Ivanti, Fortinet, n8n, SAP, and VMware have released security fixes for various vulnerabilities that could be exploited by bad actors to bypass authentication and execute arbitrary code. Topping the list is a critical flaw impacting Ivanti Xtraction (CVE-2026-8043, CVSS score: 9.6) that could be exploited to achieve information disclosure or client-side attacks. “External control of…
Tag: Fortinet®
AI, Apps, Cybersecurity, Endpoint, Exploits, Global Security News
Fortinet fixes two critical RCE flaws in FortiAuthenticator and FortiSandbox
Fortinet released a batch of patches across its products on Patch Tuesday, including two critical vulnerabilities that can lead to remote code execution. Fortinet flaws, both zero-day and n-day, have been exploited in the wild many times in the past, so companies should deploy patches as soon as possible. “Fortinet vulnerabilities are often attractive to…
AI, Cybersecurity, Exploits, Global Security News
Critical Fortinet vulnerabilities fixed in FortiSandbox and FortiAuthenticator
Fortinet patched critical flaws in FortiSandbox and FortiAuthenticator that could let attackers remotely execute code on unpatched systems. Fortinet addressed two critical vulnerabilities affecting FortiSandbox and FortiAuthenticator. The flaws could allow attackers to execute arbitrary commands or code on unpatched systems. The first vulnerability, tracked as CVE-2026-44277, is an improper access control issue in FortiAuthenticator.…
Global Security News
Fortinet warns of critical RCE flaws in FortiSandbox and FortiAuthenticator
Fortinet has released security patches for two critical vulnerabilities in FortiSandbox and FortiAuthenticator that could enable attackers to run commands or arbitrary code. […]
AI, Cybersecurity, Global Security News, malware
New Mirai Variant Nexcorium Hijacks DVR Devices for DDoS Attacks
Cybersecurity researchers at Fortinet have discovered Nexcorium, a new Mirai-based malware targeting TBK DVR systems to turn them into bots for DDoS attacks.
Global Security News
April Patch Tuesday Fixes Critical Flaws Across SAP, Adobe, Microsoft, Fortinet, and More
A number of critical vulnerabilities impacting products from Adobe, Fortinet, Microsoft, and SAP have taken center stage in April’s Patch Tuesday releases. Topping the list is an SQL injection vulnerability impacting SAP Business Planning and Consolidation and SAP Business Warehouse (CVE-2026-27681, CVSS score: 9.9) that could result in the execution of arbitrary database
AI, Apps, Cybersecurity, Exploits, Global Security News, malware, Network Security, Risk Management
U.S. CISA adds Adobe, Fortinet, Microsoft Exchange Server, and Microsoft Windows flaws to its Known Exploited Vulnerabilities catalog
U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds Adobe, Fortinet, Microsoft Exchange Server, and Microsoft Windows flaws to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added Apple, Laravel Livewire and Craft CMS flaws to its Known Exploited Vulnerabilities (KEV) catalog. Below are the flaws added to the catalog: CVE-2026-34621 Adobe Acrobat…
Global Security News
Fortinet Releases Emergency Patch After FortiClient EMS Bug Is Exploited
Fortinet has updated its FortiClient EMS product after zero-day attacks surfaced
AI, Cybersecurity, Exploits, Global Security News, Network Security, Risk Management
U.S. CISA adds a flaw in Fortinet FortiClient EMS to its Known Exploited Vulnerabilities catalog
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a flaw in Fortinet FortiClient EMS to its Known Exploited Vulnerabilities catalog The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added a flaw in Fortinet FortiClient EMS, tracked as CVE-2026-35616 (CVSS score of 9.1), to its Known Exploited Vulnerabilities (KEV) catalog. This week, Fortinet released out-of-band patches for a…
AI, Cybersecurity, Endpoint, Exploits, Global Security News
Fortinet customers confront actively exploited zero-day, with a full patch still pending
Fortinet released an emergency software update over the weekend to address an actively exploited vulnerability in FortiClient EMS, an endpoint management tool for customer devices. The zero-day vulnerability — CVE-2026-35616 — has a CVSS rating of 9.8 and was added to the Cybersecurity and Infrastructure Security Agency’s known exploited vulnerability catalog Monday. Fortinet said in…
Exploits, Global Security News
Fortinet Issues Emergency Patch for FortiClient Zero-Day
The authentication bypass flaw, tracked as CVE-2026-35616, is the latest in a series of Fortinet vulnerabilities that have been exploited in the wild.
