Automated Attacks Exploit FortiCloud SSO to Hijack FortiGate Firewalls
Arctic Wolf detected automated attacks on FortiGate devices starting January 15, exploiting CVE-2026-24858 (CVSS 9.8) to create backdoor admin accounts. Fortinet temporarily suspended FortiCloud SSO globally to contain the threat.