2025-04-13 07:42 UTC
We are reporting Fortinet compromised devices
Check your Compromised Website Report for critical events tagged “fortinet-compromised” and follow Fortinet's mitigation advice on compromised devices: https://fortinet.com/blog/psirt-blogs/analysis-of-threat-actor-activity
Links
References
- https://fortinet.com/blog/psirt-blogs/analysis-of-threat-actor-activity
- https://www.cisa.gov/news-events/alerts/2025/04/11/fortinet-releases-advisory-new-post-exploitation-technique-known-vulnerabilities
- https://www.cyber.gov.au/about-us/view-all-content/alerts-and-advisories/Exploitation-of-Existing-Fortinet-Vulnerabilities
- https://www.cert.govt.nz/advisories/malicious-activity-due-to-previously-exploited-vulnerabilities-in-fortinet-fortios-products/
2025-03-27 18:26 UTC
Detecting exposed Ingress NGINX Controller for Kubernetes (Admission Controller feature)
We are scanning & reporting out exposed Ingress NGINX Controller for Kubernetes (Admission Controller feature). These may possibly be also vulnerable to CVE-2025-1974 & other recently disclosed vulnerabilities. Patch info: https://kubernetes.io/blog/2025/03/24/ingress-nginx-cve-2025-1974/
2025-02-12 19:12 UTC
Massive Palo Alto GlobalProtect & Ivanti Connect Secure Brute Force Login Attacks
Since the second half of January 2025 we are seeing a large scale brute force botnet attack against Palo Alto GlobalProtect and Ivanti Connect Secure instances. Up to 2.8M unique IPs seen attacking on 2025-01-27 (~1M from Brazil)
Links
2025-01-20 20:06 UTC
Fortinet CVE-2024-55591 scanning results
We are sharing daily results of Fortinet CVE-2024-55591 (auth bypass) vulnerable instances in our Vulnerable HTTP report - https://shadowserver.org/what-we-do/network-reporting/vulnerable-http-report/