Morning Overview on MSN

The Fortinet hole, rated 9.1, lets an unauthenticated attacker run commands through a single crafted request, and a full patch is still pending

Organizations running Fortinet FortiWeb, the company’s web application firewall, face an immediate threat: a single crafted ...
Bleeping Computer

Researcher to release exploit for full auth bypass on FortiWeb

A security researcher has released a partial proof of concept exploit for a vulnerability in the FortiWeb web application firewall that allows a remote attacker to bypass authentication. The flaw was ...
CRN

CISA Urges Quick Fortinet Patches Amid Exploitation Of New FortiWeb Vulnerability

The U.S. cybersecurity agency issued an advisory giving government agencies just a week to remediate the issue that Fortinet says has been exploited in attacks. The U.S. Cybersecurity and ...
heise online

Exploit available: Patch FortiWeb vulnerability now!

On Thursday last week, Fortinet released security updates – the most serious vulnerability affects FortiWeb. Attackers can exploit an SQL injection vulnerability in non-updated systems. IT researchers ...
Bleeping Computer

Fortinet fixes critical RCE flaws in FortiNAC and FortiWeb

AI chained four zero-days into one exploit that bypassed both renderer and OS sandboxes. A wave of new exploits is coming. At the Autonomous Validation Summit (May 12 & 14), see how autonomous, ...
Dark Reading

Zero-Day Flaw Found in Fortinet's FortiWeb WAF Technology

Researchers at Rapid7 today disclosed a critical zero-day vulnerability in Fortinet's FortiWeb Web application firewall (WAF) technology that attackers can exploit to gain complete control of affected ...