Chinese Hackers Exploit Fortinet Zero-Day Flaw for Cyber Espionage Attack
The zero-day exploitation of a now-patched medium-security flaw in the Fortinet FortiOS operating system has been linked to a suspected Chinese hacking group
Stay informed on the latest exploit trends and vulnerabilities. Get expert insights and updates on information security exploits with our dedicated tag.
Search across headline titles and summaries.
Background for this topic.
An exploit is code, data, or a sequence of actions that uses a software, hardware, or configuration vulnerability to produce unintended behavior. Depending on the flaw and the attacker’s access, it may enable unauthorized code execution, privilege escalation, information disclosure, or denial of service. Exploitation can occur remotely through exposed services, web applications, or client software, or locally after an attacker gains limited access.
Exploitation matters because a vulnerability becomes an active attack path when the required conditions are reachable and exploitable. Defenders should inventory affected assets, prioritize remediation when exploitation is known or credible, apply patches or vendor mitigations, and reduce exposure through access controls, segmentation, and secure configuration. Monitoring for exploit-specific indicators—such as abnormal requests, unexpected processes, or privilege changes—supports detection; systems suspected of successful exploitation require containment and investigation for follow-on access.
The zero-day exploitation of a now-patched medium-security flaw in the Fortinet FortiOS operating system has been linked to a suspected Chinese hacking group
Snowballing PoC exploits for CVE-2023-23397 and a massive attack surface means almost business user could be a victim.
Multiple threat actors, including a nation-state group, exploited a critical three-year-old security flaw in Progress Telerik to break into an unnamed federal entity in the U.S
Why patching matters: Everyone seemingly had a crack at security bug Multiple criminals, including at least potentially one nation-state group, broke into a US federal government agency's Microsoft Internet Information Services web server by exploiting a critical three-year-old Telerik bug to achieve remote code execution.…
Security researchers have shared technical details for exploiting a critical Microsoft Outlook vulnerability for Windows (CVE-2023-23397) that allows hackers to remotely steal hashed passwords by simply receiving an email. [...]
The outlook is grim for Outlook - and SAP, Adobe. Android, and Chrome - so get ready for a long update party Patch Tuesday Microsoft's March Patch Tuesday includes new fixes for 74 bugs, two of which are already being actively exploited, and nine that are rated critical. Let's start with the two that miscreants found before Redmond issued a fix.…
The collapse of the Silicon Valley Bank (SVB) on March 10, 2023, has sent ripples of turbulence throughout the global financial system, but for hackers, scammers, and phishing campaigns, it's becoming an excellent opportunity. [...]
Government entities and large organizations have been targeted by an unknown threat actor by exploiting a security flaw in Fortinet FortiOS software to result in data loss and OS and file corruption
Unknown attackers used zero-day exploits to abuse a new FortiOS bug patched this month in attacks targeting government and large organizations that have led to OS and file corruption and data loss. [...]