Fortinet blocks exploited FortiCloud SSO zero day until patch is ready

Fortinet has confirmed a new, actively exploited critical FortiCloud single sign-on (SSO) authentication bypass vulnerability ...

CISA, security researchers warn FortiCloud SSO flaw is under attack

The flaw, tracked as CVE-2026-24858, allows an attacker with a registered device and a FortiCloud account to access devices ...
The Hacker News

Fortinet Patches CVE-2026-24858 After Active FortiOS SSO Exploitation Detected

Fortinet released updates for an actively exploited FortiOS SSO authentication bypass flaw, CVE-2026-24858, now listed by CISA in KEV.
The Hacker News

CERT Polska Details Coordinated Cyber Attacks on 30+ Wind and Solar Farms

Poland linked December 2025 cyber attacks on energy and manufacturing sites to Static Tundra, involving DynoWiper and ...

JPMorgan Just Revealed its Top Short Ideas. Time to Sell?

Shorting stocks can get retail investors into a boatload of trouble, especially given the potential pain that could be dealt ...
Network World

Startup Amutable plotting Linux security overhaul to counter hacking threats

As attacks on the operating system grow more serious, the company is teasing a plan to bring “verifiable integrity” to Linux.
CSO Online

CISA chief uploaded sensitive government files to public ChatGPT

Madhu Gottumukkala uploaded multiple “for official use only” contracting documents to OpenAI’s public platform, bypassing DHS ...

Want to Buy the Dip on Software Tech Stocks Like Palantir, Microsoft, and Oracle? Consider This BlackRock ETF.

A lot of those gains were driven by semiconductor stocks like Nvidia, Broadcom, Micron Technology, Advanced Micro Devices, ...
CSO Online

Ivanti patches two actively exploited critical vulnerabilities in EPMM

The code injection flaws allow for unauthenticated remote code execution on Ivanti Endpoint Manager Mobile deployments, but ...
SecurityWeek

APTs, Cybercriminals Widely Exploiting WinRAR Vulnerability

CVE-2025-8088, a WinRAR vulnerability patched in July 2025, has been widely exploited by state-sponsored threat actors and cybercriminals.