Fortinet Confirms Active SSO Authentication Bypass in FortiCloud Affecting Fully Patched Devices
Breaking NewsHackingSecurityFortiCloudFortinethacking newsinformation security newsIT Information SecurityPierluigi PaganiniSecurity AffairsSecurity News
Fortinet has confirmed that attacks are bypassing the FortiCloud single sign-on (SSO) authentication, impacting even fully patched devices. Threat actors are automating firewall modifications, adding users, enabling VPNs, and stealing configurations. These campaigns resemble the exploits from December 2025 targeting critical FortiCloud SSO vulnerabilities. Researchers from Arctic Wolf have reported these incidents. This situation mirrors recent SSO flaws that have been discovered.