惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

TaoSecurity Blog
TaoSecurity Blog
L
LINUX DO - 最新话题
Help Net Security
Help Net Security
N
News | PayPal Newsroom
www.infosecurity-magazine.com
www.infosecurity-magazine.com
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
The Last Watchdog
The Last Watchdog
S
Security @ Cisco Blogs
W
WeLiveSecurity
C
CXSECURITY Database RSS Feed - CXSecurity.com
Webroot Blog
Webroot Blog
T
Troy Hunt's Blog
V
Vulnerabilities – Threatpost
Google Online Security Blog
Google Online Security Blog
N
News and Events Feed by Topic
T
Threat Research - Cisco Blogs
Security Archives - TechRepublic
Security Archives - TechRepublic
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
T
Tor Project blog
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
D
Darknet – Hacking Tools, Hacker News & Cyber Security
PCI Perspectives
PCI Perspectives
Google DeepMind News
Google DeepMind News
T
Tailwind CSS Blog
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
Apple Machine Learning Research
Apple Machine Learning Research
IT之家
IT之家
S
SegmentFault 最新的问题
J
Java Code Geeks
P
Privacy & Cybersecurity Law Blog
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
博客园 - 【当耐特】
博客园_首页
H
Hacker News: Front Page
T
Threatpost
Jina AI
Jina AI
博客园 - Franky
月光博客
月光博客
L
LINUX DO - 热门话题
The Cloudflare Blog
H
Heimdal Security Blog
博客园 - 司徒正美
酷 壳 – CoolShell
酷 壳 – CoolShell
Cloudbric
Cloudbric
雷峰网
雷峰网
Hugging Face - Blog
Hugging Face - Blog
S
Secure Thoughts
T
Tenable Blog
I
Intezer
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻

The Register - Security: Patches

Cisco SD-WAN make-me-root bug under attack Ivanti tells Sentry customers to patch now as critical bugs hit 10.0 and 9.9 AI is making Patch Tuesday (kinda) fun again Anthropic to release Mythos-class models to the public Clear your calendar, Drupal user: You have a critically urgent patch to install Welcome to the vulnpocalypse, as vendors use AI to find bugs and patches multiply like rabbits Doozy of a Patch Tuesday includes 30 critical Microsoft CVEs Critical cPanel, WHM flaw probs exploited as 0-day, pros say Microsoft patch fell short. New Windows flaw exploited More Cisco SD-WAN bugs battered in attacks Critical Fortinet sandbox bugs allow auth bypass and RCE Ancient Excel bug comes out of retirement for active attacks Microsoft's massive Patch Tuesday: It's raining bugs Ransomware scum, other crims exploit 4 old Microsoft bugs Attackers exploited the FortiClient EMS bug as a 0-day Citrix NetScaler bug may be multiple flaws in one Ransomware crims abused Cisco 0-day weeks before disclosure Google rushes Chrome update to fix zero-days under attack CISA warns max-severity n8n bug is being exploited in the wild Cisco warns of two more SD-WAN bugs under active attack LexisNexis Legal & Professional confirms data breach Five Eyes warn: Patch your Cisco SD-WAN or risk root takeover Patch these 4 critical, make-me-root SolarWinds bugs ASAP Attacker gets into France's DB listing all bank accounts CISA gives feds 3 days to patch actively exploited Dell bug CISA gives feds 3 days to patch actively exploited Dell bug Google fixes exploited Chrome CSS zero-day Critical Microsoft bug from 2024 under exploitation Apple patches decade-old iOS zero-day exploited in the wild Microsoft's Valentine's gift to admins: 6 zero-day fixes Microsoft's Valentine's gift to admins: 6 zero-day fixes Critical SolarWinds Web Help Desk bug under attack Critical React Native Metro dev server bug under attack Critical React Native Metro dev server bug under attack OpenClaw patches one-click RCE as security Whac-A-Mole continues Ivanti's January bad luck continues as 0-days hit customers Critical VMware vCenter Server bug under attack Critical VMware vCenter Server bug under attack Ancient telnet bug happily hands out root to attackers Cisco plugs up Unified Comms zero-day under active exploit Cloudflare whacks WAF bypass bug that opened side door Cloudflare whacks WAF bypass bug that opened side door Anthropic quietly fixed flaws in its Git MCP server Sorry Dave, I’m afraid I can’t do that! PCs refuse to shut down after Microsoft patch Patch Tuesday update makes Windows PCs refuse to shut down Cisco finally fixes max-severity bug under active attack for weeks Cisco finally fixes max-severity bug under attack for weeks Windows info-disclosure 0-day bug gets a fix as CISA sounds alarm Python libraries in AI/ML models can be poisoned w metadata Python libraries in AI/ML models can be poisoned w metadata Ruh-roh, there's a Cisco ISE bug POC on the loose Ruh-roh, there's a Cisco ISE bug POC on the loose CISA flags exploited Office relic alongside fresh HPE flaw Critical n8n bug allows unauthenticated server takeover Logitech mouse mayhem traced to expired dev certificate 'Heartbleed of MongoDB' under active exploit Microsoft fixes Message Queuing issue in new update Microsoft fixes Message Queuing issue in new update Critical-rated WatchGuard Firebox flaw under active attack HPE OneView RCE bug scores a perfect 10 Apple, Google forced to issue emergency 0-day patches Microsoft RasMan DoS 0-day gets unofficial patch - and a working exploit Microsoft RasMan 0-day gets an unofficial patch and exploit New React vulns leak secrets, invite DoS attacks Google fixes super-secret 8th Chrome 0-day Microsoft fixes Windows shortcut flaw exploited for years Microsoft fixes Windows shortcut flaw exploited for years Two Android 0-day bugs patched, plus 105 more fixes Fortinet finally cops to critical bug under active exploit Cisco warns of 'new attack variant' battering firewalls Docker Compose vulnerability opens door to host-level writes Microsoft issues out-of-band patch for critical WSUS flaw Vulnerable Rust crate exposes uv Python packager Oracle rushes out another emergency E-Business Suite patch 50K Cisco firewalls remain vulnerable to advanced attacks Exploits using GoAnywhere perfect-10 bug confirmed Critical Cisco firewall holes under active attack SonicWall releases rootkit-busting firmware update SolarWinds patches critical RCE - for the third time Fortra discloses 10/10 severity bug in GoAnywhere MFT OpenAI plugs ShadowLeak bug in ChatGPT Google pushes emergency patch for Chrome 0-day Apple backports patch to older kit after 0-day exploitation
FortiGate SSO bug still exploitable despite December patch
Carly Page Carly Page · 2026-01-23 · via The Register - Security: Patches

