Month: December 2025

Cybersecurity Advisory As of December 26, 2025, Fortinet confirms active exploitation of CVE‑2020‑12812, an improper authentication vulnerability in FortiOS SSL VPN that allows users to bypass two‑factor authentication (2FA) by altering the case of the username. The flaw affects several FortiOS branches and remains under active exploitation by multiple threat actors according to Fortinet’s December 24, 2025 advisory(thehackernews.com). The vulnerability is listed in CISA’s

Cybersecurity Advisory As of December 19, 2025, WatchGuard Fireware OS is impacted by a critical out‑of‑bounds write vulnerability, CVE‑2025‑14733, actively exploited in the wild according to the vendor’s advisory [1]. The flaw affects IKEv2 Mobile User VPN and Branch Office VPN configurations involving dynamic gateway peers. Patch updates are available for supported versions, and exploitation attempts have been confirmed from multiple IPs. The vulnerability carries

Fortinet has released security fixes for four vulnerabilities that affect authentication and login flows across multiple products, including two critical FortiCloud SSO authentication bypass issues in FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager (CVE‑2025‑59718 and CVE‑2025‑59719) and additional login weaknesses in FortiSOAR (CVE‑2025‑59808) and FortiWeb (CVE‑2025‑64471). As of December 9, 2025, patches are available, and administrators are urged to disable FortiCloud SSO login where in use