FortiGate Firewalls Under Attack: Hackers Exploit Critical Vulnerabilities to Steal Corporate Credentials

Cybercriminals exploited FortiGate vulnerabilities in 2026, breaching networks and stealing credentials. Update firmware now to stay secure.

By Content Team

Mar 15, 2026

ON THIS PAGE

Share

---

ON THIS PAGE

Want more insights like this?

Subscribe to our newsletter to get the latest software protection strategies delivered to your inbox.

By submitting your email, you consent to Codekeeper contacting you and agree to our privacy policy.

Cybercriminals launched a coordinated attack wave in early 2026, exploiting three critical FortiGate firewall vulnerabilities to breach enterprise networks. The attacks leveraged CVE-2025-59718 and CVE-2025-59719 (both rated 9.8 severity), which allow hackers to gain admin access using fake SAML tokens, plus a zero-day flaw CVE-2026-24858 that enabled login through attackers' own FortiCloud accounts.

Once inside, attackers extracted firewall configurations and decrypted embedded service account credentials for Active Directory systems. In one case, hackers maintained access for two months undetected, creating fake admin accounts and deploying remote access tools. They ultimately stole domain controller databases containing all user passwords.

Fortinet has released patches, but organizations must immediately update firmware, rotate all LDAP credentials, and strengthen firewall monitoring to prevent further breaches.

Source: Cybersecurity News

Share this article

Have questions about protecting your software?

Our escrow experts are standing by to help.

Book a free demo

YOU MAY ALSO LIKE

New 'CrashFix' Scam Intentionally Crashes Browsers to Deliver Malware

Jan 21, 2026

Microsoft Rushes Emergency Patch for Office Zero-Day Under Active Attack

Jan 28, 2026

Google Patches Actively Exploited Chrome Zero-Day — Update Immediately

Apr 2, 2026

Cybercriminals Use LiveChat Platform for Real-Time Phishing Scams

Mar 17, 2026