FortiOS — Cyber Threats, Attacks & Incidents

Threat entity extracted from intelligence sources

Frequency
52
occurrences
First Seen
November 17, 2025
Last Seen
June 22, 2026

FortiOS is a technology platform tracked across 24 threat clusters and 52 intelligence report mentions on ThreatCluster. First observed November 17, 2025; most recent activity June 22, 2026.

Overview

FortiOS is Fortinet’s network operating system that runs on FortiGate firewalls and related Fortinet devices, delivering firewall, VPN, and security services. Recent reports describe multiple vulnerabilities in FortiOS and FortiSwitchManager that can enable remote code execution and authentication bypass, with tens of thousands of devices exposed or at risk, making it a critical attack surface in enterprise networks.

Related Threat Clusters

  • FortiWeb WAF Vulnerability Enables Full Admin Control Exploitation

    A critical vulnerability in FortiWeb Web Application Firewall (WAF) has been actively exploited, allowing attackers to gain full administrative access to affected systems. Organizations using FortiWeb are at risk of…

    100 articles · Updated November 15, 2025
  • FortiBleed Campaign Compromises 75,000+ Fortinet Devices Globally

    A credential-harvesting campaign known as 'FortiBleed' has compromised over 75,000 Fortinet firewalls and VPNs across 194 countries. The attackers, suspected to be Russian-speaking cybercriminals, exploited previously…

    103 articles · Updated June 17, 2026
  • Critical RCE Vulnerabilities Discovered in Fortinet Products

    Fortinet has identified multiple critical vulnerabilities in its FortiSandbox and FortiAuthenticator products, which could allow unauthenticated attackers to execute arbitrary code remotely. The vulnerabilities are…

    89 articles · Updated May 12, 2026
  • Multiple Vulnerabilities in FortiCloud SSO Authentication Exposed

    Fortinet reported two vulnerabilities affecting FortiOS, FortiManager, FortiAnalyzer, and FortiProxy related to FortiCloud SSO authentication. The first vulnerability, an Authentication Bypass (CWE-288), allows…

    3 articles · Updated June 22, 2026
  • Mass Exploitation of FortiManager Vulnerability CVE-2024-47575 Confirmed

    CVE-2024-47575, known as FortiJump, has been actively exploited since June 2024, affecting over 50 FortiManager devices across various industries. The vulnerability allows unauthorized control of FortiManager…

    2 articles · Updated June 17, 2026
  • The Gentlemen Ransomware Group Exploits Fortinet Flaws and AI Tools

    The Gentlemen ransomware group has emerged as a significant threat in 2026, exploiting vulnerabilities in Fortinet systems, particularly CVE-2024-55591, an authentication bypass flaw. They have been observed using…

    4 articles · Updated June 3, 2026
  • FortiBleed Campaign: AI-Driven Exploitation of Fortinet Firewalls

    The FortiBleed campaign exposed valid credentials for nearly 75,000 Fortinet FortiGate firewalls across 21,632 domains. Threat actors leveraged commoditized supercomputing resources to execute massive cryptographic…

    2 articles · Updated June 21, 2026
  • Critical SQL Injection Vulnerability in Fortinet FortiClientEMS

    A critical SQL injection vulnerability, identified as CVE-2026-21643, has been discovered in Fortinet FortiClientEMS version 7.4.4. This flaw allows unauthenticated attackers to execute unauthorized code or commands,…

    21 articles · Updated February 9, 2026
  • Ransomware Fuels Surge in Global Cyberattacks

    As of February 12, 2026, organizations worldwide are experiencing an average of 2,090 cyber-attacks per week, largely driven by ransomware incidents. This increase highlights the ongoing challenges faced by businesses…

    1448 articles · Updated February 12, 2026
  • Gentlemen RaaS Leak Exposes 10% of 2026's Ransomware Victims

    On May 4, 2026, a leak of internal communications from The Gentlemen Ransomware-as-a-Service (RaaS) operation surfaced on underground forums. The leak, which included chats and backend data from November 2025 to April…

    2 articles · Updated May 14, 2026

Recent Intelligence Reports

  • FG-IR-25-647 — fortiguard.fortinet.com · June 22, 2026
  • FG-IR-25-647 — www.fortiguard.com · June 22, 2026
  • FG-IR-26-060 — www.fortiguard.com · June 22, 2026
  • Supercomputing on a Credit Card From The AI Rush Enabled The Massive FortiBleed Campaign — Infostealers · June 21, 2026
  • Nation — Infostealers · June 21, 2026
  • FortiBleed campaign exposes 75,000 Fortinet firewalls worldwide — Csoonline · June 18, 2026
  • FortiBleed leak exposes Fortinet VPN credentials for 73,000 devices. — Bleepingcomputer · June 17, 2026
  • A Look At Fortijump Cve 2024 47575 — bishopfox.com · June 17, 2026

CVSS v3.1 Breakdown