CVE-2024-21762
published 2024-02-09CVE-2024-21762: A out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15…
PriorityP199critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
KEVITWEXPLOITRansomwareInitial access
CISA Known Exploited Vulnerabilitydue 2024-02-16
Exploited in the wild
EPSS
80.84%
99.6th percentile
A out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7 allows attacker to execute unauthorized code or commands via specifically crafted requests
Affected
26 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| fortinet | fortinet | — | — |
| fortinet | fortios | — | — |
| fortinet | fortios | >= 6.0.0 < 6.0.18 | 6.0.18 |
| fortinet | fortios | 6.0.0 – 6.0.17 | — |
| fortinet | fortios | >= 6.2.0 < 6.2.16 | 6.2.16 |
| fortinet | fortios | 6.2.0 – 6.2.15 | — |
| fortinet | fortios | >= 6.4.0 < 6.4.15 | 6.4.15 |
| fortinet | fortios | 6.4.0 – 6.4.14 | — |
| fortinet | fortios | >= 7.0.0 < 7.0.14 | 7.0.14 |
| fortinet | fortios | 7.0.0 – 7.0.13 | — |
| fortinet | fortios | >= 7.2.0 < 7.2.7 | 7.2.7 |
| fortinet | fortios | 7.2.0 – 7.2.6 | — |
| fortinet | fortios | >= 7.4.0 < 7.4.3 | 7.4.3 |
| fortinet | fortios | 7.4.0 – 7.4.2 | — |
| fortinet | fortiproxy | — | — |
| fortinet | fortiproxy | >= 1.0.0 < 2.0.14 | 2.0.14 |
| fortinet | fortiproxy | 1.0.0 – 1.0.7 | — |
| fortinet | fortiproxy | 1.1.0 – 1.1.6 | — |
| fortinet | fortiproxy | 1.2.0 – 1.2.13 | — |
| fortinet | fortiproxy | 2.0.0 – 2.0.13 | — |
| fortinet | fortiproxy | >= 7.0.0 < 7.0.15 | 7.0.15 |
| fortinet | fortiproxy | 7.0.0 – 7.0.14 | — |
| fortinet | fortiproxy | >= 7.2.0 < 7.2.9 | 7.2.9 |
| fortinet | fortiproxy | 7.2.0 – 7.2.8 | — |
| fortinet | fortiproxy | >= 7.4.0 < 7.4.3 | 7.4.3 |
Detection & IOCsextracted from sources · hover to see the quote
- →Look for symbolic links in the SSL-VPN language files folder pointing to the root filesystem — this is the post-exploitation persistence mechanism used after CVE-2024-21762 exploitation. ↗
- →Monitor FortiGate SSL-VPN web panel for unexpected file access via the publicly accessible language files path, which may indicate a symlink-based persistence backdoor. ↗
- →CVE-2024-21762 is exploited via specially crafted HTTP requests to the FortiOS SSL-VPN; monitor for anomalous or malformed HTTP requests targeting SSL-VPN endpoints. ↗
- →CVE-2024-21762 has been linked to Qilin ransomware group operations; correlate FortiGate compromise indicators with downstream ransomware activity. ↗
- ·Disabling SSL VPN entirely is the only available workaround if patching is not immediately possible; there is no partial mitigation for CVE-2024-21762 short of full SSL-VPN disablement. ↗
- ·Patching alone does not remove the symlink-based persistence backdoor; admins must also manually inspect and remove malicious symlinks left in the SSL-VPN language files folder. ↗
- ·FortiOS 7.6 is not affected by CVE-2024-21762; detection and patching efforts should focus on versions 6.0 through 7.4.2. ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
vulncheck9.8CRITICAL
cisa9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-v4hq-m4wr-6pmj: A out-of-bounds write in Fortinet FortiOS versions 7
ghsa_unreviewed·2024-02-09
CVE-2024-21762 [CRITICAL] CWE-787 GHSA-v4hq-m4wr-6pmj: A out-of-bounds write in Fortinet FortiOS versions 7
A out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7 allows attacker to execute unauthorized code or commands via specifically crafted requests
VulnCheck
Fortinet FortiOS Out-of-Bound Write Vulnerability
vulncheck·2024·CVSS 9.8
CVE-2024-21762 [CRITICAL] CWE-787 Fortinet FortiOS Out-of-Bound Write Vulnerability
Fortinet FortiOS Out-of-Bound Write Vulnerability
Fortinet FortiOS contains an out-of-bound write vulnerability that allows a remote unauthenticated attacker to execute code or commands via specially crafted HTTP requests.
Affected: Fortinet FortiOS
Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Known Ransomware Campaign Use: Known
Exploitation References: https://fortiguard.fortinet.com/psirt/FG-IR-24-015; https://www.cisa.gov/news-events/alerts/2024/02/09/fortinet-releases-security-advisories-fortios; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json; https://www.tenable.com/blog/cve-2024-21762-critical-fortinet-fortios-out-of-bound-write-ssl-vpn-vulnerability; https://www
VulnCheck
Fortinet FortiOS and FortiProxy SSL-VPN Heap-Based Buffer Overflow Vulnerability
vulncheck·2023·CVSS 9.8
CVE-2023-27997 [CRITICAL] CWE-122 Fortinet FortiOS and FortiProxy SSL-VPN Heap-Based Buffer Overflow Vulnerability
Fortinet FortiOS and FortiProxy SSL-VPN Heap-Based Buffer Overflow Vulnerability
Fortinet FortiOS and FortiProxy SSL-VPN contain a heap-based buffer overflow vulnerability which can allow an unauthenticated, remote attacker to execute code or commands via specifically crafted requests.
Affected: Fortinet FortiOS and FortiProxy
Required Action: Apply updates per vendor instructions.
Known Ransomware Campaign Use: Known
Exploitation References: https://www.fortinet.com/blog/psirt-blogs/analysis-of-cve-2023-27997-and-clarifications-on-volt-typhoon-campaign; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json; https://information.rapid7.com/rs/411-NAK-970/images/Rapid7-2023-Mid-Year-Threat-Review.pdf; https://blog.lumen.com/routers-roasting-on-an-open-firew
VulnCheck
Fortinet FortiOS Path Traversal Vulnerability
vulncheck·2022·CVSS 6.7
CVE-2022-41328 [MEDIUM] CWE-22 Fortinet FortiOS Path Traversal Vulnerability
Fortinet FortiOS Path Traversal Vulnerability
Fortinet FortiOS contains a path traversal vulnerability that may allow a local privileged attacker to read and write files via crafted CLI commands.
