Ptechhub
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs
No Result
View All Result
PtechHub
No Result
View All Result

Fortinet FortiGate Under Active Attack Through SAML SSO Authentication Bypass

The Hacker News by The Hacker News
December 16, 2025
Home Cybersecurity
Share on FacebookShare on Twitter


Dec 16, 2025Ravie LakshmananNetwork Security / Vulnerability

Threat actors have begun to exploit two newly disclosed security flaws in Fortinet FortiGate devices, less than a week after public disclosure.

Cybersecurity company Arctic Wolf said it observed active intrusions involving malicious single sign-on (SSO) logins on FortiGate appliances on December 12, 2025. The attacks exploit two critical authentication bypasses (CVE-2025-59718 and CVE-2025-59719, CVSS scores: 9.8). Patches for the flaws were released by Fortinet last week for FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager.

“These vulnerabilities allow unauthenticated bypass of SSO login authentication via crafted SAML messages, if the FortiCloud SSO feature is enabled on affected devices,” Arctic Wolf Labs said in a new bulletin.

It’s worth noting that while FortiCloud SSO is disabled by default, it is automatically enabled during FortiCare registration unless administrators explicitly turn it off using the “Allow administrative login using FortiCloud SSO” setting in the registration page.

Cybersecurity

In the malicious activity observed by Arctic Wolf, IP addresses associated with a limited set of hosting providers, such as The Constant Company llc, Bl Networks, and Kaopu Cloud Hk Limited, were used to carry out malicious SSO logins against the “admin” account.

Following the logins, the attackers have been found to export device configurations via the GUI to the same IP addresses.

In light of ongoing exploitation activity, organizations are advised to apply the patches as soon as possible. As mitigations, it’s essential to disable FortiCloud SSO until the instances are updated to the latest version and limit access to management interfaces of firewalls and VPNs to trusted internal users.

“Although credentials are typically hashed in network appliance configurations, threat actors are known to crack hashes offline, especially if credentials are weak and susceptible to dictionary attacks,” Arctic Wolf said.

Fortinet customers who find indicators of compromise (IoCs) consistent with the campaign are recommended to assume compromise and reset hashed firewall credentials stored in the exfiltrated configurations.



Source link

Tags: computer securitycyber attackscyber newscyber security newscyber security news todaycyber security updatescyber updatesdata breachhacker newshacking newshow to hackinformation securitynetwork securityransomware malwaresoftware vulnerabilitythe hacker news
The Hacker News

The Hacker News

Next Post
Startup backed by Altman, JPMorgan announces capital lending partnership with Amazon

Startup backed by Altman, JPMorgan announces capital lending partnership with Amazon

Recommended.

Captain Pugwash Comes Home to Rye Via New GuideGeek AI Tool for Visitors

Captain Pugwash Comes Home to Rye Via New GuideGeek AI Tool for Visitors

November 24, 2025
Winners Announced in the 11th Annual 2026 Globee® Awards for Achievement

Winners Announced in the 11th Annual 2026 Globee® Awards for Achievement

May 1, 2026

Trending.

AWS Vs. Google Cloud Vs. Microsoft Azure Q1 Earnings Face-Off

AWS Vs. Google Cloud Vs. Microsoft Azure Q1 Earnings Face-Off

May 1, 2026
Cloud Market Share Q1 2026: AWS, Microsoft, Google Battling In AI Era

Cloud Market Share Q1 2026: AWS, Microsoft, Google Battling In AI Era

May 4, 2026
Google’s 0 Million Partner Fund Targets AI Agent Era Channel Paradigm Shift

Google’s $750 Million Partner Fund Targets AI Agent Era Channel Paradigm Shift

April 24, 2026
AWS Solution Provider Caylent Unveils Dedicated Anthropic Claude Unit

AWS Solution Provider Caylent Unveils Dedicated Anthropic Claude Unit

April 30, 2026
Dell’s Infrastructure Blitz: Private Cloud, PowerStore Elite, PowerEdge In Spotlight At Dell Technologies World 2026

Dell’s Infrastructure Blitz: Private Cloud, PowerStore Elite, PowerEdge In Spotlight At Dell Technologies World 2026

May 19, 2026

PTechHub

A tech news platform delivering fresh perspectives, critical insights, and in-depth reporting — beyond the buzz. We cover innovation, policy, and digital culture with clarity, independence, and a sharp editorial edge.

Follow Us

Industries

  • AI & ML
  • Cybersecurity
  • Enterprise IT
  • Finance
  • Telco

Navigation

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Subscribe to Our Newsletter

  • About
  • Advertise
  • Privacy & Policy
  • Contact

Copyright © 2025 | Powered By Porpholio

No Result
View All Result
  • News
  • Industries
    • Enterprise IT
    • AI & ML
    • Cybersecurity
    • Finance
    • Telco
  • Brand Hub
    • Lifesight
  • Blogs

Copyright © 2025 | Powered By Porpholio