Fortinet is a organization tracked across 50 threat clusters and 131 intelligence report mentions on ThreatCluster. First observed November 14, 2025; most recent activity July 6, 2026.
Threat actors are actively exploiting critical authentication bypass vulnerabilities in Fortinet's FortiGate appliances, specifically CVE-2025-59718 and CVE-2025-59719. These vulnerabilities allow unauthenticated single…
The FBI and partners disrupted a covert network of compromised TP-Link and MikroTik routers exploited by the Russian GRU (APT28) to steal Outlook credentials. This operation, known as Operation Masquerade, revealed that…
A critical vulnerability in FortiWeb Web Application Firewall (WAF) has been actively exploited, allowing attackers to gain full administrative access to affected systems. Organizations using FortiWeb are at risk of…
Check Point Software Technologies disclosed a critical authentication bypass vulnerability (CVE-2026-50751) affecting its Remote Access VPN and Mobile Access products, with exploitation confirmed since May 7, 2026. The…
A significant cyber attack attributed to Russian hackers has compromised the email accounts of UK government officials and Foreign Office staff, exposing sensitive systems and critical infrastructure. Named…
A China-linked threat actor known as Red Menshen has been conducting a long-term espionage campaign targeting global telecommunications networks using a stealthy Linux kernel backdoor called BPFdoor. This malware…
In the first quarter of 2026, a significant increase in brute-force authentication attacks was reported, primarily targeting SonicWall and Fortinet FortiGate devices. According to Barracuda, approximately 90% of these…
Russian hackers have infiltrated the email accounts of UK government officials and Foreign Office staff in a significant cyber breach, dubbed 'FortiBleed.' The attack exploited vulnerabilities in over 80,000 Fortinet…
Between May 2025 and Spring 2026, the Belgian State Security experienced a data breach exposing employee information, attributed to vulnerabilities in Ivanti Endpoint Manager Mobile (EPMM). Hackers exploited flaws…
The JDY botnet, linked to Chinese state-sponsored actors, has expanded to over 1,500 compromised small office and IoT devices, primarily in the U.S. and Brazil. This botnet scans for newly disclosed vulnerabilities…