Affected: Fortinet FortiOS
Required Action: Apply updates per vendor instructions.
Exploitation References: https://www.fortinet.com/blog/psirt-blogs/fg-ir-22-369-psirt-analysis; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json; https://cloud.google.com/blog/topics/threat-intelligence/fortinet-malware-ecosystem/; https://www.mandiant.com/resources/blog/fortinet-malware-ecosystem; https://www.mandiant.com/resources/blog/zero-days-exploited-2022; https://www.mandiant.com/resources/blog/chinese-espionage-tactics; https://information.rapid7.com/rs/411-NAK-970/ima
VulnCheck
Fortinet FortiOS Heap-Based Buffer Overflow Vulnerability
vulncheck·2022·CVSS 9.8
CVE-2022-42475 [CRITICAL] CWE-197 Fortinet FortiOS Heap-Based Buffer Overflow Vulnerability
Fortinet FortiOS Heap-Based Buffer Overflow Vulnerability
Multiple versions of Fortinet FortiOS SSL-VPN contain a heap-based buffer overflow vulnerability which can allow an unauthenticated, remote attacker to execute arbitrary code or commands via specifically crafted requests.
Affected: Fortinet FortiOS
Required Action: Apply updates per vendor instructions.
Known Ransomware Campaign Use: Known
Exploitation References: https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit; https://www.fortiguard.com/psirt/FG-IR-22-398; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json; https://www.mandiant.com/resources/blog/chinese-actors-exploit-fortios-flaw; https://www.prio-n.com/a-year-in-review-2022-100-vulnerabilities-you-sh
VulnCheck
Fortinet Multiple Products Authentication Bypass Vulnerability
vulncheck·2022·CVSS 9.8
CVE-2022-40684 [CRITICAL] CWE-288 Fortinet Multiple Products Authentication Bypass Vulnerability
Fortinet Multiple Products Authentication Bypass Vulnerability
Fortinet FortiOS, FortiProxy, and FortiSwitchManager contain an authentication bypass vulnerability that could allow an unauthenticated attacker to perform operations on the administrative interface via specially crafted HTTP or HTTPS requests.
Affected: Fortinet Multiple Products
Required Action: Apply updates per vendor instructions.
Known Ransomware Campaign Use: Known
Exploitation References: https://www.fortiguard.com/psirt/FG-IR-22-377; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json; https://api.vulncheck.com/v3/index/sans-dshield?cve=CVE-2022-40684; https://blog.cyble.com/2022/11/24/multiple-organisations-compromised-by-critical-authentication-bypass-vulnerability-in-fortinet-pro
VulnCheck
Fortinet FortiOS SSL VPN Improper Authentication Vulnerability
vulncheck·2020·CVSS 9.8
CVE-2020-12812 [CRITICAL] CWE-178 Fortinet FortiOS SSL VPN Improper Authentication Vulnerability
Fortinet FortiOS SSL VPN Improper Authentication Vulnerability
Fortinet FortiOS SSL VPN contains an improper authentication vulnerability that may allow a user to login successfully without being prompted for the second factor of authentication (FortiToken) if they change the case in their username.
Affected: Fortinet FortiOS
Required Action: Apply updates per vendor instructions.
Known Ransomware Campaign Use: Known
Exploitation References: https://www.ic3.gov/media/news/2021/210402.pdf; https://www.ic3.gov/media/news/2021/210527.pdf; https://www.cisa.gov/news-events/cybersecurity-advisories/aa21-209a; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json; https://us-cert.cisa.gov/ncas/alerts/aa21-321a; https://cisa.gov/news-events/cybersecurity-advisori
VulnCheck
Fortinet FortiOS Default Configuration Vulnerability
vulncheck·2019·CVSS 6.5
CVE-2019-5591 [MEDIUM] CWE-306 Fortinet FortiOS Default Configuration Vulnerability
Fortinet FortiOS Default Configuration Vulnerability
Fortinet FortiOS contains a default configuration vulnerability that may allow an unauthenticated attacker on the same subnet to intercept sensitive information by impersonating the Lightweight Directory Access Protocol (LDAP) server.
Affected: Fortinet FortiOS
Required Action: Apply updates per vendor instructions.
Known Ransomware Campaign Use: Known
Exploitation References: https://www.ic3.gov/media/news/2021/210402.pdf; https://www.ic3.gov/media/news/2021/210527.pdf; https://www.cisa.gov/news-events/cybersecurity-advisories/aa21-209a; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json; https://us-cert.cisa.gov/ncas/alerts/aa21-321a; https://cisa.gov/news-events/cybersecurity-advisories/aa21-321a;
VulnCheck
Fortinet FortiOS SSL VPN Path Traversal Vulnerability
vulncheck·2018·CVSS 9.1
CVE-2018-13379 [CRITICAL] CWE-22 Fortinet FortiOS SSL VPN Path Traversal Vulnerability
Fortinet FortiOS SSL VPN Path Traversal Vulnerability
Fortinet FortiOS SSL VPN web portal contains a path traversal vulnerability that may allow an unauthenticated attacker to download FortiOS system files through specially crafted HTTP resource requests.
Affected: Fortinet FortiOS
Required Action: Apply updates per vendor instructions.
Known Ransomware Campaign Use: Known
Exploitation References: https://www.ncsc.gov.uk/news/alert-vpn-vulnerabilities; https://www.clearskysec.com/wp-content/uploads/2020/02/ClearSky-Fox-Kitten-Campaign.pdf; https://www.dragos.com/wp-content/uploads/The-ICS-Threat-Landscape.pdf; https://api.vulncheck.com/v3/index/sans-dshield?cve=CVE-2018-13379; https://media.defense.gov/2020/Jul/16/2002457639/-1/-1/0/NCSC_APT29_ADVISORY-QUAD-OFFICIAL-20200709-1810.PDF;
CISA ICS
Siemens RUGGEDCOM APE1808
cisa_ics·2024-03-14
Siemens RUGGEDCOM APE1808
ICS Advisory
##
Siemens RUGGEDCOM APE1808
Release DateMarch 14, 2024
Alert CodeICSA-24-074-05
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v4 8.7
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: RUGGEDCOM APE1808
- Vulnerabilities: Heap-based Buffer Overflow, External Control of File Name or Path, Improper Privilege Management, Uncontrolled Resource Consumption, Improper Certificate Validation, Out-of-bounds Write,
CISA
Fortinet FortiOS Out-of-Bound Write Vulnerability
cisa·2024-02-09·CVSS 9.8
CVE-2024-21762 [CRITICAL] CWE-787 Fortinet FortiOS Out-of-Bound Write Vulnerability
Vulnerability: Fortinet FortiOS Out-of-Bound Write Vulnerability
Affected: Fortinet FortiOS
Fortinet FortiOS contains an out-of-bound write vulnerability that allows a remote unauthenticated attacker to execute code or commands via specially crafted HTTP requests.
