FortiGuard Center Outbreak Alerts

FortiGuard Labs has identified ongoing attack attempts aimed at exploiting the recently discovered Apache Tomcat remote code execution vulnerability, CVE-2025-24813. If successful, attackers could gain access to sensitive security files, allowing them to view or inject arbitrary content and potentially execute code remotely on target systems.

In 2024, FortiGuard blocked 3.1 trillion vulnerability exploits and stopped 2.5 billion malware deliveries—fortifying businesses against relentless cyber threats. Stay ahead with the latest insights from our industry-leading threat intelligence!

Threat Actors are targeting and actively exploiting a Microsoft .NET Framework information disclosure vulnerability (CVE-2024-29059) that exposes the ObjRef URI to an attacker, ultimately enabling remote code execution.

Palo Alto Networks has recently disclosed two zero-day vulnerabilities, CVE-2024-0012 and CVE-2024-9474, affecting the PAN-OS firewall and other products. Both flaws, which are actively being exploited in the wild, affect the Management Web Interface. Successful exploitations allows attackers to bypass authentication and gain administrator-level access without any user interaction.

FortiGuard Labs has observed attack attempts aimed at PTZOptics cameras, with FortiGuard sensors detecting telemetry from as many as 4,000 devices. This surge in activity highlights the vulnerabilities present in these devices, which can be easily exploited by attackers seeking unauthorized access, potentially leading complete camera takeover, infection with bots, pivoting to other devices connected on the same network, or disruption of video feeds.

Threat actors chained and exploited multiple zero-day vulnerabilities affecting Ivanti CSA (Cloud Services Appliance). If successful, this could lead an attacker to gain admin access, obtain credentials, bypass security measures, run arbitrary SQL commands, and execute code remotely.

Security flaws in Mitel MiCollab, CVE-2024–35286, CVE-2024–41713, and an arbitrary file read zero-day (still without a CVE number) have been found, putting many organizations at risk. These vulnerabilities allow attackers to bypass authentication and access files on affected servers, revealing sensitive information that could expose organizations to serious security risks.

FortiGuard Labs has detected on-going exploit attempts targeting a recently patched Apache Struts 2 vulnerability. Attackers can manipulate file upload parameters to enable path traversal, potentially leading to malicious file upload. This may result in Remote Code Execution, allowing attackers to run arbitrary code, steal data, or compromise entire systems.

FortiGuard Labs continues to observe attack attempts exploiting the vulnerabilities highlighted in the recent CISA advisory about Russian military cyber actors. These actors are targeting U.S. and global critical infrastructure to conduct espionage, steal data, and compromise or destroy sensitive information.

Due to the insufficient input validation, an attacker can exploit the vulnerability to launch a command injection attack by sending crafted messages with malicious commands.