FortiBleed Actors Collaborating With Inc, Lynx Ransomware Gangs
After gaining a foothold in thousands of Fortinet firewalls, the attackers are starting to monetize that access, and are also piling on a Nextcloud zero-day bug.
Stay secure with our latest firewall updates, trends, and expert insights in information security to protect your digital assets effectively.
Search across headline titles and summaries.
Background for this topic.
Firewalls are security controls that permit or block network connections according to policy. They can operate at network boundaries, between internal segments, on individual hosts, or in cloud environments. Basic rules use addresses, ports, protocols, and connection state; more advanced firewalls may inspect applications or encrypted traffic where configured. Their purpose is to limit which systems can communicate, not to determine that all permitted traffic is safe.
Security depends heavily on accurate policy and maintenance. Overly broad, obsolete, or conflicting rules can expose services or allow unnecessary lateral movement, while unmanaged administrative interfaces and unpatched firewall software create additional attack surfaces. Practitioners should restrict management access, apply least-privilege rules, review and remove exceptions, and monitor logs for unexpected connections and policy changes. Firewall logs can support investigation, but encryption, evasion, and traffic allowed by policy may limit what the control can detect.
Weekly headline count for the current query.
After gaining a foothold in thousands of Fortinet firewalls, the attackers are starting to monetize that access, and are also piling on a Nextcloud zero-day bug.
Rapid growth turned routine firewall logs into a security and budget liability. One CISO used artificial intelligence to filter what data truly belongs in the SIEM.
The threat actors engineered a Golang-based sniffer to target 430,000 FortiGate firewalls and identify 110 million credentials in the ongoing global campaign.
Twenty years after Dark Reading launched, we're looking ahead at what's next for enterprise security. Spoiler: It's hyper-segmented, AI-orchestrated, and way more sophisticated than your dad's firewall.
The ransomware gang, known for double-extortion attacks, had access to a critical Cisco firewall vulnerability weeks before it was publicly disclosed.
Edge bugs are so fetch, and Cisco just patched 50 new ones, including some heavy hitters with 10 out of 10 scores on the CVSS scale.
Speed and security are historically clashing priorities, but with AI and automation, it's increasingly important that application developers and security teams get on the same page.
When a company gets breached through a third-party security vendor, who should bear responsibility? For one FinTech company, the answer is the firewall provider.
A Russian-speaking hacker used generative AI to compromise the FortiGate firewalls, targeting credentials and backups for possible follow-on ransomware attacks.
Automated infections of potentially fully patched FortiGate devices are allowing threat actors to steal firewall configuration files.
With attacks on the critical firewall vulnerability, WatchGuard joins a list of edge device vendors that have been targeted in recent weeks.
As exploitation activity against CVE-2025-55182 ramps up, researchers are finding some proof-of-concept exploits contain bypasses for web application firewall (WAF) rules.
A second zero-day vulnerability in its web application firewall (WAF) line has come under attack, raising more questions about the vendor's disclosure practices.
IoT devices can be compromised, thanks to gaps in cloud management interfaces for firewalls and routers, even if they're protected by security software or not online.
The network security vendor said the MySonicWall breach was unrelated to the recent wave of Akira ransomware attacks targeting the company's devices.
SonicWall said a breach it disclosed last month affected firewall configuration files for all customers who have used SonicWall’s cloud backup service — up from its previous 5% estimate.
Akira ransomware actors are currently targeting SonicWall firewall customers vulnerable to a bug discovered last year.
Patch now: Cisco recently disclosed four actively exploited zero-days affecting millions of devices, including three targeted by a nation-state actor previously discovered to be behind the "ArcaneDoor" campaign.
Threat actors breached the MySonicWall service and accessed backup firewall configuration files belonging to "fewer than 5%" of its install base, according to the company.
An uptick of ransomware activity by the group in late July that uses the vendor's SSL VPN devices for initial intrusion shows evidence of an as-yet-undisclosed flaw under exploitation.