Bleeping Computer

Fortinet discloses second firewall auth bypass patched in January

Update 2/11/25 07:32 PM ET: After publishing our story, Fortinet has informed us that the new CVE-2025-24472 flaw added to FG-IR-24-535 today is not a zero-day and was already fixed in January.
SDxCentral

Fortinet unearths second FortiWeb firewall vulnerability in as many weeks

Fortinet has uncovered a bug in its FortiWeb firewall offering, the second issue to be reported with the product in a month. First reported by The Register, the vulnerability (CVE-2025-58034) could ...
Ars Technica

FortiGate admins report active exploitation 0-day. Vendor isn’t talking.

Fortinet, a maker of network security software, has kept a critical vulnerability under wraps for more than a week amid reports that attackers are using it to execute malicious code on servers used by ...
Dark Reading

Zero-Day Security Bug Likely Fueling Fortinet Firewall Attacks

A zero-day flaw is likely to blame for a series of recent attacks on Fortinet FortiGate firewall devices that have management interfaces exposed on the public Internet. Attackers are targeting the ...
Ars Technica

FortiGate: DNS behavior with FQDN rules

FortiGate 60D firewall. We're having issues with one of our point-of-sale networks that has a whitelist that is almost all FQDN-based. The FQDNs that are giving us the most trouble are on cloud or ...