FortiOS is a technology platform tracked across 24 threat clusters and 52 intelligence report mentions on ThreatCluster. First observed November 17, 2025; most recent activity June 22, 2026.
FortiOS is Fortinet’s network operating system that runs on FortiGate firewalls and related Fortinet devices, delivering firewall, VPN, and security services. Recent reports describe multiple vulnerabilities in FortiOS and FortiSwitchManager that can enable remote code execution and authentication bypass, with tens of thousands of devices exposed or at risk, making it a critical attack surface in enterprise networks.
A critical vulnerability in FortiWeb Web Application Firewall (WAF) has been actively exploited, allowing attackers to gain full administrative access to affected systems. Organizations using FortiWeb are at risk of…
A credential-harvesting campaign known as 'FortiBleed' has compromised over 75,000 Fortinet firewalls and VPNs across 194 countries. The attackers, suspected to be Russian-speaking cybercriminals, exploited previously…
Fortinet has identified multiple critical vulnerabilities in its FortiSandbox and FortiAuthenticator products, which could allow unauthenticated attackers to execute arbitrary code remotely. The vulnerabilities are…
Fortinet reported two vulnerabilities affecting FortiOS, FortiManager, FortiAnalyzer, and FortiProxy related to FortiCloud SSO authentication. The first vulnerability, an Authentication Bypass (CWE-288), allows…
CVE-2024-47575, known as FortiJump, has been actively exploited since June 2024, affecting over 50 FortiManager devices across various industries. The vulnerability allows unauthorized control of FortiManager…
The Gentlemen ransomware group has emerged as a significant threat in 2026, exploiting vulnerabilities in Fortinet systems, particularly CVE-2024-55591, an authentication bypass flaw. They have been observed using…
The FortiBleed campaign exposed valid credentials for nearly 75,000 Fortinet FortiGate firewalls across 21,632 domains. Threat actors leveraged commoditized supercomputing resources to execute massive cryptographic…
A critical SQL injection vulnerability, identified as CVE-2026-21643, has been discovered in Fortinet FortiClientEMS version 7.4.4. This flaw allows unauthenticated attackers to execute unauthorized code or commands,…
As of February 12, 2026, organizations worldwide are experiencing an average of 2,090 cyber-attacks per week, largely driven by ransomware incidents. This increase highlights the ongoing challenges faced by businesses…
On May 4, 2026, a leak of internal communications from The Gentlemen Ransomware-as-a-Service (RaaS) operation surfaced on underground forums. The leak, which included chats and backend data from November 2025 to April…