#fortiweb

[ follow ]
#cisa #zero-day #cve-2025-58034 #cve-2025-64446 #path-traversal #supply-chain-attacks #incident-response
#zero-day
fromThe Hacker News
3 days ago
Information security

Weekly Recap: Fortinet Exploit, Chrome 0-Day, BadIIS Malware, Record DDoS, SaaS Breach & More

Widespread exploitation of FortiWeb and Chrome zero-days, plus supply-chain and SaaS compromises, forced major vendors into rapid incident response and urgent patching.
fromTechzine Global
1 week ago
Information security

Fortinet hit again by zero-day vulnerability in FortiWeb

A second actively exploited FortiWeb zero-day (CVE-2025-58034) enables code execution for logged-in attackers; immediate upgrade to the latest FortiWeb is required.
more#zero-day
Information security
fromTheregister
1 week ago

Fortinet confirms second 0-day in just four days

FortiWeb OS command injection zero-day CVE-2025-58034 is exploited in the wild; Fortinet released a patch—update FortiWeb devices immediately.
Information security
fromTheregister
1 week ago

Fortinet finally cops to critical bug under active exploit

Critical FortiWeb path traversal (CVE-2025-64446) allows unauthenticated attackers full administrative takeover and was exploited in the wild before a public advisory and CVE assignment.
fromTechzine Global
1 week ago

FortiWeb vulnerability actively exploited to create admin accounts

A vulnerability in Fortinet FortiWeb is being actively exploited worldwide to create new administrator accounts without authentication on devices that are directly accessible from the internet. This involves a path traversal that makes it possible to call an internal CGI script via the management path. Researchers have observed attackers scanning large numbers of devices and bombarding them with automated requests, immediately affecting any system with an open management interface.
Information security
[ Load more ]