Fortinet\u2019s latest zero-day vulnerability carries frustrating familiarities for customers | CyberScoop<\/title> <meta name=\"description\" content=\"Fortinet warns CVE-2026-24858 is being actively exploited to bypass FortiCloud SSO authentication and gain privileged access across FortiOS and related products.\"> <link rel=\"canonical\" href=\"https:\/\/cyberscoop.com\/ortinet-zero-day-cve-2026-24858-forticloud-sso-auth-bypass\/\"> <meta property=\"og:locale\" content=\"en_US\"> <meta property=\"og:type\" content=\"article\"> <meta property=\"og:title\" content=\"Fortinet\u2019s latest zero-day vulnerability carries frustrating familiarities for customers\"> <meta property=\"og:description\" content=\"Fortinet warns CVE-2026-24858 is being actively exploited to bypass FortiCloud SSO authentication and gain privileged access across FortiOS and related products.\"> <meta property=\"og:url\" content=\"https:\/\/cyberscoop.com\/ortinet-zero-day-cve-2026-24858-forticloud-sso-auth-bypass\/\"> <meta property=\"og:site_name\" content=\"CyberScoop\"> <meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/cyberscoop\/\"> <meta property=\"article:published_time\" content=\"2026-01-28T22:33:04+00:00\"> <meta property=\"article:modified_time\" content=\"2026-01-28T22:33:07+00:00\"> <meta property=\"og:image\" content=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/fortinets-latest-zero-day-vulnerability-carries-frustrating-familiarities-for-customers-4.jpg\"> <meta property=\"og:image:width\" content=\"1920\"> <meta property=\"og:image:height\" content=\"1280\"> <meta property=\"og:image:type\" content=\"image\/jpeg\"> <meta name=\"author\" content=\"Matt Kapko\"> <meta name=\"twitter:card\" content=\"summary_large_image\"> <meta name=\"twitter:creator\" content=\"@CyberScoopNews\"> <meta name=\"twitter:site\" content=\"@CyberScoopNews\">  <link rel=\"dns-prefetch\" href=\"\/\/securepubads.g.doubleclick.net\">\n<link rel=\"dns-prefetch\" href=\"\/\/use.typekit.net\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Feed\" href=\"https:\/\/cyberscoop.com\/feed\/\">\n<link rel=\"alternate\" type=\"application\/rss+xml\" title=\"CyberScoop \u00bb Comments Feed\" href=\"https:\/\/cyberscoop.com\/comments\/feed\/\"> <link rel=\"stylesheet\" id=\"all-css-2\" href=\"https:\/\/cyberscoop.com\/wp-includes\/css\/dist\/block-library\/style.min.css?m=1765909325g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-6\" href=\"https:\/\/cyberscoop.com\/wp-content\/mu-plugins\/search\/elasticpress\/dist\/css\/related-posts-block-styles.min.css?m=1768841770g\" type=\"text\/css\" media=\"all\"> <link rel=\"stylesheet\" id=\"all-css-8\" href=\"https:\/\/cyberscoop.com\/wp-content\/themes\/scoopnewsgroup\/dist\/css\/frontend.css?m=1767808656g\" type=\"text\/css\" media=\"all\">\n<link rel=\"stylesheet\" id=\"typekit-css\" href=\"https:\/\/use.typekit.net\/itk2qbh.css?ver=13897d660a0ac2c9c7d1\" media=\"all\"> <link rel=\"https:\/\/api.w.org\/\" href=\"https:\/\/cyberscoop.com\/wp-json\/\"><link rel=\"alternate\" title=\"JSON\" type=\"application\/json\" href=\"https:\/\/cyberscoop.com\/wp-json\/wp\/v2\/posts\/87592\"><meta name=\"generator\" content=\"WordPress 6.8.3\">\n<link rel=\"shortlink\" href=\"https:\/\/cyberscoop.com\/?p=87592\">\n<link rel=\"alternate\" title=\"oEmbed (JSON)\" type=\"application\/json+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fortinet-zero-day-cve-2026-24858-forticloud-sso-auth-bypass%2F\">\n<link rel=\"alternate\" title=\"oEmbed (XML)\" type=\"text\/xml+oembed\" href=\"https:\/\/cyberscoop.com\/wp-json\/oembed\/1.0\/embed?url=https%3A%2F%2Fcyberscoop.com%2Fortinet-zero-day-cve-2026-24858-forticloud-sso-auth-bypass%2F&format=xml\">   <link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=32\" sizes=\"32x32\">\n<link rel=\"icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=192\" sizes=\"192x192\">\n<link rel=\"apple-touch-icon\" href=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=180\">\n<meta