AI, Apps, Data Breaches, Endpoint, Exploits, Global Security News, Network Security, Risk Management
CVE-2026-35616: FortiClient EMS Flaw Under Active Exploitation
Fortinet disclosed a critical FortiClient EMS vulnerability that is already being exploited in the wild. The flaw could allow unauthenticated attackers to bypass API protections and execute unauthorized code or commands on exposed systems. “This is a zero-day. While there is no full patch, we have to give credit where credit is due: Fortinet has…
AI, Exploits, Global Security News, Risk Management
CVE-2026-35616: Fortinet fixes actively exploited high-severity flaw
Fortinet issued emergency patches for a critical FortiClient EMS flaw (CVE-2026-35616) actively exploited in the wild. Fortinet released out-of-band patches for a critical FortiClient EMS vulnerability, tracked as CVE-2026-35616 (CVSS 9.1), which is already being exploited in attacks in the wild. The flaw is an improper access control issue that allows attackers to bypass authentication…
Exploits, Global Security News
New FortiClient EMS flaw exploited in attacks, emergency patch released
Fortinet has released an emergency weekend security update for a new critical FortiClient Enterprise Management Server (EMS) vulnerability that is actively exploited in attacks. […]
AI, Exploits, Global Security News
Fortinet Patches Actively Exploited CVE-2026-35616 in FortiClient EMS
Fortinet has released out-of-band patches for a critical security flaw impacting FortiClient EMS that it said has been exploited in the wild. The vulnerability, tracked as CVE-2026-35616 (CVSS score: 9.1), has been described as a pre-authentication API access bypass leading to privilege escalation. “An improper access control vulnerability [CWE-284] in FortiClient EMS may allow an
AI, Endpoint, Exploits, Global Security News
FortiClient EMS zero-day exploited, emergency hotfixes available (CVE-2026-35616)
Defused Cyber has spotted a critical Fortinet FortiClient Endpoint Management Server (EMS) zero-day vulnerability (CVE-2026-35616) being exploited in the wild. This time around, the confirmation of active exploitation came almost immediately from Fortinet, as well. “Fortinet has observed [CVE-2026-35616] to be exploited in the wild and urges vulnerable customers to install the hotfix for FortiClient…
AI, Apps, Cybersecurity, Endpoint, Europe, Exploits, Global Security News, privacy, Risk Management, Russia
Fortinet hit by another exploited cybersecurity flaw
Yet another critical flaw in a Fortinet product has come to light as attackers continue to target the company, this time by actively exploiting a critical SQL injection vulnerability in the cybersecurity company’s management server. The vulnerability, (CVE-2026-21643), allows unauthenticated threat actors to execute arbitrary code on unpatched systems via specifically-crafted HTTP requests. These low-complexity…
Endpoint, Exploits, Global Security News
Critical Fortinet FortiClient EMS bug under active attack (CVE-2026-21643)
A critical SQL injection vulnerability (CVE-2026-21643) in Fortinet FortiClient Endpoint Management Server (EMS), a management server for FortiClient endpoint agents on various platforms, is under active exploitation. The warning comes from Defused Cyber, which helps organizations deploy honeypots/fake assets, and uses them as well to capture real attack attempts and exploits and provide early warning…
AI, Cybersecurity, Europe, Exploits, Global Security News, malware, Network Security
Critical Fortinet FortiClient EMS flaw exploited for Remote Code Execution
Attackers are exploiting a critical Fortinet FortiClient EMS flaw (CVE-2026-21643) that allows remote code execution via SQL injection. A critical Fortinet FortiClient EMS vulnerability, tracked as CVE-2026-21643 (CVSS score of 9.1), is now being actively exploited. Defused researchers warn that threat actors are exploiting the vulnerability in Fortinet’s FortiClient EMS platform. “Fortinet Forticlient EMS CVE-2026-21643…
AI, Endpoint, Exploits, Global Security News
Fortinet enhances SecOps with cloud SOC, AI automation, and managed services
Fortinet has announced major innovations across the Fortinet Security Operations (SecOps) Platform. The updates feature next-generation SecOps advancements, including expanded agentic AI capabilities, a preview of FortiSOC, managed services, and endpoint security enhancements delivered through FortiEndpoint. “As attackers weaponize AI to accelerate reconnaissance, exploit development, and social engineering, security operations must function with the same…
AI, Cybersecurity, Global Security News
Climb & Fortinet Execs on New US Partnership, 2026 Goals
Specialty distributor Climb and security vendor Fortinet announced their partnership in December 2025. The agreement brings Fortinet’s vast portfolio into the Climb vendor linecard and follows years-long demand globally for security solutions available through the channel. Channel Insider spoke with executives from both companies in early 2026 to learn more about how the two organizations…
AI, Global Security News, Network Security
INTERPOL Operation Red Card 2.0: Turning collaboration into real-world cybercrime disruption
How Fortinet and global partners helped translate threat intelligence into coordinated action against large-scale online fraud networks.
