CSO Online

Fortinet confirms new zero-day attacks against customer devices

All SAML SSO implementations, including FortiCloud SSO, are vulnerable to authentication bypass and malicious configuration ...
The Hacker News

Automated FortiGate Attacks Exploit FortiCloud SSO to Alter Firewall Configurations

Arctic Wolf reports automated attacks on FortiGate devices abusing FortiCloud SSO flaws to change firewall settings and steal ...

Okta SSO accounts targeted in vishing-based data theft attacks

Okta is warning about custom phishing kits built specifically for voice-based social engineering (vishing) attacks.

FortiGate firewalls hit by silent SSO intrusions and config theft

Admins say attackers are still getting in despite recent patches FortiGate firewalls are getting quietly reconfigured and ...
The Hacker News

Fortinet Confirms Active FortiCloud SSO Bypass on Fully Patched FortiGate Firewalls

Fortinet confirms active exploitation of a FortiCloud SSO authentication bypass affecting fully patched FortiGate devices via SAML abuse.
SecurityWeek

Fortinet Confirms FortiCloud SSO Exploitation Against Patched Devices

The cybersecurity company pointed out that the fresh campaign resembles December 2025 attacks targeting CVE-2025-59718 and CVE-2025-59719, two critical-severity defects impacting the FortiCloud SSO ...
The Register on MSN

Fortinet admits FortiGate SSO bug still exploitable despite December patch

Fix didn't quite do the job – attackers spotted logging in Fortinet has confirmed that attackers are actively bypassing a December patch for a critical FortiCloud single sign-on (SSO) authentication ...

Hackers breach Fortinet FortiGate devices, steal firewall configs

Fortinet FortiGate devices are being targeted in automated attacks that create rogue accounts and steal firewall ...
Dark Reading

Fortinet Firewalls Hit With Malicious Configuration Changes

Automated infections of potentially fully patched FortiGate devices are allowing threat actors to steal firewall ...