name=\"msapplication-TileImage\" content=\"https:\/\/cyberscoop.com\/wp-content\/uploads\/sites\/3\/2023\/01\/cropped-cs_favicon-2.png?w=270\"> <\/head><body class=\"wp-singular post-template-default single single-post postid-87592 single-format-standard wp-theme-scoopnewsgroup wp-child-theme-cyberscoop\" id=\"readabilityBody\"> <a href=\"https:\/\/cyberscoop.com\/ortinet-zero-day-cve-2026-24858-forticloud-sso-auth-bypass\/#main\" class=\"skip-to-content-link visually-hidden-focusable\">Skip to main content<\/a> <\/p>\n<div class=\"ad ad--top ad--top-desktop\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p> <main id=\"main\" role=\"main\" tabindex=\"-1\"> <\/p>\n<div class=\"ad ad--top ad--top-mobile\">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<section id=\"stickybar\" class=\"stickybar stickybar--newsletter js-stickybar\" readability=\"0.82\"> <button class=\"stickybar__close js-stickybar-close\" aria-controls=\"stickybar\"> <svg class=\"icon icon--close\" width=\"21\" height=\"22\" viewBox=\"0 0 21 22\" fill=\"none\"><path d=\"m.822.518-.805.805L9.695 11 .017 20.678l.805.805 9.678-9.678 9.677 9.678.806-.805L11.305 11l9.678-9.677-.806-.805-9.677 9.677L.822.518Z\" fill=\"currentColor\" \/><\/svg> <span class=\"visually-hidden\">Close<\/span> <\/button> <\/section>\n<article class=\"single-article content\">\n<div class=\"single-article__container js-single-article-content\">\n<header class=\"single-article__header \" readability=\"26.15157116451\">\n<div class=\"single-article__header-content\" readability=\"35.667372881356\">\n<p> Attackers have exploited the critical defect to reconfigure firewall settings, create unauthorized accounts with privileged access to multiple versions of the vendor\u2019s security products. <\/p>\n<p>  <br \/>\n<audio id=\"audio-player\" src=\"https:\/\/wp-tts-cdn.api.scpnewsgrp.com\/cyberscoop\/87592\/english.openai.mp3\"><\/audio> <\/p>\n<div readability=\"11\">\n<div>\n<p>Listen to this article<\/p>\n<p>  <\/p>\n<p>0:00<\/p>\n<\/p><\/div>\n<p>  <\/p>\n<p> <span id=\"tts-tooltip\">Learn more.<\/span> <span> This feature uses an automated voice, which may result in occasional errors in pronunciation, tone, or sentiment. <\/span> <\/p>\n<\/div>\n<p>  <\/div>\n<div class=\"single-article__cover-wrap\">\n<figure class=\"single-article__cover\"> <img data-recalc-dims=\"1\" fetchpriority=\"high\" width=\"640\" height=\"426\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/fortinets-latest-zero-day-vulnerability-carries-frustrating-familiarities-for-customers.jpg?resize=640%2C426&ssl=1\" class=\"single-article__cover-image wp-post-image\" alt decoding=\"async\" fetchpriority=\"high\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/fortinets-latest-zero-day-vulnerability-carries-frustrating-familiarities-for-customers-4.jpg 1920w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/fortinets-latest-zero-day-vulnerability-carries-frustrating-familiarities-for-customers-4.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/fortinets-latest-zero-day-vulnerability-carries-frustrating-familiarities-for-customers-4.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/fortinets-latest-zero-day-vulnerability-carries-frustrating-familiarities-for-customers-4.jpg?resize=1024,683 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/fortinets-latest-zero-day-vulnerability-carries-frustrating-familiarities-for-customers-4.jpg?resize=1536,1024 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/fortinets-latest-zero-day-vulnerability-carries-frustrating-familiarities-for-customers-4.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/fortinets-latest-zero-day-vulnerability-carries-frustrating-familiarities-for-customers-4.