Security News > 2024 > November > Chinese hackers exploit Fortinet VPN zero-day to steal credentials

Chinese hackers exploit Fortinet VPN zero-day to steal credentials

2024-11-18 21:20

Chinese threat actors use a custom post-exploitation toolkit named 'DeepData' to exploit a zero-day vulnerability in Fortinet's FortiClient Windows VPN client that steal credentials. [...]

News URL

https://www.bleepingcomputer.com/news/security/chinese-hackers-exploit-fortinet-vpn-zero-day-to-steal-credentials/

#chinese #credential #exploit #fortinet #hacker #VPN #zeroday

Related news

Fortinet: Hackers retain access to patched FortiGate VPNs using symlinks (source)
Fortinet Warns Attackers Retain FortiGate Access Post-Patching via SSL-VPN Symlink Exploit (source)
⚡ THN Weekly Recap: Alerts on Zero-Day Exploits, AI Breaches, and Crypto Heists (source)
Hackers Exploit Paragon Partition Manager Driver Vulnerability in Ransomware Attacks (source)
Hackers Exploit AWS Misconfigurations to Launch Phishing Attacks via SES and WorkMail (source)
US charges Chinese hackers linked to critical infrastructure breaches (source)
Chinese Hackers Breach Juniper Networks Routers With Custom Backdoors and Rootkits (source)
New SuperBlack ransomware exploits Fortinet auth bypass flaws (source)
APTs have been using zero-day Windows shortcut exploit for eight years (ZDI-CAN-25373) (source)
Hackers Exploit Severe PHP Flaw to Deploy Quasar RAT and XMRig Miners (source)

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Fortinet		80	20	349	308	94	771

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.