InfoSecBulletin Cybersecurity for mankind
Threat actors started to exploit two critical flaws (CVE: 2025-59718 and CVE: 2025-59719 in Fortinet FortiGate devices. Unauthenticated attackers can exploit these vulnerabilities to bypass SSO login protections using crafted SAML messages when FortiCloud SSO is enabled on affected devices.
December 12, 2025, Arctic Wolf identified coordinated attacks using malicious Single Sign-On (SSO) logins on FortiGate devices globally.
FortiBleed: 70,000 Fortinet Firewalls Compromised Globally
New Rokarolla Android malware hits 217 banking and crypto apps
Phishing Campaign Exploits Legitimate Microsoft Login Flow
ALERT
Cisco SD-WAN Zero-Day, FortiSandbox and cPanel flaws exploited in attacks
“Panthalassa” builds floating AI data centers powered by ocean waves
Critical Wazuh Vuln Enables Alert Tampering and Evidence Deletion
CVE-2026-0257
Palo Alto Warns of GlobalProtect VPN Vuln Actively Exploited
BD Gov.t to set up Tk192.66cr AI hub with support from Koica
Critical Splunk Enterprise Pre-Auth RCE Chain Exposes Databases With Zero Authentication
Anthropic disables Fable 5 and Mythos 5 Access after US order limiting foreign access
FortiOS 6.4, FortiWeb 7.0, and FortiWeb 7.2 remain unaffected by these vulnerabilities.
Fortinet customers who identify related indicators of compromise (IoCs) should assume a breach and reset their hashed firewall credentials from the exposed configurations.
Workaround:
Fortinet recommends turning off the FortiCloud login feature (if enabled) temporarily until upgrading to a non-affected version.
To turn off FortiCloud login, go to System -> Settings -> Switch “Allow administrative login using FortiCloud SSO” to Off.
