Back to Home
brown padlock on black computer keyboard

Photo by FlyD on Unsplash

SolarWinds & FortiGate Under Attack

By CyberPulse AI 4 min read
zero-dayransomwaresupply-chaincritical-infrastructurenetwork-securityvulnerabilities
AI Summary

A Russian-speaking hacker used generative AI to compromise over 600 FortiGate firewalls, highlighting the growing threat of AI-powered attacks on network security devices. Meanwhile, SolarWinds has patched four critical Serv-U remote code execution vulnerabilities that could grant attackers root access to unpatched servers. To protect against these threats, organizations should immediately patch critical vulnerabilities and implement robust security measures to prevent ransomware attacks.

Introduction

A recent incident involving a Russian-speaking hacker using generative AI to compromise 600 FortiGate firewalls highlights the growing threat of AI-powered attacks on network security devices, as reported by DarkReading. This attack targeted credentials and backups, potentially paving the way for follow-on ransomware attacks. Meanwhile, SolarWinds has patched four critical Serv-U remote code execution vulnerabilities that could grant attackers root access to unpatched servers, according to BleepingComputer. The ShinyHunters extortion gang has claimed responsibility for breaching Dutch telecommunications provider Odido, stealing millions of user records, as stated by BleepingComputer. These incidents demonstrate the severe impact of cyberattacks, resulting in significant financial losses, damage to reputation, and compromise of sensitive data.

Critical SolarWinds and FortiGate Vulnerabilities

The SolarWinds Serv-U vulnerabilities are remote code execution flaws that can be exploited by sending a specially crafted HTTP request. These vulnerabilities affect SolarWinds Serv-U version 15.2.1 and earlier, widely used in finance, healthcare, and government. An attacker can exploit these vulnerabilities to gain unauthorized access and move laterally within a network. To exploit these vulnerabilities, an attacker would need to send a malicious HTTP request to the vulnerable server, which could then execute arbitrary code with root privileges.

The compromise of FortiGate firewalls using generative AI demonstrates the growing threat of AI-powered attacks on network security devices. The attacker used generative AI to generate a large number of unique login attempts, eventually guessing the correct credentials for over 600 firewalls. This incident highlights the importance of implementing robust password policies and multi-factor authentication to prevent such attacks. The affected FortiGate firewalls are primarily used in enterprise networks, providing perimeter security and protecting against external threats.

Recent Ransomware Attacks and Data Breaches

The ShinyHunters extortion gang has claimed responsibility for breaching Odido and stealing millions of user records. Additionally, North Korean state-backed hackers associated with the Lazarus threat group are targeting U.S. healthcare organizations in extortion attacks using the Medusa ransomware, as reported by BleepingComputer. The Everest ransomware group has taken credit for a hacker attack on Vikor Scientific, now called Vanta Diagnostics, affecting 140,000 individuals, according to SecurityWeek. These attacks demonstrate the ongoing threat of ransomware and extortion tactics to organizations across various sectors.

Ransomware attacks typically involve the use of malware that encrypts sensitive data, making it inaccessible to the organization. The attackers then demand a ransom in exchange for the decryption key. However, paying the ransom does not guarantee that the data will be restored, and it may also encourage further attacks. To prevent ransomware attacks, organizations should implement robust security measures, including regular backups, employee training, and multi-factor authentication.

Newly Disclosed Vulnerabilities and Threat Actor Activity

A Russia-aligned threat actor has been observed targeting a European financial institution as part of a social engineering attack, according to The Hacker News. Soliton Systems K.K FileZen contains an OS command injection vulnerability (CVE-2026-25108) that could be exploited by attackers, as stated by the NVD. Additionally, CISA has flagged two Roundcube Webmail vulnerabilities as actively exploited in attacks and ordered U.S. federal agencies to patch them within three weeks, according to BleepingComputer.

The Soliton Systems K.K FileZen vulnerability can be exploited by sending a specially crafted HTTP request, which could then execute arbitrary OS commands with elevated privileges. This vulnerability is particularly concerning, as it can be exploited to gain unauthorized access to sensitive data and systems.

Recommendations and Takeaways

To protect against these threats, organizations should:

  • Immediately patch critical vulnerabilities in SolarWinds and FortiGate products.
  • Implement robust security measures to prevent ransomware attacks, including regular backups and employee training.
  • Stay informed about newly disclosed threats and take proactive steps to protect your organization.
  • Use strong passwords and enable multi-factor authentication for all users.
  • Regularly update and patch software and systems to prevent exploitation of known vulnerabilities.
  • Monitor network traffic and system logs for suspicious activity.
  • Have an incident response plan in place in case of a security breach.
  • Implement a robust password policy, including password rotation and complexity requirements.
  • Use a web application firewall (WAF) to detect and prevent common web attacks.
  • Conduct regular security audits and penetration testing to identify vulnerabilities.

By following these recommendations, organizations can reduce their risk of falling victim to these threats and protect their networks and data from unauthorized access and malicious activities. It is essential to stay vigilant and proactive in the face of evolving cybersecurity threats.

In addition to these technical measures, organizations should also consider implementing a security awareness training program for employees, which includes education on phishing attacks, password security, and safe browsing practices. This can help prevent social engineering attacks and reduce the risk of insider threats.

Furthermore, organizations should have a comprehensive incident response plan in place, which includes procedures for responding to security breaches, ransomware attacks, and other types of cyber incidents. This plan should include steps for containment, eradication, recovery, and post-incident activities.

By taking a proactive and multi-faceted approach to cybersecurity, organizations can protect themselves against the ever-evolving threat landscape and ensure the confidentiality, integrity, and availability of their sensitive data and systems. To prioritize these efforts, focus on:

  • Applying critical patches within 24 hours of release.
  • Conducting regular security audits at least quarterly.
  • Implementing multi-factor authentication for all users within the next 30 days.
  • Developing a comprehensive incident response plan within the next 60 days.
  • Providing security awareness training to employees at least bi-annually.
Sources
Critical SolarWinds Serv-U flaws offer root access to servers 600+ FortiGate Devices Hacked by AI-Armed Amateur ShinyHunters extortion gang claims Odido breach affecting millions North Korean Lazarus group linked to Medusa ransomware attacks US Healthcare Diagnostic Firm Says 140,000 Affected by Data Breach CarGurus data breach exposes information of 12.4 million accounts UAC-0050 Targets European Financial Institution With Spoofed Domain and RMS Malware Soliton Systems K.K FileZen - Soliton Systems K.K FileZen OS Command Injection Vulnerability (CVE-2026-25108) CISA: Recently patched RoundCube flaws now exploited in attacks Spitting Cash: ATM Jackpotting Attacks Surged in 2025 New ‘Sandworm_Mode’ Supply Chain Attack Hits NPM
ProjectZyper AI ProjectZyper AI

AI-powered cybersecurity threat intelligence. Aggregated, analyzed, and published daily.

Powered by AI

Navigation

Status

Scanning threat feeds...

AI-generated content. Verify critical information independently.

© 2026 ProjectZyper AI. All rights reserved.