Required Action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Notes: https://fortiguard.fortinet.com/psirt/FG-IR-24-015 ; https://nvd.nist.gov/vuln/detail/CVE-2024-21762
Remediation Due Date: 2024-02-16
Fortinet
Out-of-bound Write in sslvpnd
vendor_fortinet·2024-02-09·CVSS 9.8
CVE-2024-21762 [CRITICAL] CWE-787 Out-of-bound Write in sslvpnd
FG-IR-24-015: Out-of-bound Write in sslvpnd
A out-of-bounds write in Fortinet FortiOS versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.13, 6.4.0 through 6.4.14, 6.2.0 through 6.2.15, 6.0.0 through 6.0.17, FortiProxy versions 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14, 2.0.0 through 2.0.13, 1.2.0 through 1.2.13, 1.1.0 through 1.1.6, 1.0.0 through 1.0.7 allows attacker to execute unauthorized code or commands via specifically crafted requests
CVEs: CVE-2024-21762
CWEs: CWE-787
CVSS: 9.8 (critical)
Affected products: FortiOS, FortiProxy, Fortinet
Suricata
ET WEB_SPECIFIC_APPS Fortigate FortiOS Invalid HTTP Chunk Length Out of Bounds Write Remote Code Execution Attempt (CVE-2024-21762) - Heap Manipulation
suricata·2024-03-22·CVSS 9.8
CVE-2024-21762 [CRITICAL] ET WEB_SPECIFIC_APPS Fortigate FortiOS Invalid HTTP Chunk Length Out of Bounds Write Remote Code Execution Attempt (CVE-2024-21762) - Heap Manipulation
ET WEB_SPECIFIC_APPS Fortigate FortiOS Invalid HTTP Chunk Length Out of Bounds Write Remote Code Execution Attempt (CVE-2024-21762) - Heap Manipulation
Rule: alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Fortigate FortiOS Invalid HTTP Chunk Length Out of Bounds Write Remote Code Execution Attempt (CVE-2024-21762) - Heap Manipulation"; flow:established,to_server; stream_size:client,>,1800; http.method; content:"POST"; http.uri; content:"/remote/"; http.request_body; content:"/bin/node|25 30 30|"; fast_pattern; content:"|2d|e|25 30 30|"; within:20; threshold:type limit, track by_src, count 1, seconds 60; reference:cve,2024-21762; reference:url,www.assetnote.io/resources/research/two-bytes-is-plenty-fortigate-rce-with-cve-2024-21762; classtype:trojan-activity; sid:
Suricata
ET WEB_SPECIFIC_APPS Fortigate FortiOS Invalid HTTP Chunk Length (CVE-2024-21762) Vulnerability Scan Attempt
suricata·2024-03-22·CVSS 9.8
CVE-2024-21762 [CRITICAL] ET WEB_SPECIFIC_APPS Fortigate FortiOS Invalid HTTP Chunk Length (CVE-2024-21762) Vulnerability Scan Attempt
ET WEB_SPECIFIC_APPS Fortigate FortiOS Invalid HTTP Chunk Length (CVE-2024-21762) Vulnerability Scan Attempt
Rule: alert http1 $EXTERNAL_NET any -> $HOME_NET any (msg:"ET WEB_SPECIFIC_APPS Fortigate FortiOS Invalid HTTP Chunk Length (CVE-2024-21762) Vulnerability Scan Attempt"; flow:established,to_server; content:"|0d 0a 0d 0a|0000000000000000FF|0d 0a 0d 0a|"; fast_pattern; http.method; content:"POST"; http.uri; content:"/remote/"; http.header; content:"Transfer-Encoding|3a 20|chunked"; reference:url,github.com/BishopFox/cve-2024-21762-check; reference:cve,2024-21762; classtype:trojan-activity; sid:2051765; rev:2; metadata:affected_product Fortigate, attack_target Networking_Equipment, tls_state TLSDecrypt, created_at 2024_03_22, cve CVE_2024_21762, deployment Perimeter, deployment SSLDec
No public exploits indexed.
Hackernews
New SharkLoader Malware Deploys Cobalt Strike in StrikeShark Cyberattacks
blogs_hackernews·2026-06-26·CVSS 9.8
CVE-2021-26855 [CRITICAL] New SharkLoader Malware Deploys Cobalt Strike in StrikeShark Cyberattacks
Home
Threat Intelligence
Vulnerabilities
Cyber Attacks
Webinars
Expert Insights
Awards
Webinars
Awards
Free eBooks
About THN
Jobs
Advertise with us
## New SharkLoader Malware Deploys Cobalt Strike in StrikeShark Cyberattacks
A newly discovered cyber attack campaign has been observed delivering a previously undocumented malware family called SharkLoader that acts as a loader for deploying Cobalt Strike Beacon on compromised hosts.
Kaspersky, which is tracking the activity under the moniker StrikeShark , said the campaign has targeted a diplomatic organization in Indonesia, government organizations in Taiwan, software development companies across multiple countries, and entities associated with other sectors located in Hong Kong, Lebanon, Syria, Colombia, North Macedonia, Ne
Securelist
StrikeShark: investigating a new campaign delivering Cobalt Strike through SharkLoader
blogs_securelist·2026-06-24
CVE-2021-26855 StrikeShark: investigating a new campaign delivering Cobalt Strike through SharkLoader
Fareed Radzi
Table of Contents
Introduction
Initial infection
Exploitation of public-facing applications
Dropper-based distribution
SharkLoader installation
SharkLoader DLL – Main implant
“PerfectDLL Hijacking” technique
Decryption and loading of >DscCoreR.mui
DscCoreR.mui and SyncRes.dat DLLs
Decryption and loading of SyncRes.dat
SyncRes.dat decrypted DLL: Multiple API hooks
VEH registration and access violation handling
Thread creation for Cobalt Strike Beacon execution
MinHook DLL, API hooking, and Cobalt Strike beacon
Persistence mechanism
Post-compromise activity
Victimology
Attribution
Conclusion
Indicators of compromise
Authors
Fareed Radzi
## Introduction
During our research of activity affecting a diplomatic organization in Indonesia, we uncovered a previo
Tenable
How much cyber risk does AI create for organizations? 457 million security issues. Here’s what you can do about it.
blogs_tenable·2026-06-24
CVE-2024-21762 How much cyber risk does AI create for organizations? 457 million security issues. Here’s what you can do about it.