AI, Exploits, Global Security News, malware, Malware, Phishing, Security, Risk Management
Phishing campaign chains old Office flaw with fileless XWorm RAT to evade detection
Fortinet researchers have disclosed a new phishing campaign delivering the commercially available XWorm malware, chaining a years-old Microsoft Office vulnerability with fileless execution to escape detection. The campaign, which uses multi-themed phishing emails and a malicious Excel add-in, ultimately deploys the modular remote access trojan (RAT) capable of encrypted command-and control (C2) and plugin-based expansion.…
AI, Apps, Cybersecurity, Data Breaches, Exploits, Global Security News, Network Security, News, Risk Management, Threats
FortiOS Authentication Bypass Exposes VPN and SSO Deployments
Fortinet has disclosed an authentication bypass vulnerability in FortiOS. Under certain configurations, the flaw could allow attackers to bypass LDAP-based authentication controls and gain unauthorized access to protected enterprise networks. The vulnerability “… may allow an unauthenticated attacker to bypass LDAP authentication of Agentless VPN or FSSO policy, under specific LDAP server configuration,” said Fortinet…
AI, Apps, Cybersecurity, Data Breaches, Exploits, Global Security News, malware, Network Security, News, Risk Management, Threats
FortiSandbox XSS Vulnerability Allows Remote Command Execution
Fortinet has disclosed a vulnerability in its FortiSandbox platform that could allow unauthenticated attackers to execute arbitrary commands. The issue involves a cross-site scripting (XSS) flaw in the FortiSandbox web interface that may lead to elevated access if exploited. The vulnerability “… may allow an unauthenticated attacker to execute commands via crafted requests,” said Fortinet…
Global Security News
Fortinet Patches Critical SQLi Flaw Enabling Unauthenticated Code Execution
Fortinet has released security updates to address a critical flaw impacting FortiClientEMS that could lead to the execution of arbitrary code on susceptible systems. The vulnerability, tracked as CVE-2026-21643, has a CVSS rating of 9.1 out of a maximum of 10.0. “An improper neutralization of special elements used in an SQL Command (‘SQL Injection’) vulnerability…
AI, Breaking News, Exploits, FortiClientEMS, Fortinet, Global Security News, malware, Network Security, Security
Critical Fortinet FortiClientEMS flaw allows remote code execution
Fortinet warns of a critical FortiClientEMS vulnerability that lets remote attackers run malicious code without logging in. Fortinet issued an urgent advisory to address a critical FortiClientEMS vulnerability, tracked as CVE-2026-21643 (CVSS score of 9.1). The vulnerability is an improper neutralization of special elements used in an SQL Command (‘SQL Injection’) issue in FortiClientEMS. An…
AI, Breaking News, Exploits, FortiClientEMS, Fortinet, Global Security News, malware, Network Security, Security
Critical Fortinet FortiClientEMS flaw allows remote code execution
Fortinet warns of a critical FortiClientEMS vulnerability that lets remote attackers run malicious code without logging in. Fortinet issued an urgent advisory to address a critical FortiClientEMS vulnerability, tracked as CVE-2026-21643 (CVSS score of 9.1). The vulnerability is an improper neutralization of special elements used in an SQL Command (‘SQL Injection’) issue in FortiClientEMS. An…
AI, Breaking News, Exploits, FortiClientEMS, Fortinet, Global Security News, malware, Network Security, Security
Critical Fortinet FortiClientEMS flaw allows remote code execution
Fortinet warns of a critical FortiClientEMS vulnerability that lets remote attackers run malicious code without logging in. Fortinet issued an urgent advisory to address a critical FortiClientEMS vulnerability, tracked as CVE-2026-21643 (CVSS score of 9.1). The vulnerability is an improper neutralization of special elements used in an SQL Command (‘SQL Injection’) issue in FortiClientEMS. An…
AI, Breaking News, Exploits, FortiClientEMS, Fortinet, Global Security News, malware, Network Security, Security
Critical Fortinet FortiClientEMS flaw allows remote code execution
Fortinet warns of a critical FortiClientEMS vulnerability that lets remote attackers run malicious code without logging in. Fortinet issued an urgent advisory to address a critical FortiClientEMS vulnerability, tracked as CVE-2026-21643 (CVSS score of 9.1). The vulnerability is an improper neutralization of special elements used in an SQL Command (‘SQL Injection’) issue in FortiClientEMS. An…
Cybersecurity, Global Security News
Fortinet Announces Winners of Australia Partner of the Year Awards for 2025
COMPANY NEWS: Fortinet recognises partners driving cybersecurity innovation and delivering outstanding customer outcomes
Cybersecurity, Global Security News
Fortinet Announces Winners of Australia Partner of the Year Awards for 2025
COMPANY NEWS: Fortinet recognises partners driving cybersecurity innovation and delivering outstanding customer outcomes
Cybersecurity, Global Security News, Network Security
Fortinet reports strong fourth quarter and full year 2025 financial results
COMPANY NEWS: Fortinet®, a global cybersecurity leader driving the convergence of networking and security, has announced financial results for the fourth quarter of 2025 and full year ended December 31, 2025.