Fortinet Warns Attackers Retain FortiGate Access Post-Patching via SSL-VPN Symlink Exploit – Source:thehackernews.com

April 11, 2025
Post Author / Publisher: The Hacker News

CISO2CISO post categories: Cyber Security News, Fortinet, rss-feed-post-generator-echo, The Hacker News

Rate this post

Source: thehackernews.com – Author: .

Fortinet has revealed that threat actors have found a way to maintain read-only access to vulnerable FortiGate devices even after the initial access vector used to breach the devices was patched.
The attackers are believed to have leveraged known and now-patched security flaws, including, but not limited to, CVE-2022-42475, CVE-2023-27997, and CVE-2024-21762.
“A threat actor used a known

Original Post url: https://thehackernews.com/2025/04/fortinet-warns-attackers-retain.html

Category & Tags: –

Views: 3

CISO2CISO post categories: Cyber Security News, Fortinet, rss-feed-post-generator-echo, The Hacker News

Better Cybersecurity Metrics – SOC Metrics – Threat Hunting Metrics – Cyber Threat Intelligence (CTI) Metrics – Incident Response (IR) Metrics for CISOs by SCYTHE

Better Cybersecurity Metrics – SOC...

100 Security Operation Tools for SOCs by Joas Antonio

100 Security Operation Tools for...

Guide for Multi-Cloud Read Team AWS – GCP – AZURE by Joas Antonio

Guide for Multi-Cloud Read Team...

SANS Faculty Cybersecurity Free Tools – SANS Instructors have built more than 150 open source tools that support your work and help you implement better security.

SANS Faculty Cybersecurity Free Tools...

CISO Security Officer Handbook

CISO Security Officer Handbook

81 Siem Very important Use Cases for your SOC by SPLUNK

81 Siem Very important Use...

The 2024 CISO Burnout Report by Vendict

The 2024 CISO Burnout Report...

Mohammad Alkhudari

Cybersecurity Strong Strategy step by step Guide collected by Mohammad Alkhudari 2024

Cybersecurity Strong Strategy step by...

Marcos Jaimovich

The Silent Spectre Haunting Your Network: QPhishing, the CISO’s Unspoken Nightmare.

The Silent Spectre Haunting Your...

Marcos Jaimovich

Goodbye to Traditional: Why Conventional Cybersecurity Tools are No Longer Sufficient for the Future of Digital Threats ?

Goodbye to Traditional: Why Conventional...

Marcos Jaimovich

Why do we compare a SOC (Security Operations Center) with the cockpit of a commercial airplane? by Marcos Jaimovich

Why do we compare a...

Security Operations Center (SOC) – Tools for Operations Development by Joas Antonio

Security Operations Center (SOC) –...

Retail Threat Landscape Report Q1-Q3 – November 2024 Summary by Cyberint a Check Point Company

Retail Threat Landscape Report Q1-Q3...

Protecting Critical Supply Chains – A Guide to Securing your Supply Chain Ecosystem

Protecting Critical Supply Chains –...

Time to Adapt – The State of Human Risk Management in 2024 by Culture AI.

Time to Adapt – The...

National Cyber Security Centre

Engaging with Boards to improve the management of cyber security risk.

Engaging with Boards to improve...

Microsoft Security

2024 State of Multicloud Security Report by Microsoft Security

2024 State of Multicloud Security...

Inside the Mind of a CISO 2024 The Evolving Roles of Security Leaders 2024 by bugcrowd

Inside the Mind of a...

Mohammad Alkhudari

Cybersecurity Strong Strategy step by step Guide collected by Mohammad Alkhudari 2024

Cybersecurity Strong Strategy step by...

CISO’s Playbookto Cloud Security by Lacework

CISO’s Playbookto Cloud Security by...

MITRE - Carson Zimmerman

Ten Strategies of a World-Class Cybersecurity Operations Center by MITRE

Ten Strategies of a World-Class...

SILVERFRONT - AIG

Identity Has Become the Prime Target of Threat Actors by Silverfort AIG.

Identity Has Become the Prime...

Enterprise Information Security

Enterprise Information Security

IGNITE Technologies

ENCRYPTED REVERSE

ENCRYPTED REVERSE

WORLD BANK GROUP

Global Cybersecurity Capacity Program

Global Cybersecurity Capacity Program

Getting started withsecurity metrics

Getting started withsecurity metrics

Generative AI and the EUDPR.

Generative AI and the EUDPR.

2024 Guide to Application Security Testing Tools

2024 Guide to Application Security Testing Tools

Hacker Culture

Quuensland Govermment

RISK ASSESSMENT PROCESS HANDBOOK

RISK ASSESSMENT PROCESS HANDBOOK

Ministry of MOS Security

HIPAA SIMPLIFIED

HIPAA SIMPLIFIED

How Are Passwords Cracked?

How Are Passwords Cracked?

CIS - Center for Internet Security

How to Plan a Cybersecurity Roadmap in Four Steps

How to Plan a Cybersecurity Roadmap in Four Steps

Information Security Manual

Information Security Manual

Incident Response Playbook: Dark Web Breaches

Incident Response Playbook: Dark Web Breaches

Endpoint Hardening Checklist

Endpoint Hardening Checklist

Important Active Directory Attribute

Important Active Directory Attribute

ISA GLOBAL CYBERSECURITY ALLIANCE

IIoT System Implementation and Certification Based on ISA/IEC 62443 Standards

IIoT System Implementation and Certification Based on ISA/IEC 62443 Standards

IAM Security CHECKLIST

IAM Security CHECKLIST

Hunt Evil

How to protect personal data and comply with regulations

How to protect personal data and comply with regulations

Threat Intelligence Platforms

Threat Intelligence Platforms

CSA Cloud Security Alliance

Hardware Security Module(HSM) as a Service

Hardware Security Module(HSM) as a Service

IGNITE Technologies

CREDENTIAL DUMPING FAKE SERVICES

CREDENTIAL DUMPING FAKE SERVICES

IGNITE Technologies

A Detailed Guide on Covenant

A Detailed Guide on Covenant

Computer Security Incident Handling Guide

Computer Security Incident Handling Guide

IGNITE Technologies

DIGITAL FORENSIC FTK IMAGER

DIGITAL FORENSIC FTK IMAGER

Cloud Security Assessment

Cloud Security Assessment

CISO Reporting Landscape 2024

CISO Reporting Landscape 2024

Reporting Cyber Risk to Boards

Reporting Cyber Risk to Boards

CIOB Artificial Intelligence (AI) Playbook 2024

CIOB Artificial Intelligence (AI) Playbook 2024

INCIBE & SPAIN GOVERNMENT

Nuevas normativas de 2024 de ciberseguridad para vehículos

Nuevas normativas de 2024 de ciberseguridad para vehículos