Arctic Wolf reports automated attacks on FortiGate devices abusing FortiCloud SSO flaws to change firewall settings and steal configurations.

The Tidyverse Blog offers insights, tutorials, and updates on the Tidyverse, a collection of R packages for data science and statistical computing. Covering topics such as data manipulation, visualization, and analysis, the blog provides resources for R developers looking to leverage the power of the Tidyverse for their data projects. Developers can learn how to use Tidyverse packages effectively to clean, transform, and analyze data in R.

The Hacker News

Arctic Wolf has identified automated attacks targeting Fortinet FortiGate devices starting January 15, 2026, exploiting FortiCloud SSO vulnerabilities (CVE-2025-59718 and CVE-2025-59719) to bypass authentication. Attackers create persistence accounts like 'secadmin' and 'itadmin', modify firewall configurations to grant VPN access, and exfiltrate configuration files. The attacks occur within seconds, indicating automation, and affect fully-patched devices. Users report the vulnerability persists in FortiOS 7.4.10. Immediate mitigation involves disabling the 'admin-forticloud-sso-login' setting.

Automated FortiGate Attacks Exploit FortiCloud SSO to Alter Firewall Configurations