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/fortinets-latest-zero-day-vulnerability-carries-frustrating-familiarities-for-customers-4.jpg?resize=506,337 506w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/fortinets-latest-zero-day-vulnerability-carries-frustrating-familiarities-for-customers-4.jpg?resize=1013,675 1013w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/fortinets-latest-zero-day-vulnerability-carries-frustrating-familiarities-for-customers-4.jpg?resize=1265,843 1265w\" sizes=\"(max-width: 1013px) 100vw, 1013px\"><figcaption> Fortinet office in Burnaby, BC, Canada, July 7, 2023. (Getty Images) <\/figcaption><\/figure>\n<\/p><\/div>\n<\/header>\n<div class=\"single-article__content\">\n<div class=\"single-article__content-inner has-drop-cap\"> <html readability=\"54.384128042681\"><body readability=\"111.69064748201\"><\/p>\n<p>Fortinet customers are confronting another actively exploited zero-day vulnerability that allows attackers to bypass authentication in the single sign-on flow for FortiCloud and gain privileged access to multiple Fortinet firewall products and related services.<\/p>\n<p>The vendor issued a <a href=\"https:\/\/fortiguard.fortinet.com\/psirt\/FG-IR-26-060\">security advisory<\/a> for the vulnerability \u2014 <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2026-24858\">CVE-2026-24858<\/a> \u2014 warning that some instances of exploitation already occurred earlier this month. Fortinet has yet to release patches to address the critical vulnerability across multiple versions of its products, including FortiAnalyzer, FortiManager, FortiOS, FortiProxy and FortiWeb.<\/p>\n<p>Defects in Fortinet products are a recurring problem for the vendor\u2019s customers and defenders, making <a href=\"https:\/\/www.cisa.gov\/known-exploited-vulnerabilities-catalog?f%5B0%5D=vendor_project%3A813&page=0\">24 appearances<\/a> on the Cybersecurity and Infrastructure Security Agency\u2019s known exploited vulnerabilities catalog since late 2021. One-third of those vulnerabilities made the list last year and 13 are known to be used in ransomware campaigns.<\/p>\n<p>The agency added the latest Fortinet defect, which has a CVSS rating of 9.8, to its <a href=\"https:\/\/www.cisa.gov\/news-events\/alerts\/2026\/01\/27\/cisa-adds-one-known-exploited-vulnerability-catalog\">known exploited vulnerabilities catalog<\/a> Tuesday and shared Fortinet\u2019s guidance in a <a href=\"https:\/\/www.cisa.gov\/news-events\/alerts\/2026\/01\/28\/fortinet-releases-guidance-address-ongoing-exploitation-authentication-bypass-vulnerability-cve-2026\">subsequent alert<\/a> Wednesday.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>The vulnerability, which allows attackers with a FortiCloud account and a registered device to log into devices registered to other accounts, was exploited by two malicious FortiCloud accounts that Fortinet said it blocked Jan. 22. Attackers have reconfigured firewall settings on FortiGate devices, created unauthorized accounts and changed virtual private network configurations to gain access to new accounts.<\/p>\n<p>The vendor said it disabled FortiCloud SSO Monday and re-enabled the service Tuesday with controls in place to prevent logins to devices running vulnerable software versions.<\/p>\n<p>Fortinet\u2019s advisory brings some clarity and raises new questions for defenders and researchers that have encountered problems on Fortinet devices since December. The vendor disclosed a pair of similar critical authentication bypass vulnerabilities Dec. 9, including <a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2025-59718\">CVE-2025-59718<\/a>, which has also been actively exploited.<\/p>\n<p>Arctic Wolf said it observed a new cluster of unauthorized firewall configuration changes on FortiGate devices Jan. 15 that <a href=\"https:\/\/arcticwolf.com\/resources\/blog\/arctic-wolf-observes-malicious-configuration-changes-fortinet-fortigate-devices-via-sso-accounts\/\">bore similarities to previous attacks<\/a> linked to CVE-2025-59718 in December. Fortinet hasn\u2019t explained the extent to which the defects are related or if the new flaw represents a bypass of the previous patches, but it has confirmed that customers running versions released in December are vulnerable to CVE-2026-24858.