Spike in Fortinet VPN brute-force attacks raises zero-day concerns

Threat Score:
65
BleepingComputer
17 hours ago
Spike in Fortinet VPN brute-force attacks raises zero-day concerns

Overview

Spike in Fortinet VPN brute-force attacks raises zero-day concerns Bill Toulas August 13, 2025 12:42 PM 0 A massive spike in brute-force attacks targeted Fortinet SSL VPNs earlier this month, followed by a switch to FortiManager, marked a deliberate shift in targeting that has historically preceded new vulnerability disclosures. The campaign, detected by threat monitoring platform GreyNoise, manifested in two waves, on August 3 and August 5, with the second wave pivoting to FortiManager targetin...

Related Articles

5 articles
1

Zoom patches critical Windows flaw allowing privilege escalation

Security Affairs 1 hour ago

Zoom fixed a critical Windows client flaw (CVE-2025-49457, CVSS 9.6) involving an untrusted path that could enable privilege escalation. Cloud-based video conferencing and online collaboration platform Zoom addressed a critical security flaw, tracked as CVE-2025-49457 (CVSS score of 9.6) in Zoom Clients for Windows. An unauthenticated user can exploit the vulnerability to conduct an […]

Score
84
Read more
3

Critical WordPress Plugin Vulnerability Exposes 70,000+ Sites to RCE Attacks

Cybersecurity News 46 minutes ago

A critical security vulnerability has been discovered in the popular “Database for Form 7, WPforms, Elementor forms” WordPress plugin, potentially exposing over 70,000 websites to remote code execution attacks.  The vulnerability, tracked as CVE-2025-7384 with a maximum CVSS score of 9.8, affects all versions up to and including 1.4.3 and was publicly disclosed on […]

Score
83
Read more
4
Xerox FreeFlow Core Vulnerability Allows Remote Code Execution — PoC Now Public

Xerox FreeFlow Core Vulnerability Allows Remote Code Execution — PoC Now Public

GB Hackers 4 hours ago

Xerox FreeFlow Core Vulnerability Allows Remote Code Execution — PoC Now Public Security researchers have disclosed critical vulnerabilities in Xerox FreeFlow Core that enable unauthenticated remote attackers to executearbitrary codeon vulnerable systems. The proof-of-concept exploits are now publicly available, raising immediate concerns for organizations using the popular print orchestration platform. Critical Vulnerabilities Discovered Cybersecurity firm Horizon3.aidiscoveredtwo severe vulner

Score
80
Read more
5

Proxyware Campaign Piggybacks on Popular YouTube Video Download Services

GB Hackers 2 hours ago

Proxyware Campaign Piggybacks on Popular YouTube Video Download Services The AhnLab Security Intelligence Center (ASEC) has uncovered fresh instances of proxyware distribution by threat actors leveraging deceptive advertising on freeware sites. Building on prior reports, such as the “DigitalPulse Proxyware Being Distributed Through Ad Pages” analysis, this campaign continues to exploit unwitting users in South Korea, installing unauthorized bandwidth-sharing tools like DigitalPulse and Honeygain

Score
79
Read more