MUST READ

Fortinet patches actively exploited FortiOS SSO auth bypass (CVE-2026-24858)

 | 

PackageGate bugs let attackers bypass protections in NPM, PNPM, VLT, and Bun

 | 

WhatsApp rolls out Strict Account settings to strengthen protection for high-risk users

 | 

Shadowserver finds 6,000+ likely vulnerable SmarterMail servers exposed online

 | 

U.S. CISA adds Microsoft Office, GNU InetUtils, SmarterTools SmarterMail, and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog

 | 

Amnesia RAT deployed in multi-stage phishing attacks against Russian users

 | 

Dormakaba flaws allow to access major organizations’ doors

 | 

Emergency Microsoft update fixes in-the-wild Office zero-day

 | 

ShinyHunters claims 2 Million Crunchbase records; company confirms breach

 | 

Energy sector targeted in multi-stage phishing and BEC campaign using SharePoint

 | 

North Korea–linked KONNI uses AI to build stealthy malware tooling

 | 

Russia-linked Sandworm APT implicated in major cyber attack on Poland’s power grid

 | 

Nike is investigating a possible data breach, after WorldLeaks claims

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 81

 | 

Security Affairs newsletter Round 560 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

Osiris ransomware emerges, leveraging BYOVD technique to kill security tools

 | 

U.S. CISA adds a flaw in Broadcom VMware vCenter Server to its Known Exploited Vulnerabilities catalog

 | 

11-Year-Old critical telnetd flaw found in GNU InetUtils (CVE-2026-24061)

 | 

Fortinet warns of active FortiCloud SSO bypass affecting updated devices

 | 

U.S. CISA adds Prettier eslint-config-prettier, Vite Vitejs, Versa Concerto SD-WAN orchestration platform, and Synacor Zimbra Collaboration Suite flaws to its Known Exploited Vulnerabilities catalog

 | 

FortiOS SSO

Pierluigi Paganini January 28, 2026
Fortinet patches actively exploited FortiOS SSO auth bypass (CVE-2026-24858)

Fortinet released fixes for a critical FortiOS SSO auth bypass (CVE-2026-24858) actively exploited, impacting FortiOS, FortiManager, and FortiAnalyzer. Fortinet started rolling out patches for a critical FortiOS flaw under active attack. The bug, CVE-2026-24858 (CVSS score of 9.4), lets attackers bypass authentication via SSO. It affects FortiOS, FortiManager, and FortiAnalyzer, while Fortinet checks if other […]

newsletter

Subscribe to my email list and stay
up-to-date!

recent articles

Fortinet patches actively exploited FortiOS SSO auth bypass (CVE-2026-24858)

Security / January 28, 2026

PackageGate bugs let attackers bypass protections in NPM, PNPM, VLT, and Bun

Hacking / January 28, 2026

WhatsApp rolls out Strict Account settings to strengthen protection for high-risk users

Security / January 27, 2026

Shadowserver finds 6,000+ likely vulnerable SmarterMail servers exposed online

Hacking / January 27, 2026

U.S. CISA adds Microsoft Office, GNU InetUtils, SmarterTools SmarterMail, and Linux Kernel flaws to its Known Exploited Vulnerabilities catalog

Security / January 27, 2026