CVE-2026-24858
..... Allows an attacker with a FortiCloud account and a registered device to log into other devices registered to other accounts.....
@apjone jfc what is a CISO supposed to do if you have a #FortiFail dependent organisation? Just get a bigger forehead for the facepalms? @xtaran
#FortiNet confirmed the bug has not been patched properly
Threat actors have found a new way to exploit it and bypass auth
Attackers are setting up #backdoors.
Cisco has patched a zero-day in the web interface.
#infosec question:
Can you tell which year we’re in just from these disclosures alone?
No, because every year we have the same problems from the same vendors.
#FortiNet confirmed the bug has not been patched properly
Threat actors have found a new way to exploit it and bypass auth
Attackers are setting up #backdoors.
Cisco has patched a zero-day in the web interface.
#infosec question:
Can you tell which year we’re in just from these disclosures alone?
No, because every year we have the same problems from the same vendors.
