2025-04-13 07:42 UTC

We are reporting Fortinet compromised devices

Check your Compromised Website Report for critical events tagged “fortinet-compromised” and follow Fortinet's mitigation advice on compromised devices: https://fortinet.com/blog/psirt-blogs/analysis-of-threat-actor-activity

Links

• Tree map view of compromised Fortinet devices (2025-04-12)
• World map view of compromised Fortinet devices (2025-04-12)
• Compromised Fortinet devices over time

References

• https://fortinet.com/blog/psirt-blogs/analysis-of-threat-actor-activity
• https://www.cisa.gov/news-events/alerts/2025/04/11/fortinet-releases-advisory-new-post-exploitation-technique-known-vulnerabilities
• https://www.cyber.gov.au/about-us/view-all-content/alerts-and-advisories/Exploitation-of-Existing-Fortinet-Vulnerabilities
• https://www.cert.govt.nz/advisories/malicious-activity-due-to-previously-exploited-vulnerabilities-in-fortinet-fortios-products/

2025-03-27 18:26 UTC

Detecting exposed Ingress NGINX Controller for Kubernetes (Admission Controller feature)

We are scanning & reporting out exposed Ingress NGINX Controller for Kubernetes (Admission Controller feature). These may possibly be also vulnerable to CVE-2025-1974 & other recently disclosed vulnerabilities. Patch info: https://kubernetes.io/blog/2025/03/24/ingress-nginx-cve-2025-1974/

Links

• Possible CVE-2025-1974 vulnerable hosts (2025-03-26)

References

• https://infosec.exchange/@shadowserver/114234606779848729
• https://www.wiz.io/blog/ingress-nginx-kubernetes-vulnerabilities