ausnutzung

Authentifizierungslücke in FortiOS ermöglicht unbefugten Zugriff auf Firewalls. CISA nimmt CVE-2026-24858 in KEV-Katalog auf.

All About Security Das Online-Magazin zu Cybersecurity (Cybersicherheit). Ransomware, Phishing, IT-Sicherheit, Netzwerksicherheit, KI, Threats, DDoS, Identity & Access, Plattformsicherheit
Tim (Wadhwa-)Brown Jan 28

Outlook cloudy with Fortinet as SSO-yikes rains down:

https://fortiguard.fortinet.com/psirt/FG-IR-26-060

#threatintel, #forticloud

PSIRT | FortiGuard Labs

None

FortiGuard Labs
The New OilJan 28

#Fortinet blocks exploited #FortiCloud #SSO zero day until patch is ready

https://www.bleepingcomputer.com/news/security/fortinet-blocks-exploited-forticloud-sso-zero-day-until-patch-is-ready/

#cybersecurity

Fortinet blocks exploited FortiCloud SSO zero day until patch is ready

Fortinet has confirmed a new, actively exploited critical FortiCloud single sign-on (SSO) authentication bypass vulnerability, tracked as CVE-2026-24858, and says it has mitigated the zero-day attacks by blocking FortiCloud SSO connections from devices running vulnerable firmware versions.

BleepingComputer
The New OilJan 26

#Fortinet confirms critical #FortiCloud auth bypass not fully patched

https://www.bleepingcomputer.com/news/security/fortinet-confirms-critical-forticloud-auth-bypass-not-fully-patched/

#cybersecurity

Fortinet confirms critical FortiCloud auth bypass not fully patched

Days after admins began reporting that their fully patched firewalls are being hacked, Fortinet confirmed it's working to fully address a critical FortiCloud SSO authentication bypass vulnerability that should have already been patched since early December.

BleepingComputer
Xavier «X» Santolaria  Jan 24

🔥 Latest issue of my curated #cybersecurity and #infosec list of resources for week #04/2026 is out!

→ It includes the following and much more:

🎣 📩 LastPass warns of a #phishing campaign pretending to be #LastPass;

🇺🇸 🎽 Under Armour investing #breach;

🇯🇴 📲 Jordanian authorities used #Cellebrite phone-cracking tools to extract data from activists’ phones without consent;

🇮🇪 👀 #Ireland plans a new law to let police use #spyware;

💬 🔐 @moxie launched #Confer, a #ChatGPT-like service built to protect user #privacy;

💥 Attackers exploiting critical Fortinet #FortiCloud flaw;

🇷🇺 🇵🇱 Russian government hackers likely tried to knock out parts of Poland’s power grid;

--

👉 NEVER MISS my curations and updates on information security and cybersecurity news and challenges 📨 Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end ⬇️

https://infosec-mashup.santolaria.net/p/infosec-mashup-04-2026

🕵🏻‍♂️ [InfoSec MASHUP] 04/2026

LastPass warns of a phishing campaign pretending to be LastPass; Under Armour investing breach; Jordanian authorities used Cellebrite phone-cracking tools to extract data from activists’ phones without consent; Ireland plans a new law to let police use spyware; Moxie Marlinspike launched Confer, a ChatGPT-like service built to protect user privacy; Attackers exploiting critical Fortinet FortiCloud flaw; Russian government hackers likely tried to knock out parts of Poland’s power grid;

X’s InfoSec Newsletter
securityaffairsJan 23
#Fortinet warns of active #FortiCloud SSO bypass affecting updated devices
https://securityaffairs.com/187250/security/fortinet-warns-of-active-forticloud-sso-bypass-affecting-updated-devices.html
#securityaffairs #hacking
Fortinet warns of active FortiCloud SSO bypass affecting updated devices

Fortinet confirmed attacks are bypassing FortiCloud SSO authentication, affecting even fully patched devices, similar to recent SSO flaws.

Security Affairs