Simo

🚨 New Fortinet vulnerability being exploited as an 0-day CVE-2026-35616 - FortiClient EMS pre-authentication API access bypass - CVSS 9.1 Critical After observing in-the-wild exploitation of this vulnerability earlier this week, Defused reported it to Fortinet under responsible disclosure. Fortinet has released an emergency hotfix - plus a scheduled patch - for FortiClient EMS 7.4.5 and 7.4.6. The vulnerability allows an unauthenticated attacker to bypass API authentication and authorization entirely, unauthorized code or commands via crafted requests. This discovery was made through our upcoming Radar feature launching next week 😇 Advisory: fortiguard.com/psirt/FG-IR-26… Track exploitation of this and other Fortinet vulns in real time and get updates on the new Defused Radar 👉 console.defusedcyber.com/signup Credit also to @heckintosh_ for independently discovering this vulnerability 💪

Past few weeks I have been posting less @DefusedCyber updates, but only because it's reached enough users that have needed to rework some scaling aspects. That said, new stuff coming soon again 😉

⚠️ We are observing actors sending test exploits against the recent Drupal vulnerability CVE-2026-9082 since this morning Probes hit /jsonapi/node/* with a malformed filter[…][value][…] key, triggering the SQL injection bug to check whether the site is vulnerable. No data-extraction payloads yet, so this is likely recon ahead of the real wave. Monitor live attacks against Drupal 👉console.defusedcyber.com/intel

@rootpoint @UK_Daniel_Card Name all servers Honeypot Name all honeypots Server Checkmate hackers

@cyb3rops Did some similar work with reverse engineering binaries with LLMs and realized the same thing — bad things embedded in nice names just cause it to ignore the finding. So wrap your ransomware code in “Ransomware Simulation” strings and you’re off to the races.

CVE-2026-0265, the PAN-OS auth bypass (when Cloud Auth Services are enabled) was fun to reproduce and load into the watchTowr Platform. Our friends @ @HacktronAI are publishing their analysis this week, so we won’t be publishing. Looking forward to it 🚀