Attackers target critical FortiSandbox flaws as CISA issues patch order


Fortinet admins have two more reasons to clear their calendars after CISA confirmed a pair of critical FortiSandbox bugs are being actively exploited.

The two bugs, tracked as CVE-2026-39808 and CVE-2026-25089, both carry CVSS scores of 9.1 and affect FortiSandbox, FortiSandbox Cloud, and FortiSandbox PaaS. According to Fortinet, they are OS command injection flaws that allow unauthenticated attackers to execute arbitrary commands via specially crafted HTTP requests, requiring neither valid credentials nor user interaction.

Fortinet released fixes for CVE-2026-39808 in April and CVE-2026-25089 in June, warning in advisories published at the time that successful exploitation could lead to remote code execution via low-complexity attacks.

Read more…
Source:  The Register News


Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox


Related:

  • Error 524 Decoy: Unmasking a Global Smishing Operation Hiding Behind Error Pages

    June 3, 2026

    Group-IB researchers expose a large-scale smishing and phishing operation impersonating 260+ brands across 72 countries, using fake Cloudflare error pages, geofencing, and encrypted WebSocket channels for real-time credit card theft. The operation has a layered anti-analysis evasion architecture, which uses convincing fake Cloudflare error pages, like the “Error 524” timeout screen, as a decoy. The malicious ...

  • Ransomware groups grow revenue by almost 40% in Q1 2026

    June 2, 2026

    In the first quarter of the year, ransomware groups increased their revenue by almost 40%, compared to the same period last year. This is according to a new report from cybersecurity researchers Rapid7, who said the increase is partly due to a maturing cybercriminal industry. Rapid7 based its findings on its research telemetry, which showed that ...

  • Password manager Dashlane says hackers stole some customers’ password vaults

    June 2, 2026

    Password manager maker Dashlane says hackers have obtained at least a dozen encrypted vaults used for storing customer passwords during a weekend cyberattack. The company said on its website that hackers brute-forced the company’s two-factor authentication system, granting the hackers access to about 20 customer accounts. By defeating its two-factor mechanism, the hackers were able to download a copy of ...

  • Operation FlutterBridge: macOS Malvertising Campaign Spreads New FlutterShell Backdoor

    June 2, 2026

    Palo Alto Unit 42 are tracking an increasingly widespread malvertising campaign targeting macOS. This campaign appears to be the next stage of a previous campaign known as JSCoreRunner, which was first identified in August 2025. In recent months, the financially-motivated attackers behind these campaigns transitioned from delivering standard adware, to delivering adware with full backdoor ...

  • Russian spy agency says foreign spies turned officials’ smartphones into surveillance devices

    June 2, 2026

    Russia’s domestic spy agency says it has uncovered a sprawling foreign espionage operation that allegedly turned the smartphones of senior Russian officials into pocket-sized surveillance devices, though it has so far offered little in the way of evidence. In a statement Tuesday, the Federal Security Service (FSB) claimed foreign intelligence agencies implanted malware on the mobile devices ...

  • Fake virus alerts are invading mobile games

    June 2, 2026

    Sometimes it happens. You’re happily playing a game on your phone or laptop when suddenly alarms pop up out of nowhere: “Your device is infected!” “Your iCloud is full!” “Your account is restricted for watching porn!” Some games can be played for free if you agree to watch ads, and in others you can get extra lives, perks, or ...