An Insufficient Session Expiration vulnerability [CWE-613] in FortiOS SSL VPN may allow a remote attacker (e.g. a former admin whose account was removed and whose session was terminated) in possession of the SAML record of a...
Read MoreThreat actors with ties to China have been attributed to a novel campaign that compromised an ArcGIS system and turned it into a backdoor for more than a year. The activity, per ReliaQuest, is the handiwork of a Chinese...
Read MoreAn Insertion of Sensitive Information Into Sent Data Vulnerability in Fortimanager, FortiMail, FortiNDR, FortOS, FortiPAM, FortiProxy, FortiRecorder, FortiTester, FortiVoice, FortiWeb csfd daemon may allow a remote authenticated...
Read MoreAn Incorrect Permission Assignment for Critical Resource vulnerability [CWE-732] in FortiClientMac may allow a local attacker to run arbitrary code or commands via LaunchDaemon hijacking. Revised on 2025-10-14 00:00:00
Read MoreBefore an attacker ever sends a payload, they’ve already done the work of understanding how your environment is built. They look at your login flows, your JavaScript files, your error messages, your API documentation, your...
Read More