## How much cyber risk does AI create for organizations? 457 million security issues. Here’s what you can do about it.
Over a 30 day period, Tenable detected 457 million AI-related security issues among 7,000-plus organizations, an average of 62,000 exposures per organization. If we didn’t already know that shadow AI was a problem, data like this makes it clear every organization needs to visualize, map, assess, and protect with a comprehensive exposure management program.
## Key takeaways
AI tools — approved and unapproved — are driving a massive wave of daily exposures, including an average of 62,000 per organization during a recent 30-day period. This is creating AI security issues that are primarily tied to misconfigurations and unmanaged dependencies rather than standard CVEs.
To
Tenable
CVE-2026-35616: Fortinet FortiClientEMS improper access control vulnerability exploited in the wild
blogs_tenable·2026-04-06·CVSS 9.8
[CRITICAL] CVE-2026-35616: Fortinet FortiClientEMS improper access control vulnerability exploited in the wild
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Tenable
Operation Epic Fury: Why exposure data changes everything about Iran's cyber-kinetic campaign
blogs_tenable·2026-03-17
Operation Epic Fury: Why exposure data changes everything about Iran's cyber-kinetic campaign
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Tenable
Operation Epic Fury: cyber threat data in the Iran War
blogs_tenable·2026-03-17·CVSS 7.8
[HIGH] Operation Epic Fury: cyber threat data in the Iran War
Blog / Cyber Exposure Alerts
Subscribe
# Operation Epic Fury: Why exposure data changes everything about Iran's cyber-kinetic campaign
Robert Huber
March 17, 2026
13 Min Read
Iran's retaliatory campaign following Operation Epic Fury has collapsed the boundary between physical and digital warfare. Tenable's exposure data analysis across seven target countries reveals that the largest exploitable attack surface isn't the headline threat, it's a Microsoft Word N-day affecting nearly 14 million assets.
## Key takeaways:
1. Exposure data rebalances the threat picture. A Microsoft Word N-day (CVE-2026-21514) accounts for nearly 14 million of the 15.5 million affected assets across the seven target countries, two orders of magnitude more than the conflict's headline threats. Organizations
Mandiant
Ransomware Under Pressure: Tactics, Techniques, and Procedures in a Shifting Threat Landscape
blogs_mandiant·2026-03-16
Ransomware Under Pressure: Tactics, Techniques, and Procedures in a Shifting Threat Landscape
## Ransomware Under Pressure: Tactics, Techniques, and Procedures in a Shifting Threat Landscape
## Google Threat Intelligence Group
## Google Threat Intelligence
Visibility and context on the threats that matter most.
Written by: Bavi Sadayappan, Zach Riddle, Ioana Teaca, Kimberly Goody, Genevieve Stark
## Introduction
Since 2018, when many financially motivated threat actors began shifting their monetization strategy to post-compromise ransomware deployments, ransomware has become one of the most pervasive threats to organizations across almost every industry vertical and region. In recent years ransomware operations have evolved, creating a robust ecosystem that has lowered the barrier to entry via the commoditization and specialization of the supporting underground communities, w
Mandiant
Ransomware Tactics, Techniques, and Procedures in a Shifting Threat Landscape
blogs_mandiant·2026-03-16
Ransomware Tactics, Techniques, and Procedures in a Shifting Threat Landscape
Threat Intelligence
# Ransomware Under Pressure: Tactics, Techniques, and Procedures in a Shifting Threat Landscape
March 16, 2026
##### Google Threat Intelligence Group
##### Google Threat Intelligence
Visibility and context on the threats that matter most.
Contact Us & Get a Demo
Written by: Bavi Sadayappan, Zach Riddle, Ioana Teaca, Kimberly Goody, Genevieve Stark
### Introduction
Since 2018, when many financially motivated threat actors began shifting their monetization strategy to post-compromise ransomware deployments, ransomware has become one of the most pervasive threats to organizations across almost every industry vertical and region. In recent years ransomware operations have evolved, creating a robust ecosystem that has lowered the barrier to entry via the commoditiza
Greynoiseio
The Noise in the Silence: Unmasking CISA's Hidden KEV Ransomware Updates
blogs_greynoiseio·2026-02-02
The Noise in the Silence: Unmasking CISA's Hidden KEV Ransomware Updates
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Find out immediately if an asset communicates with a malicious IP address
Vulnerability Prioritization Get real-time insight into active exploitation trends to better understand risk and severity
SOC Efficiency Filter out noisy, low priority and false-positive alerts from mass internet scanners
Incident Investigation Add context to incidents to speed the determinations of scope and timelines
Threat Hunting Quickly identify anomalous behavior and enrich your threat hunting campaigns
Why GreyNoise
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Fin
Tenable
CVE-2025-64155 PoC released Command Injection Vulnerability
blogs_tenable·2026-01-14·CVSS 9.8
[CRITICAL] CVE-2025-64155 PoC released Command Injection Vulnerability
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Tenable
CVE-2025-64446 FortiWeb Zero-Day Exploited
blogs_tenable·2025-11-14·CVSS 9.8
[CRITICAL] CVE-2025-64446 FortiWeb Zero-Day Exploited
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Securelist
IT threat evolution in Q2 2025. Non-mobile statistics
blogs_securelist·2025-09-05
IT threat evolution in Q2 2025. Non-mobile statistics
Table of Contents
The quarter in numbers
Ransomware
Quarterly trends and highlights
Law enforcement success
Vulnerabilities and attacks
Mass exploitation of a vulnerability in SAP NetWeaver
Attacks via the SimpleHelp remote administration tool
Qilin exploits vulnerabilities in Fortinet
Exploitation of a Windows CLFS vulnerability
The most prolific groups
Number of new variants
Number of users attacked by ransomware Trojans
Geography of attacked users
TOP 10 countries and territories attacked by ransomware Trojans
TOP 10 most common families of ransomware Trojans
Miners
Number of new variants
Number of users attacked by miners
Geography of attacked users
TOP 10 countries and territories attacked by miners
Attacks on macOS
TOP 20 threats to macOS
Geography of threats t
Securelist
Desktop and IoT threat report for Q2 2025
blogs_securelist·2025-09-05
Desktop and IoT threat report for Q2 2025
Table of Contents
- The quarter in numbers
- Ransomware
- Miners
- Attacks on macOS
- IoT threat statistics
- Attacks via web resources
- Local threats
Authors
- AMR
IT threat evolution in Q2 2025. Non-mobile statistics
IT threat evolution in Q2 2025. Mobile statistics
The statistics in this report are based on detection verdicts returned by Kaspersky products unless otherwise stated. The information was provided by Kaspersky users who consented to sharing statistical data.
