Fortigate
CyberStrikeAI tool adopted by hackers for AI-powered attacks
Researchers warn that a newly identified open-source AI security testing platform called CyberStrikeAI was used by the same threat actor behind a recent campaign that breached hundreds of Fortinet FortiGate firewalls. Last month, GeekFeed reported on an AI-assisted hacking operation that compromised more than 500 FortiGate devices in five weeks. The threat actor behind this campaign used […]
Amazon: AI-assisted hacker breached 600 Fortinet firewalls in 5 weeks
Amazon is warning that a Russian-speaking hacker used multiple generative AI services as part of a campaign that breached more than 600 FortiGate firewalls across 55 countries in five weeks. A new report by CJ Moses, CISO of Amazon Integrated Security, says that the hacking campaign occurred between January 11 and February 18, 2026, and did not rely […]
Hackers breach Fortinet FortiGate devices, steal firewall configs
Fortinet FortiGate devices are being targeted in automated attacks that create rogue accounts and steal firewall configuration data, according to cybersecurity company Arctic Wolf. The campaign started last week, on January 15, with the attackers exploiting an unknown vulnerability in the devices’ single sign-on (SSO) feature to create accounts with VPN access and exporting firewall configurations […]
Fortinet admins report patched FortiGate firewalls getting hacked
Fortinet customers are seeing attackers exploiting a patch bypass for a previously fixed critical FortiGate authentication vulnerability (CVE-2025-59718) to hack patched firewalls. Until Fortinet provides a fully patched FortiOS release, admins are advised to temporarily disable the vulnerable FortiCloud login feature (if enabled) to secure their systems against attacks. To disable FortiCloud login, you have […]
Over 10K Fortinet firewalls exposed to actively exploited 2FA bypass
Over 10,000 Fortinet firewalls are still exposed online and vulnerable to ongoing attacks exploiting a five-year-old critical two-factor authentication (2FA) bypass vulnerability. Fortinet released FortiOS versions 6.4.1, 6.2.4, and 6.0.10 in July 2020 to address this flaw (tracked as CVE-2020-12812) and advised admins who couldn’t immediately patch to turn off username-case-sensitivity to block 2FA bypass attempts […]
Fortinet warns of 5-year-old FortiOS 2FA bypass still exploited in attacks
Fortinet has warned customers that threat actors are still actively exploiting a critical FortiOS vulnerability that allows them to bypass two-factor authentication (2FA) when targeting vulnerable FortiGate firewalls. Tracked as CVE-2020-12812, this improper authentication security flaw was found in FortiGate SSL VPN and enables attackers to log in to unpatched firewalls without being prompted for the […]
Critical Fortinet flaws now exploited in Qilin ransomware attacks
The Qilin ransomware operation has recently joined attacks exploiting two Fortinet vulnerabilities that allow bypassing authentication on vulnerable devices and executing malicious code remotely. Qilin (also tracked as Phantom Mantis) surfaced in August 2022 as a Ransomware-as-a-Service (RaaS) operation under the “Agenda” name and has since claimed responsibility for over 310 victims on its dark […]
Over 16,000 Fortinet devices compromised with symlink backdoor
Over 16,000 internet-exposed Fortinet devices have been detected as compromised with a new symlink backdoor that allows read-only access to sensitive files on previously compromised devices. This exposure is being reported by threat monitoring platform The Shadowserver Foundation, which initially reported 14,000 devices were exposed. Today, Shadowserver’s Piotr Kijewski told GeekFeed that the cybersecurity organization […]
Fortinet: Hackers retain access to patched FortiGate VPNs using symlinks
Fortinet warns that threat actors use a post-exploitation technique that helps them maintain read-only access to previously compromised FortiGate VPN devices even after the original attack vector was patched. Earlier this week, Fortinet began sending emails to customers warning that their FortiGate/FortiOS devices were compromised based on telemetry received from FortiGuard devices. These emails were […]
Hackers leak configs and VPN credentials for 15,000 FortiGate devices
A new hacking group has leaked the configuration files, IP addresses, and VPN credentials for over 15,000 FortiGate devices for free on the dark web, exposing a great deal of sensitive technical information to other cybercriminals. The data was leaked by the “Belsen Group,” a new hacking group first appearing on social media and cybercrime […]