<\/p>\n<p>Fortinet did not respond to a request for comment. Carl Windsor, the company\u2019s chief information security officer, shared recommended mitigation steps and indicators of compromise in a <a href=\"https:\/\/www.fortinet.com\/blog\/psirt-blogs\/analysis-of-sso-abuse-on-fortios\">blog post<\/a>.<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Researchers have yet to determine how many customers are impacted by CVE-2026-24858 exploits, but the scope of potential victims is broad and global. Shadowserver scans show <a href=\"https:\/\/dashboard.shadowserver.org\/statistics\/iot-devices\/time-series\/?date_range=other_range&d1=2025-12-14&d2=2026-01-27&vendor=fortinet&model=forticloud+sso&dataset=count&limit=100&group_by=geo&stacking=stacked&auto_update=on\">nearly 10,000 Fortinet instances with FortiCloud SSO enabled<\/a> with roughly one-fourth of those based in the United States.<\/p>\n<p>Ben Harris, founder and CEO at watchTowr, said the company\u2019s exposure management platform is observing active probing for devices with FortiCloud SSO enabled, but the broader impact is still unknown. <\/p>\n<p>\u201cThere are those that know they\u2019re affected, and likely a number that are unaware,\u201d he told CyberScoop. \u201cRegardless, those that keep a bingo card for \u2018yet another year of depressingly predictable vulnerabilities\u2019 have likely crossed off \u2018full authentication bypass against a management interface\u2019 already in 2026.\u201d<\/p>\n<p>Arctic Wolf researchers said they haven\u2019t seen evidence of new exploitation since Jan. 21, adding that attacks appear to be limited to instances where management interfaces of vulnerable devices were publicly exposed to the internet. <\/p>\n<p>Vulnerabilities in network devices from multiple vendors have been exploited for initial access at a high rate, especially in ransomware attacks, researchers at Arctic Wolf said. \u201cWhile it is vitally important to keep up to date on firmware updates, security best practices should be followed to limit the potential impact of this vulnerability and similar flaws in the future.\u201d<\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>While defenders have grown accustomed to a steady amount of Fortinet vulnerabilities, that experience has fueled a mounting sense of frustration. <\/p>\n<p>Joe Toomey, vice president of underwriting security at Coalition <a href=\"https:\/\/www.linkedin.com\/pulse\/fail-old-time-joe-toomey-pivxe\/\">took to LinkedIn Wednesday<\/a> to criticize Fortinet\u2019s inability to thwart or reduce the number of actively exploited vulnerabilities affecting its products.<\/p>\n<p>Fortinet\u2019s latest defect marks the 14th time Coalition has sent zero-day advisories about critical Fortinet vulnerabilities to its policyholders in less than four years. Fortinet products account for more than 7% of the collective 180 zero-day advisories Coalition sent to policyholders since 2023, Toomey said in his blog post.<\/p>\n<p>\u201cAll of which makes one begin to wonder if Fortinet is really taking security seriously,\u201d he added.<\/p>\n<p>Harris commended Fortinet for its transparency, adding that the vendor has clearly outlined its response and actions taken to address the vulnerability, some of which remains unfinished. <\/p>\n<div class=\"ad ad--inline_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<p>Yet, he added: \u201cAs we\u2019ve seen now for years, Fortinet and the \u2018Fast & Furious\u2019 franchise are apparently competing for the amount of sagas we can fit into one year. It\u2019s unclear who will win.