## The quarter in numbers
In Q2 2025:
- Kaspersky solutions blocked more than 471 million attacks originating from various online resources.
- Web Anti-Virus detected 77 million unique links.
- File Anti-Virus blocked nearly 23 million malicious and potentially unwanted objects.
- There were 1,702 new ransomwar
Bleepingcomputer
Nissan confirms design studio data breach claimed by Qilin ransomware
blogs_bleepingcomputer·2025-08-26
Nissan confirms design studio data breach claimed by Qilin ransomware
## Nissan confirms design studio data breach claimed by Qilin ransomware
## Bill Toulas
Nissan Japan has confirmed to BleepingComputer that it suffered a data breach following unauthorized access to a server of one of its subsidiaries, Creative Box Inc. (CBI).
This came in response to the Qilin ransomware group's claims that they had stolen four terabytes of data from CBI, including 3D vehicle design models, internal reports, financial documents, VR design workflows, and photos.
"On August 16, 2025, suspicious access was detected on the data server of Creative Box Inc. (CBI), a company contracted by Nissan for design work," stated a Nissan spokesperson to BleepingComputer.
"CBI immediately implemented emergency measures, such as blocking all access to the server, to mitigate the risk,
Tenable
CVE-2025-25256: Proof of Concept Released for Critical Fortinet FortiSIEM Command Injection Vulnerability
blogs_tenable·2025-08-13·CVSS 9.8
[CRITICAL] CVE-2025-25256: Proof of Concept Released for Critical Fortinet FortiSIEM Command Injection Vulnerability
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Bleepingcomputer
The Heat Wasn't Just Outside: Cyber Attacks Spiked in Summer 2025
blogs_bleepingcomputer·2025-08-05·CVSS 9.8
[CRITICAL] The Heat Wasn't Just Outside: Cyber Attacks Spiked in Summer 2025
## The Heat Wasn't Just Outside: Cyber Attacks Spiked in Summer 2025
## Picus Security
Summer 2025 wasn't just hot; it was relentless.
Ransomware hammered hospitals, retail giants suffered data breaches, insurance firms were hit by phishing, and nation-state actors launched disruptive campaigns.
From stealthy PowerShell loaders to zero-day SharePoint exploits, attackers kept defenders on their heels.
This report breaks down the season's most high-impact incidents and what security teams need to do before the next wave hits.
## Summer Expose Healthcare's Growing Ransomware Risk
Hospitals can't afford downtime, and attackers know it.
This summer, ransomware groups targeted healthcare, exploiting both the value of patient data and the urgency of care.
## Interlock rises as a major th
Bleepingcomputer
Critical Fortinet flaws now exploited in Qilin ransomware attacks
blogs_bleepingcomputer·2025-06-06·CVSS 9.8
[CRITICAL] Critical Fortinet flaws now exploited in Qilin ransomware attacks
## Critical Fortinet flaws now exploited in Qilin ransomware attacks
## Sergiu Gatlan
The Qilin ransomware operation has recently joined attacks exploiting two Fortinet vulnerabilities that allow bypassing authentication on vulnerable devices and executing malicious code remotely.
Qilin (also tracked as Phantom Mantis) surfaced in August 2022 as a Ransomware-as-a-Service (RaaS) operation under the "Agenda" name and has since claimed responsibility for over 310 victims on its dark web leak site.
Its victim list also includes high-profile organizations, such as automotive giant Yangfeng , publishing giant Lee Enterprises , Australia's Court Services Victoria , and pathology services provider Synnovis . The Synnovis incident impacted several major NHS hospitals in London, which forced the
Tenable
CVE-2025-32756: Zero-Day Vulnerability in Multiple Fortinet Products Exploited in the Wild
blogs_tenable·2025-05-14·CVSS 9.8
[CRITICAL] CVE-2025-32756: Zero-Day Vulnerability in Multiple Fortinet Products Exploited in the Wild
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Tenable
Cybersecurity Snapshot: U.K. NCSC’s Best Cyber Advice on AI Security, the Quantum Threat, API Risks, Mobile Malware and More
blogs_tenable·2025-05-09
Cybersecurity Snapshot: U.K. NCSC’s Best Cyber Advice on AI Security, the Quantum Threat, API Risks, Mobile Malware and More
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Tenable
Reducing Remediation Time Remains a Challenge: How Tenable Vulnerability Watch Can Help
blogs_tenable·2025-04-25
Reducing Remediation Time Remains a Challenge: How Tenable Vulnerability Watch Can Help
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Tenable
Verizon 2025 DBIR: Tenable Research Collaboration Shines a Spotlight on CVE Remediation Trends
blogs_tenable·2025-04-23
Verizon 2025 DBIR: Tenable Research Collaboration Shines a Spotlight on CVE Remediation Trends
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Bleepingcomputer
Fortinet: Hackers retain access to patched FortiGate VPNs using symlinks
blogs_bleepingcomputer·2025-04-11·CVSS 9.8
[CRITICAL] Fortinet: Hackers retain access to patched FortiGate VPNs using symlinks
## Fortinet: Hackers retain access to patched FortiGate VPNs using symlinks
## Sergiu Gatlan
Fortinet warns that threat actors use a post-exploitation technique that helps them maintain read-only access to previously compromised FortiGate VPN devices even after the original attack vector was patched.
Earlier this week, Fortinet began sending emails to customers warning that their FortiGate/FortiOS devices were compromised based on telemetry received from FortiGuard devices.
These emails were titled "Notification of device compromise - FortiGate / FortiOS - ** Urgent action required **," given a TLP:AMBER+STRICT designation.
