FortiBleed Actors Collaborating With Inc, Lynx Ransomware Gangs
After gaining a foothold in thousands of Fortinet firewalls, the attackers are starting to monetize that access, and are also piling on a Nextcloud zero-day bug.
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
After gaining a foothold in thousands of Fortinet firewalls, the attackers are starting to monetize that access, and are also piling on a Nextcloud zero-day bug.
The threat group behind the attacks is also linked to a series of recently disclosed vulnerabilities in the vendor’s firewalls and SD-WAN systems. The post Cisco zero-day under ongoing attack by persistent threat group appeared first on CyberScoop.
Palo Alto Networks warned customers that suspected state-sponsored hackers have been exploiting a critical-severity PAN-OS firewall zero-day vulnerability for nearly a month. [...]
The vendor hasn’t released a patch for the vulnerability or described the scope and objective of confirmed attacks. The post A critical Palo Alto PAN-OS zero-day is being exploited in the wild appeared first on CyberScoop.
Palo Alto Networks warned customers today that a critical-severity unpatched vulnerability in the PAN-OS User-ID Authentication Portal is being exploited in attacks. [...]
Notorious ransomware group Interlock has been exploiting a Cisco zero-day bug since January, AWS says
Interlock's post-exploit toolkit exposed Ransomware criminals exploited CVE-2026-20131, a maximum-severity bug in Cisco Secure Firewall Management Center software, as a zero-day vulnerability more than a month before Cisco patched the hole, according to Amazon security boss CJ Moses.…
The Interlock ransomware gang has been exploiting a maximum severity remote code execution (RCE) vulnerability in Cisco's Secure Firewall Management Center (FMC) software in zero-day attacks since late January. [...]
Amazon Threat Intelligence is warning of an active Interlock ransomware campaign that's exploiting a recently disclosed critical security flaw in Cisco Secure Firewall Management Center (FMC) Software
With attacks on the critical firewall vulnerability, WatchGuard joins a list of edge device vendors that have been targeted in recent weeks.
Scans Count 117,000 Unpatched Firewalls Running Vulnerable Version of Fireware OSAttackers are actively attempting to exploit a now patched, zero-day vulnerability in WatchGuard Firebox firewalls, tracked as CVE-2025-14733, that can be used to remotely execute code. Scans show that over 115,000 of these edge devices remain internet-connected, unpatched and at risk.
Attackers may be joining the dots to enable unauthenticated RCE Fortinet has confirmed that another flaw in its FortiWeb web application firewall has been exploited as a zero-day and issued a patch, just days after disclosing a critical bug in the same product that attackers had found and abused a month earlier.…
A second zero-day vulnerability in its web application firewall (WAF) line has come under attack, raising more questions about the vendor's disclosure practices.
CISA has ordered U.S. government agencies to secure their systems within a week against another vulnerability in Fortinet's FortiWeb web application firewall, which was exploited in zero-day attacks. [...]
Fortinet has silently patched a critical zero-day vulnerability in its FortiWeb web application firewall, which is now being widely exploited. [...]
Cisco warned this week that two vulnerabilities, which have been exploited in zero-day attacks, are now being abused to force ASA and FTD firewalls into reboot loops. [...]
The U.K. National Cyber Security Centre (NCSC) has revealed that threat actors have exploited the recently disclosed security flaws impacting Cisco firewalls as part of zero-day attacks to deliver previously undocumented malware families like RayInitiator and LINE VIPER
Patch now: Cisco recently disclosed four actively exploited zero-days affecting millions of devices, including three targeted by a nation-state actor previously discovered to be behind the "ArcaneDoor" campaign.
Cisco is urging customers to patch two security flaws impacting the VPN web server of Cisco Secure Firewall Adaptive Security Appliance (ASA) Software and Cisco Secure Firewall Threat Defense (FTD) Software, which it said have been exploited in the wild
CISA has issued a new emergency directive ordering U.S. federal agencies to secure their Cisco firewall devices against two flaws that have been exploited in zero-day attacks. [...]