Hackers are exploiting Fortinet firewall bugs to plant ransomware

Security researchers have observed hackers linked to the notorious LockBit gang exploiting a pair of Fortinet firewall vulnerabilities to deploy ransomware on several company networks. In a report published last week, security researchers at Forescout Research said a group it’s tracking dubbed “Mora_001” is exploiting the Fortinet firewalls, which sit on the edge of a company’s network and act as digital gatekeepers, to break in and deploy a custom ransomware strain they call “SuperBlack.” One of the vulnerabilities, tracked as CVE-2024-55591, has been exploited in cyberattacks to breach the corporate networks of Fortinet customers since December 2024. Forescout says a second bug, tracked as CVE-2025-24472, is also being exploited by Mora_001 in attacks. Fortinet released patches for both bugs in January. Sai Molige, senior manager of threat hunting at Forescout, told TechCrunch that the cybersecurity firm has “investigated three events in different companies, but we believe there c ... Read full article.