"This issue is not related to any new vulnerability. This file was left behind by a threat actor following exploitation of previous known vulnerabilities," the ema
Greynoiseio
GreyNoise Detects Active Exploitation of CVEs Mentioned in Black Basta’s Leaked Chat Logs
blogs_greynoiseio·2025-02-26·CVSS 9.8
[CRITICAL] GreyNoise Detects Active Exploitation of CVEs Mentioned in Black Basta’s Leaked Chat Logs
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Find out immediately if an asset communicates with a malicious IP address
Vulnerability Prioritization Get real-time insight into active exploitation trends to better understand risk and severity
SOC Efficiency Filter out noisy, low priority and false-positive alerts from mass internet scanners
Incident Investigation Add context to incidents to speed the determinations of scope and timelines
Threat Hunting Quickly identify anomalous behavior and enrich your threat hunting campaigns
Why GreyNoise
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Fin
Qualys
Defense Lessons From the Black Basta Ransomware Playbook
blogs_qualys·2025-02-25
Defense Lessons From the Black Basta Ransomware Playbook
## Table of Contents
Know Your Enemys Playbook
Attackers Move Fast
How Qualys Can Help
The cybersecurity world was rocked last week by a massive leak of Black Basta’s internal communications that emerged from the group’s chat logs. Triggered by internal conflicts and a retaliatory data dump following attacks on Russian banks, the exposed records offer a rare glimpse into Black Basta’s tactics, operations, and leadership.
We’ve analyzed these newly unveiled tactics, and in this blog, we equip security teams with clear, actionable insights. We aim to highlight the key lessons learned—like immediate patching, tighter access controls, and rapid incident response—and provide an urgent call to action. This practical guide aims to help organizations strengthen their defenses against evolving
Qualys
Defense Lessons From the Black Basta Ransomware Playbook | Qualys
blogs_qualys·2025-02-25
Defense Lessons From the Black Basta Ransomware Playbook | Qualys
#### Table of Contents
- Know Your Enemys Playbook
- Attackers Move Fast
- How Qualys Can Help
The cybersecurity world was rocked last week by a massive leak of Black Basta’s internal communications that emerged from the group’s chat logs. Triggered by internal conflicts and a retaliatory data dump following attacks on Russian banks, the exposed records offer a rare glimpse into Black Basta’s tactics, operations, and leadership.
We’ve analyzed these newly unveiled tactics, and in this blog, we equip security teams with clear, actionable insights. We aim to highlight the key lessons learned—like immediate patching, tighter access controls, and rapid incident response—and provide an urgent call to action. This practical guide aims to help organizations strengthen their defenses against ev
Tenable
Cybersecurity Snapshot: Cyber Agencies Offer Best Practices for Network Edge Security, While OWASP Ranks Top Risks of Non-Human Identities
blogs_tenable·2025-02-07
Cybersecurity Snapshot: Cyber Agencies Offer Best Practices for Network Edge Security, While OWASP Ranks Top Risks of Non-Human Identities
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Tenable
CVE-2024-55591: Fortinet Authentication Bypass Zero-Day Vulnerability Exploited in the Wild
blogs_tenable·2025-01-14·CVSS 9.8
[CRITICAL] CVE-2024-55591: Fortinet Authentication Bypass Zero-Day Vulnerability Exploited in the Wild
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Qualys
Cybersecurity Threat Landscape 2024 Midyear Review
blogs_qualys·2024-08-06
Cybersecurity Threat Landscape 2024 Midyear Review
## Table of Contents
Key Takeaways from the Threat Landscape Report 2024
Vulnerability and Threat Analysis in the Cybersecurity Landscape 2024
Cyber Threat Landscape 2024 A Detailed Review
Key Statistics and Their Impact on the 2024 Cybersecurity Landscape
Mid-2024s Most Exploited Vulnerabilities in the Cybersecurity Landscape
Conclusion
As we navigate the complexities of 2024, it’s crucial to pause and reflect on the evolving threat landscape that surrounds us. This moment offers a unique opportunity to scrutinize our triumphs and missteps, understand the events that have decisively shaped our environment, and consider those that have subtly influenced it. By extracting key lessons from our recent experiences, we can fortify our strategies and prepare more effectively for the emerg
Bleepingcomputer
Exploit released for Fortinet RCE bug used in attacks, patch now
blogs_bleepingcomputer·2024-03-21·CVSS 9.8
CVE-2023-48788 [CRITICAL] Exploit released for Fortinet RCE bug used in attacks, patch now
## Exploit released for Fortinet RCE bug used in attacks, patch now
## Sergiu Gatlan
Security researchers have released a proof-of-concept (PoC) exploit for a critical vulnerability in Fortinet's FortiClient Enterprise Management Server (EMS) software, which is now actively exploited in attacks.
Tracked as CVE-2023-48788 , this security flaw is an SQL injection in the DB2 Administration Server (DAS) component discovered and reported by the UK's National Cyber Security Centre (NCSC).
It impacts FortiClient EMS versions 7.0 (7.0.1 through 7.0.10) and 7.2 (7.2.0 through 7.2.2), and it enables unauthenticated threat actors to gain remote code execution (RCE) with SYSTEM privileges on unpatched servers in low-complexity attacks that don't require user interaction.
"An improper neutralizati
Tenable
CVE-2023-48788: Critical Fortinet FortiClientEMS SQL Injection Vulnerability
blogs_tenable·2024-03-14·CVSS 9.8
[CRITICAL] CVE-2023-48788: Critical Fortinet FortiClientEMS SQL Injection Vulnerability
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Bleepingcomputer
Fortinet warns of critical RCE bug in endpoint management software
blogs_bleepingcomputer·2024-03-13·CVSS 8.1
CVE-2023-48788 [HIGH] Fortinet warns of critical RCE bug in endpoint management software
## Fortinet warns of critical RCE bug in endpoint management software
## Sergiu Gatlan
Fortinet patched a critical vulnerability in its FortiClient Enterprise Management Server (EMS) software that can allow attackers to gain remote code execution (RCE) on vulnerable servers.
FortiClient EMS enables admins to manage endpoints connected to an enterprise network, allowing them to deploy FortiClient software and assign security profiles on Windows devices.
The security flaw ( CVE-2023-48788 ) is an SQL injection in the DB2 Administration Server (DAS) component, which was discovered and reported by the UK's National Cyber Security Centre (NCSC) and Fortinet developer Thiago Santana.
It impacts FortiClient EMS versions 7.0 (7.0.1 through 7.0.10) and 7.2 (7.2.0 through 7.2.2), and it allows
Bleepingcomputer
Critical Fortinet flaw may impact 150,000 exposed devices
blogs_bleepingcomputer·2024-03-08·CVSS 9.8
CVE-2024-21762 [CRITICAL] Critical Fortinet flaw may impact 150,000 exposed devices
## Critical Fortinet flaw may impact 150,000 exposed devices
## Ionut Ilascu
Scans on the public web show that approximately 150,000 Fortinet FortiOS and FortiProxy secure web gateway systems are vulnerable to CVE-2024-21762, a critical security issue that allows executing code without authentication.
