FortiGate Firewalls Under Automated Attack Since January 15

Cybercriminals exploit FortiGate vulnerabilities with automated attacks; users urged to disable SSO and secure access.

By Content Team

Jan 26, 2026

ON THIS PAGE

Share

---

ON THIS PAGE

Want more insights like this?

Subscribe to our newsletter to get the latest software protection strategies delivered to your inbox.

By submitting your email, you consent to Codekeeper contacting you and agree to our privacy policy.

Cybercriminals launched automated attacks against FortiGate firewall devices starting January 15, 2026, exploiting critical authentication bypass vulnerabilities disclosed by Fortinet in December 2025. The attackers use malicious SAML messages to bypass SSO login, then quickly steal configuration data and create persistent admin accounts within seconds.

Arctic Wolf detected the highly automated campaign targeting CVE-2025-59718 and CVE-2025-59719, which affect FortiOS, FortiWeb, and other Fortinet products. Attackers primarily use the account cloud-init@mail.io and create backup accounts like "secadmin" and "itadmin" to maintain access.

Fortinet users should immediately disable FortiCloud SSO, reset all credentials, and restrict management interfaces to trusted networks while monitoring for suspicious activity.

Source: Cyber Security News

Share this article

Have questions about protecting your software?

Our escrow experts are standing by to help.

Book a free demo

YOU MAY ALSO LIKE

Notepad++ Update System Hijacked in Months-Long Supply Chain Attack

Feb 7, 2026

574 Arrested in Major African Cybercrime Crackdown

Dec 25, 2025

Hackers Exploit Critical Quest KACE Flaw to Take Over Management Systems

Mar 21, 2026

TeamPCP Hackers Compromise Official Telnyx Python Package in Supply Chain Attack

Mar 28, 2026