\u201d<\/p>\n<p><\/body> <\/p>\n<footer class=\"single-article__footer\" readability=\"3.125\">\n<div class=\"author-card\" readability=\"14\">\n<div class=\"author-card__avatar\">\n<figure class=\"author-card__image-wrap\"> <img data-recalc-dims=\"1\" decoding=\"async\" class=\"author-card__image\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/fortinets-latest-zero-day-vulnerability-carries-frustrating-familiarities-for-customers-1.jpg?w=640&ssl=1\" alt=\"Matt Kapko\"> <\/figure>\n<\/p><\/div>\n<p><h4 class=\"author-card__name\">Written by Matt Kapko<\/h4>\n<p> Matt Kapko is a reporter at CyberScoop. His beat includes cybercrime, ransomware, software defects and vulnerability (mis)management. The lifelong Californian started his journalism career in 2001 with previous stops at Cybersecurity Dive, CIO, SDxCentral and RCR Wireless News. Matt has a degree in journalism and history from Humboldt State University. <\/p>\n<\/p><\/div>\n<div class=\"single-article__tags-container\">\n<h4 class=\"single-article__tags-title\">In This Story<\/h4>\n<\/p><\/div>\n<\/footer>\n<p> <\/html><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<div class=\"single-article__ads js-single-article-sidebar\">\n<div class=\"ad ad--sidebar js-single-article-sidebar-5 ad--rightrail_1 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-4 ad--rightrail_2 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div class=\"ad ad--sidebar js-single-article-sidebar-3 ad--rightrail_3 \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div><\/div>\n<\/article>\n<div class=\"popular-stories popular-stories--single-post\">\n<div class=\"popular-stories__container\">\n<h2 class=\"popular-stories__title\"> More Scoops <\/h2>\n<div class=\"popular-stories__stories\">\n<div class=\"popular-stories__cards\">\n<article class=\"post-item post-item--popular-stories-cards \" readability=\"20.590529247911\">\n<figure class=\"post-item__thumbnail\"> <a class=\"post-item__thumbnail-link\" href=\"https:\/\/cyberscoop.com\/microsoft-patch-tuesday-december-2025\/\" tabindex=\"-1\"> <img data-recalc-dims=\"1\" loading=\"lazy\" width=\"506\" height=\"337\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/fortinets-latest-zero-day-vulnerability-carries-frustrating-familiarities-for-customers-2.jpg?resize=506%2C337&ssl=1\" class=\"attachment-ratio-16-9-md size-ratio-16-9-md wp-post-image\" alt=\"Microsoft Headquarters\" decoding=\"async\" loading=\"lazy\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/fortinets-latest-zero-day-vulnerability-carries-frustrating-familiarities-for-customers-5.jpg 4800w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/fortinets-latest-zero-day-vulnerability-carries-frustrating-familiarities-for-customers-5.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/fortinets-latest-zero-day-vulnerability-carries-frustrating-familiarities-for-customers-5.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/fortinets-latest-zero-day-vulnerability-carries-frustrating-familiarities-for-customers-5.jpg?resize=1024,683 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/fortinets-latest-zero-day-vulnerability-carries-frustrating-familiarities-for-customers-5.jpg?resize=1536,1024 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/fortinets-latest-zero-day-vulnerability-carries-frustrating-familiarities-for-customers-5.jpg?resize=2048,1365 2048w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/fortinets-latest-zero-day-vulnerability-carries-frustrating-familiarities-for-customers-5.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/fortinets-latest-zero-day-vulnerability-carries-frustrating-familiarities-for-customers-5.