America's Cyber Defense Agency CISA confirmed last month that attackers are actively exploiting the flaw by adding it to its Known Exploited Vulnerabilities (KEV) catalog.
## Vulnerable versions all over the world
Almost a month after Fortinet addressed CVE-2024-21762, The Shadowserver Foundation announced on Thursday that it found nearly 150,000 vulnerable devices.
Shadowserver's Piotr Kijewski told BleepingComputer that their scans check for vulnerable versions, so the number of affec
Wiz
Crying Out Cloud - March 2024 Newsletter | Wiz
blogs_wiz·2024-03-01·CVSS 8.6
CVE-2024-21626 [HIGH] Crying Out Cloud - March 2024 Newsletter | Wiz
Welcome back! In this edition, we bring you the latest in cloud security – crucial vulnerabilities, exclusive data, and noteworthy incidents. Stay informed and stay secure. Let's delve in.
Here are our cloud security highlights!
## 🐞 High Profile Vulnerabilities
Leaky Vessels: Docker and runc Container Escape Vulnerabilities
Several vulnerabilities have been revealed in the runC command line tool (CVE-2024-21626, CVE-2024-23651, CVE-2024-23652, and CVE-2024-23653). These flaws pose a risk of container escape, exploiting these vulnerabilities could grant unauthorized access to the host operating system, potentially compromising sensitive data and facilitating further attacks, particularly with superuser privileges.
According to Wiz data, 18% percent of cloud environments have resources
Wiz
New FortiOS Critical Vulnerabilities Exploited In-The-Wild | Wiz Blog
blogs_wiz·2024-02-12·CVSS 9.8
CVE-2024-21762 [CRITICAL] New FortiOS Critical Vulnerabilities Exploited In-The-Wild | Wiz Blog
CVE-2024-21762 and CVE-2024-23113 are critical vulnerabilities in Fortinet's FortiOS and FortiProxy; they received a CVSS score of 9.6 and 9.8, respectively. Both vulnerabilities could allow a remote unauthenticated attacker to execute arbitrary code or commands, and CVE-2024-21762 is reportedly being exploited in the wild. Fortinet guidance recommends to upgrade FortiOS instances to patched versions as soon as possible. Wiz customers can use the pre-built query and advisory in the Wiz Threat Center to search for vulnerable instances in their environment.
# What are CVE-2024-21762 and CVE-2024-23113?
The vulnerability identified as CVE-2024-21762, rated with a CVSS score of 9.6, stems from improper parameter validation within FortiOS SSL-VPN. It can be exploited by a remote, unauthentica
Checkpoint
12th February – Threat Intelligence Report
blogs_checkpoint·2024-02-12
CVE-2022-42475 12th February – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 12th February – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 12th February, please download our Threat_Intelligence Bulletin .
TOP ATTACKS AND BREACHES
One of the largest unions in California, Service Employees International Union (SEIU) Local 1000, has confirmed a ransomware attack that led to network disruption. The LockBit ransomware gang has assumed responsibility, claiming to have stolen 308GB of data including sensitive employee information such as Social Securit
Wiz
New FortiOS Critical Vulnerabilities Exploited In-The-Wild | Wiz Blog
blogs_wiz·2024-02-12·CVSS 9.8
CVE-2024-21762 [CRITICAL] New FortiOS Critical Vulnerabilities Exploited In-The-Wild | Wiz Blog
CVE-2024-21762 and CVE-2024-23113 are critical vulnerabilities in Fortinet's FortiOS and FortiProxy; they received a CVSS score of 9.6 and 9.8, respectively. Both vulnerabilities could allow a remote unauthenticated attacker to execute arbitrary code or commands, and CVE-2024-21762 is reportedly being exploited in the wild. Fortinet guidance recommends to upgrade FortiOS instances to patched versions as soon as possible. Wiz customers can use the pre-built query and advisory in the Wiz Threat Center to search for vulnerable instances in their environment.
## What are CVE-2024-21762 and CVE-2024-23113?
The vulnerability identified as CVE-2024-21762, rated with a CVSS score of 9.6, stems from improper parameter validation within FortiOS SSL-VPN. It can be exploited by a remote, unauthentic
Bleepingcomputer
New Fortinet RCE bug is actively exploited, CISA confirms
blogs_bleepingcomputer·2024-02-09·CVSS 10.0
CVE-2024-21762 [CRITICAL] New Fortinet RCE bug is actively exploited, CISA confirms
## New Fortinet RCE bug is actively exploited, CISA confirms
## Sergiu Gatlan
CISA confirmed today that attackers are actively exploiting a critical remote code execution (RCE) bug patched by Fortinet on Thursday.
The flaw (CVE-2024-21762) is due to an out-of-bounds write weakness in the FortiOS operating system and the FortiProxy secure web proxy that can let unauthenticated attackers execute arbitrary code remotely using maliciously crafted HTTP requests.
Admins who can't immediately deploy security updates to patch vulnerable appliances can remove the attack vector by disabling SSL VPN on the device.
CISA's announcement comes one day after Fortinet published a security advisory saying the flaw was "potentially being exploited in the wild."
While the company has yet to share more d
Tenable
CVE-2024-21762: Critical Fortinet FortiOS Out-of-Bound Write SSL VPN Vulnerability
blogs_tenable·2024-02-09·CVSS 9.8
[CRITICAL] CVE-2024-21762: Critical Fortinet FortiOS Out-of-Bound Write SSL VPN Vulnerability
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
Bleepingcomputer
New Fortinet RCE flaw in SSL VPN likely exploited in attacks
blogs_bleepingcomputer·2024-02-08·CVSS 7.5
CVE-2024-21762 [HIGH] New Fortinet RCE flaw in SSL VPN likely exploited in attacks
## New Fortinet RCE flaw in SSL VPN likely exploited in attacks
## Lawrence Abrams
Fortinet is warning that a new critical remote code execution vulnerability in FortiOS SSL VPN is potentially being exploited in attacks.
The flaw (tracked as CVE-2024-21762 / FG-IR-24-015 ) received a 9.6 severity rating and is an out-of-bounds write vulnerability in FortiOS that allows unauthenticated attackers to gain remote code execution (RCE) via maliciously crafted requests.