CSO

Fix didn't quite do the job – attackers spotted logging in

Fortinet has confirmed that attackers are actively bypassing a December patch for a critical FortiCloud single sign-on (SSO) authentication flaw after customers reported suspicious logins on devices supposedly fully up to date.

In a new advisory, Fortinet said it had identified a fresh attack path being used to abuse SAML-based SSO in FortiOS, even on systems that had already applied the vendor's earlier fix.

The disclosure follows reports earlier this week that FortiGate firewalls were quietly reconfigured via compromised SSO accounts, with attackers altering firewall settings, creating backdoor admin users, and exfiltrating configuration files.

Arctic Wolf said the campaign kicked off around January 15, with attackers spinning up VPN-enabled accounts and ripping out firewall configuration files in a matter of seconds – behavior strongly suggesting automation rather than careful, hands-on-keyboard work. The security firm added that the activity closely mirrors incidents it observed back in December, in the wake of Fortinet's disclosure of the supposedly patched SSO authentication bypass flaw.

"Recently, a small number of customers reported unexpected login activity occurring on their devices, which appeared very similar to the previous issue," said Fortinet chief information security officer Carl Windsor.

"However, in the last 24 hours, we have identified a number of cases where the exploit was to a device that had been fully upgraded to the latest release at the time of the attack, which suggested a new attack path."

"Fortinet product security has identified the issue, and the company is working on a fix to remediate this occurrence," Windsor said. "An advisory will be issued as the fix scope and timeline is available."

While exploitation has so far only been observed via FortiCloud SSO, Windsor warned that the underlying weakness is not limited to that service.

"It is important to note that while, at this time, only exploitation of FortiCloud SSO has been observed, this issue is applicable to all SAML SSO implementations." That's not the sort of detail likely to calm anyone responsible for keeping these boxes locked down.

Fortinet has not yet published technical details of the alternate attack path, though the company says investigations are ongoing. In the meantime, it has advised customers to review authentication logs for any unexpected login activity, restrict exposure of the management interface, and closely monitor changes to administrator accounts.

For now, Fortinet customers are left watching the logs and waiting for another fix — this time hoping it actually closes the door. ®