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/fortinets-latest-zero-day-vulnerability-carries-frustrating-familiarities-for-customers-5.jpg?resize=506,337 506w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/fortinets-latest-zero-day-vulnerability-carries-frustrating-familiarities-for-customers-5.jpg?resize=1013,675 1013w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/fortinets-latest-zero-day-vulnerability-carries-frustrating-familiarities-for-customers-5.jpg?resize=1265,843 1265w\" sizes=\"auto, (max-width: 506px) 100vw, 506px\"> <\/a><figcaption class=\"screen-reader-text\"> A sign is seen at the Microsoft headquarters on July 3, 2024, in Redmond, Washington. (David Ryder\/Getty Images) <\/figcaption><\/figure>\n<header class=\"post-item__meta\" readability=\"3.6829268292683\">\n<h3 class=\"post-item__title\"> <a class=\"post-item__title-link\" href=\"https:\/\/cyberscoop.com\/microsoft-patch-tuesday-december-2025\/\"> Microsoft\u2019s last Patch Tuesday of 2025 addresses 57 defects, including one zero-day <\/a> <\/h3>\n<p> Microsoft closed out the year with 1,139 total defects patched, making it the second-largest year in volume behind 2020, according to Trend Micro. <\/p>\n<div class=\"post-item__byline\"> <span class=\"post-item__author\"> <span>By <\/span> <a class=\"post-item__author-link\" href=\"https:\/\/cyberscoop.com\/author\/matt-kapko\/\"> Matt Kapko <\/a> <\/span> <\/div>\n<p> <\/header>\n<p> <\/article>\n<article class=\"post-item post-item--popular-stories-cards \">\n<figure class=\"post-item__thumbnail\"> <a class=\"post-item__thumbnail-link\" href=\"https:\/\/cyberscoop.com\/android-security-update-december-2025\/\" tabindex=\"-1\"> <img data-recalc-dims=\"1\" loading=\"lazy\" width=\"252\" height=\"168\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/fortinets-latest-zero-day-vulnerability-carries-frustrating-familiarities-for-customers.webp?resize=252%2C168&ssl=1\" class=\"attachment-ratio-16-9-sm size-ratio-16-9-sm wp-post-image\" alt decoding=\"async\" loading=\"lazy\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/fortinets-latest-zero-day-vulnerability-carries-frustrating-familiarities-for-customers-6.jpg 7512w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/fortinets-latest-zero-day-vulnerability-carries-frustrating-familiarities-for-customers-6.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/fortinets-latest-zero-day-vulnerability-carries-frustrating-familiarities-for-customers-6.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/fortinets-latest-zero-day-vulnerability-carries-frustrating-familiarities-for-customers-6.jpg?resize=1024,683 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/fortinets-latest-zero-day-vulnerability-carries-frustrating-familiarities-for-customers-6.jpg?resize=1536,1024 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/fortinets-latest-zero-day-vulnerability-carries-frustrating-familiarities-for-customers-6.jpg?resize=2048,1365 2048w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/fortinets-latest-zero-day-vulnerability-carries-frustrating-familiarities-for-customers-6.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/fortinets-latest-zero-day-vulnerability-carries-frustrating-familiarities-for-customers-6.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/fortinets-latest-zero-day-vulnerability-carries-frustrating-familiarities-for-customers-6.jpg?resize=506,337 506w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/fortinets-latest-zero-day-vulnerability-carries-frustrating-familiarities-for-customers-6.jpg?resize=1013,675 1013w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/fortinets-latest-zero-day-vulnerability-carries-frustrating-familiarities-for-customers-6.jpg?resize=1265,843 1265w\" sizes=\"auto, (max-width: 252px) 100vw, 252px\"> <\/a><figcaption class=\"screen-reader-text\"> Google\u2019s Washington, DC, regional office is seen at dusk on August 11, 2024, in Reston, VA. (Photo by J. David Ake\/Getty Images) <\/figcaption><\/figure>\n<header class=\"post-item__meta\">\n<h3 class=\"post-item__title\"> <a class=\"post-item__title-link\" href=\"https:\/\/cyberscoop.com\/android-security-update-december-2025\/\"> Google addresses 107 Android vulnerabilities, including two zero-days <\/a> <\/h3>\n<div class=\"post-item__byline\"> <span class=\"post-item__author\"> <span>By <\/span> <a