To patch the bug, Fortinet recommends upgrading to one of the latest version based on this table:
FortiOS 7.6
Not affected
Not Applicable
FortiOS 7.4
7.4.0 through 7.4.2
Upgrade to 7.4.3 or above
FortiOS 7.2
7.2.0 through 7.2.6
Upgrade to 7.2.7 or above
FortiOS 7.0
7.0.0 through 7.0.13
Upgrade to 7.0.14 or above
F
Sentinelone
Black Basta
blogs_sentinelone·2022-11-30
Black Basta
How It Works The Singularity XDR Difference
Singularity Marketplace One-Click Integrations to Unlock the Power of XDR
Pricing & Packaging Comparisons and Guidance at a Glance
Purple AI Accelerate SecOps with Generative AI
Singularity Hyperautomation Easily Automate Security Processes
AI-SIEM The AI SIEM for the Autonomous SOC
Singularity Data Lake AI-Powered, Unified Data Lake
Singularity Data Lake for Log Analytics Seamlessly Ingest Data from On-Prem, Cloud or Hybrid Environments
Singularity Endpoint Autonomous Prevention, Detection, and Response
Singularity XDR Native & Open Protection, Detection, and Response
Singularity RemoteOps Forensics Orchestrate Forensics at Scale
Singularity
Threat Intelligence Comprehensive Adversary Intelligence
Singularity Vulnerability Management
Greynoiseio
Hunting for Fortinet's CVE-2024-21762
blogs_greynoiseio·CVSS 9.8
[CRITICAL] Hunting for Fortinet's CVE-2024-21762
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Find out immediately if an asset communicates with a malicious IP address
Vulnerability Prioritization Get real-time insight into active exploitation trends to better understand risk and severity
SOC Efficiency Filter out noisy, low priority and false-positive alerts from mass internet scanners
Incident Investigation Add context to incidents to speed the determinations of scope and timelines
Threat Hunting Quickly identify anomalous behavior and enrich your threat hunting campaigns
Why GreyNoise
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Fin
Greynoiseio
NoiseLetter March 2026
blogs_greynoiseio
NoiseLetter March 2026
Events, events… and yes, even more events. 🌍 GreyNoise has been on the move. March kept us busy with stops at eCrimes in London and SecIT in Hanover—but we’re just getting started. Over the next few months, we’ll be hitting the road for CrowdStrike CrowdTours across eight cities, heading to Glasgow to speak and sponsor CyberUK, and making our way to Tampa for H-ISAC. If you’ll be at any of these (or nearby), we’d love to connect.
And while we’ve been racking up miles, we haven’t slowed down on the research front. We’ve just released some exciting new findings—with even more coming in the next few weeks—so keep an eye out.
Thanks, as always, for being part of the GreyNoise community.
Featured
About this new report
Every enterprise firewall processes traffic from residential IP space. T
Greynoiseio
NoiseLetter March 2024
blogs_greynoiseio
NoiseLetter March 2024
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Find out immediately if an asset communicates with a malicious IP address
Vulnerability Prioritization Get real-time insight into active exploitation trends to better understand risk and severity
SOC Efficiency Filter out noisy, low priority and false-positive alerts from mass internet scanners
Incident Investigation Add context to incidents to speed the determinations of scope and timelines
Threat Hunting Quickly identify anomalous behavior and enrich your threat hunting campaigns
Why GreyNoise
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Fin
Greynoiseio
Storm Watch
blogs_greynoiseio
Storm Watch
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Find out immediately if an asset communicates with a malicious IP address
Vulnerability Prioritization Get real-time insight into active exploitation trends to better understand risk and severity
SOC Efficiency Filter out noisy, low priority and false-positive alerts from mass internet scanners
Incident Investigation Add context to incidents to speed the determinations of scope and timelines
Threat Hunting Quickly identify anomalous behavior and enrich your threat hunting campaigns
Why GreyNoise
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Fin
Sentinelone
Black Basta
blogs_sentinelone
Black Basta
# Black Basta Ransomware: In-Depth Analysis, Detection, and Mitigation
## Summary of Black Basta Ransomware
Black Basta first emerged in early 2022. The ransomware family is an evolution of the Hermes/Ryuk/Conti families. Black Basta was heavily advertised in underground cybercrime markets. Black Basta practices double extortion – demanding payment for a decryptor, as well as for the non-release of stolen data. There are Windows and LInux variants of Black Basta ransomware. The group is responsible for hundreds of attacks against global targets of varying sectors.
February 2025 Update: Nearly a year’s worth of Black Basta chat logs have been released on Telegram, providing detailed insight into the groups operational workflow, reconnaissance activities, and specific userID and details o
Huntress
CVE-2024-21762 Vulnerability: Analysis, Impact, Mitigation | Huntress
blogs_huntress·CVSS 9.8
CVE-2024-21762 [CRITICAL] CVE-2024-21762 Vulnerability: Analysis, Impact, Mitigation | Huntress
## CVE-2024-21762 Vulnerability
Written by: Monica Burgess
Published: 11/07/25
## Overview
CVE-2024-21762 is a critical out-of-bounds write vulnerability found in Fortinet's FortiOS, the operating system for their FortiGate firewalls . This flaw allows a remote, unauthenticated attacker to execute arbitrary code or commands through specially crafted HTTP requests. Essentially, a bad actor from anywhere in the world could potentially take full control of a vulnerable system.
## What is CVE-2024-21762 Vulnerability?
The CVE-2024-21762 vulnerability is a critical remote code execution (RCE) weakness in FortiGate SSL VPNs. With a CVSS score of 9.8 out of 10, it’s about as serious as they get. The issue stems from an out-of-bounds write problem in the sslvpnd process, which handles SSL VP
arXiv
Efficacy of EPSS in High Severity CVEs found in KEV
arxiv_fulltext·2024-11-04
Efficacy of EPSS in High Severity CVEs found in KEV
empty
empty
24pt
10pt plus 1.0pt minus 2.0pt
## Abstract
The Exploit Prediction Scoring System (EPSS) is designed to assess the probability of a vulnerability being exploited in the next 30 days relative to other vulnerabilities. The latest version, based on a research paper published in arXiv , assists defenders in deciding which vulnerabilities to prioritize for remediation. This study evaluates EPSS's ability to predict exploitation before vulnerabilities are actively compromised, focusing on high severity CVEs that are known to have been exploited and included in the CISA KEV catalog. By analyzing EPSS score history, the availability and simplicity of exploits, the system's purpose, its value as a target for Threat Actors (TAs), this paper examines EPSS's potential and identifies ar
2024-02-09
Published
2024-02-09
Added to CISA KEV
Exploited in the wild