Dark Reading

Zero-Day Flaw Found in Fortinet's FortiWeb WAF Technology

Researchers at Rapid7 today disclosed a critical zero-day vulnerability in Fortinet's FortiWeb Web application firewall (WAF) technology that attackers can exploit to gain complete control of affected ...
Dark Reading

Fortinet Woes Continue With Another WAF Zero-Day Flaw

Fortinet on Tuesday disclosed a second zero-day vulnerability in its FortiWeb product line, less than a week after revealing a different flaw in its web application firewall (WAF) line had been ...
Bleeping Computer

Fortinet confirms silent patch for FortiWeb zero-day exploited in attacks

Fortinet has confirmed that it has silently patched a critical zero-day vulnerability in its FortiWeb web application firewall, which is now "massively exploited in the wild." The flaw was silently ...
Bleeping Computer

Fortinet delays patching zero-day allowing remote server takeover

Fortinet has delayed patching a zero-day command injection vulnerability found in the FortiWeb web application firewall (WAF) until the end of August. Successful exploitation can let authenticated ...
Yahoo Finance

Fortinet to Protect AWS Applications With WAF-as-a-Service

Fortinet FTNT recently expanded its cloud security portfolio with the addition of FortiWeb Cloud WAF (Web Application Firewalls) -as-a-Service. The service will be delivered through Fortinet Security ...
Hosted on MSN

Fortinet customers told to update immediately following major security issue - here's what we know

CVE-2025-64446 allows unauthenticated attackers to run admin commands on FortiWeb WAF systems Actively exploited in the wild; affects versions 7.0.0–8.0.1, patched in 8.0.2 CISA added it to KEV; ...