class=\"post-item__author-link\" href=\"https:\/\/cyberscoop.com\/author\/matt-kapko\/\"> Matt Kapko <\/a> <\/span> <\/div>\n<p> <\/header>\n<p> <\/article>\n<article class=\"post-item post-item--popular-stories-cards \">\n<figure class=\"post-item__thumbnail\"> <a class=\"post-item__thumbnail-link\" href=\"https:\/\/cyberscoop.com\/fortinet-delayed-disclosure-exploited-vulnerability\/\" tabindex=\"-1\"> <img data-recalc-dims=\"1\" loading=\"lazy\" width=\"252\" height=\"168\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/fortinets-latest-zero-day-vulnerability-carries-frustrating-familiarities-for-customers-3.jpg?resize=252%2C168&ssl=1\" class=\"attachment-ratio-16-9-sm size-ratio-16-9-sm wp-post-image\" alt decoding=\"async\" loading=\"lazy\" srcset=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/fortinets-latest-zero-day-vulnerability-carries-frustrating-familiarities-for-customers-4.jpg 1920w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/fortinets-latest-zero-day-vulnerability-carries-frustrating-familiarities-for-customers-4.jpg?resize=300,200 300w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/fortinets-latest-zero-day-vulnerability-carries-frustrating-familiarities-for-customers-4.jpg?resize=768,512 768w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/fortinets-latest-zero-day-vulnerability-carries-frustrating-familiarities-for-customers-4.jpg?resize=1024,683 1024w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/fortinets-latest-zero-day-vulnerability-carries-frustrating-familiarities-for-customers-4.jpg?resize=1536,1024 1536w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/fortinets-latest-zero-day-vulnerability-carries-frustrating-familiarities-for-customers-4.jpg?resize=600,400 600w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/fortinets-latest-zero-day-vulnerability-carries-frustrating-familiarities-for-customers-4.jpg?resize=252,168 252w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/fortinets-latest-zero-day-vulnerability-carries-frustrating-familiarities-for-customers-4.jpg?resize=506,337 506w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/fortinets-latest-zero-day-vulnerability-carries-frustrating-familiarities-for-customers-4.jpg?resize=1013,675 1013w, https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2026\/01\/fortinets-latest-zero-day-vulnerability-carries-frustrating-familiarities-for-customers-4.jpg?resize=1265,843 1265w\" sizes=\"auto, (max-width: 252px) 100vw, 252px\"> <\/a><figcaption class=\"screen-reader-text\"> Fortinet office in Burnaby, BC, Canada, July 7, 2023. (Getty Images) <\/figcaption><\/figure>\n<header class=\"post-item__meta\">\n<h3 class=\"post-item__title\"> <a class=\"post-item__title-link\" href=\"https:\/\/cyberscoop.com\/fortinet-delayed-disclosure-exploited-vulnerability\/\"> Fortinet\u2019s delayed alert on actively exploited defect put defenders at a disadvantage <\/a> <\/h3>\n<div class=\"post-item__byline\"> <span class=\"post-item__author\"> <span>By <\/span> <a class=\"post-item__author-link\" href=\"https:\/\/cyberscoop.com\/author\/matt-kapko\/\"> Matt Kapko <\/a> <\/span> <\/div>\n<p> <\/header>\n<p> <\/article>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/div>\n<p>\n<\/div>\n<p> <\/p>\n<section class=\"latest-podcasts\">\n<h2 class=\"latest-podcasts__title\"> Latest Podcasts\t<\/h2>\n<\/section>\n<div class=\"top-categories\">\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Government<\/h3>\n<\/p><\/div>\n<div class=\"top-categories__container\">\n<h3 class=\"top-categories__category-title\">Technology<\/h3>\n<\/p><\/div>\n<\/p><\/div>\n<p> <\/main> <\/p>\n<div class=\"ad ad--bottom \">\n<div class=\"ad__inner\"> <span class=\"screen-reader-text\">Advertisement<\/span> <\/div>\n<\/div>\n<div id=\"interstitial\" class=\"welcome__container\"> <button id=\"close-modal-1\" class=\"welcome__clickable_area\"><\/button> <\/p>\n<div class=\"welcome__ad_wrapper\">\n<p> <button id=\"close-modal-3\" class=\"welcome__continue-button\">Continue to CyberScoop<\/button> <\/p>\n<\/p><\/div>\n<\/p><\/div>\n<p>   <\/body> <a href=\"https:\/\/cyberscoop.com\/ortinet-zero-day-cve-2026-24858-forticloud-sso-auth-bypass\/\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Fortinet\u2019s latest zero-day vulnerability carries frustrating familiarities for customers |<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1841,4134,282,78,452,3119,3297,917,1766,4838,288,5199],"tags":[1847,4138,286,86,454,3120,3298,921,1771,4841,294,5200],"class_list":["post-8307","post","type-post","status-publish","format-standard","hentry","category-arctic-wolf","category-coalition","category-cybercrime","category-cybersecurity","category-cybersecurity-and-infrastructure-security-agency-cisa","category-firewall","category-firewalls","category-fortinet","category-known-exploited-vulnerabilities-kev","category-network-edge-devices","category-threats","category-watchtowr","tag-arctic-wolf","tag-coalition","tag-cybercrime","tag-cybersecurity","tag-cybersecurity-and-infrastructure-security-agency-cisa","tag-firewall","tag-firewalls","tag-fortinet","tag-known-exploited-vulnerabilities-kev","tag-network-edge-devices","tag-threats","tag-watchtowr"],"featured_image_urls":{"full":"","thumbnail":"","medium":"","medium_large":"","large":"","1536x1536":"","2048x2048":"","chromenews-featured":"","chromenews-large":"","chromenews-medium":""},"author_info":{"display_name":"Cyber Scoop","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/cyberscoop\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/arctic-wolf\/\" rel=\"category tag\">Arctic Wolf<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/coalition\/\" rel=\"category tag\">Coalition<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybercrime\/\" rel=\"category tag\">cybercrime<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity\/\" rel=\"category tag\">Cybersecurity<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/cybersecurity-and-infrastructure-security-agency-cisa\/\" rel=\"category tag\">Cybersecurity and Infrastructure Security Agency (CISA)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/firewall\/\" rel=\"category tag\">firewall<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/firewalls\/\" rel=\"category tag\">firewalls<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/fortinet\/\" rel=\"category tag\">Fortinet<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/known-exploited-vulnerabilities-kev\/\" rel=\"category tag\">known exploited vulnerabilities (KEV)<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/network-edge-devices\/\" rel=\"category tag\">network edge devices<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/threats\/\" rel=\"category tag\">Threats<\/a> <a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/watchtowr\/\" rel=\"category tag\">watchTowr<\/a>","tag_info":"watchTowr","comment_count":"0","jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/8307","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=8307"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/8307\/revisions"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=8307"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=8307"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=8307"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}

{"id":8307,"date":"2026-01-28T16:33:04","date_gmt":"2026-01-28T22:33:04","guid":{"rendered":"https:\/\/cyberscoop.com\/?p=87592"},"modified":"2026-01-28T16:33:04","modified_gmt":"2026-01-28T22:33:04","slug":"fortinets-latest-zero-day-vulnerability-carries-frustrating-familiarities-for-customers","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2026\/01\/28\/fortinets-latest-zero-day-vulnerability-carries-frustrating-familiarities-for-customers\/","title":{"rendered":"Fortinet\u2019s latest zero-day vulnerability carries frustrating familiarities for customers"},"content":{"rendered":"