AnonymousMedia.org

Category: Uncategorized

  • Fortinet Confirms Active FortiCloud SSO Bypass on Fully Patched FortiGate Firewalls

    Fortinet Confirms Active FortiCloud SSO Bypass on Fully Patched FortiGate Firewalls


    Ravie LakshmananJan 23, 2026Network Security / Vulnerability

    Fortinet has officially confirmed that it’s working to completely plug a FortiCloud SSO authentication bypass vulnerability following reports of fresh exploitation activity on fully-patched firewalls.

    “In the last 24 hours, we have identified a number of cases where the exploit was to a device that had been fully upgraded to the latest release at the time of the attack, which suggested a new attack path,” Fortinet Chief Information Security Officer (CISO) Carl Windsor said in a Thursday post.

    The activity essentially mounts to a bypass for patches put in place by the network security vendor to address CVE-2025-59718 and CVE-2025-59719, which could allow unauthenticated bypass of SSO login authentication via crafted SAML messages if the FortiCloud SSO feature is enabled on affected devices. The issues were originally addressed by Fortinet last month.

    However, earlier this week, reports emerged of renewed activity in which malicious SSO logins on FortiGate appliances were recorded against the admin account on devices that had been patched against the twin vulnerabilities. The activity is similar to incidents observed in December, shortly after the disclosure of the CVE-2025-59718 and CVE-2025-59719.

    Cybersecurity

    The activity involves the creation of generic accounts for persistence, making configuration changes granting VPN access to those accounts, and the exfiltration of firewall configurations to different IP addresses. The threat actor has been observed logging in with accounts named “cloud-noc@mail.io” and “cloud-init@mail.io.”

    As mitigations, the company is urging the following actions –

    • Restrict administrative access of edge network device via the internet by applying a local-in policy
    • Disable FortiCloud SSO logins by disabling “admin-forticloud-sso-login”

    “It is important to note that while, at this time, only exploitation of FortiCloud SSO has been observed, this issue is applicable to all SAML SSO implementations,” Fortinet said.



    Source link

  • Alleged drug kingpin and ex-Olympian Ryan Wedding arrested

    Alleged drug kingpin and ex-Olympian Ryan Wedding arrested


    Former Canadian Olympic snowboarder and alleged drug kingpin Ryan Wedding has been arrested in Mexico and will be extradited to the US after years on the run, FBI Director Kash Patel has said.

    Wedding, who had been on the FBI’s Ten Most Wanted Fugitives list, is accused of running a transnational drug trafficking operation that moved tonnes of cocaine across international borders.

    Wedding, 44, was also wanted on murder charges. US officials had said they believed Wedding was living in Mexico under the Sinaloa drug cartel’s protection.

    The head of Canada’s federal police force, which assisted in the investigation, spoke alongside Patel on Friday to praise the law enforcement operation.

    “No single agency or nation can combat transnational organised crime alone,” said Mike Duheme, Commissioner of the Royal Canadian Mounted Police (RCMP).

    “We can finally say that our communities, our countries, are much safer with the arrest of Ryan Wedding,” he added.

    Wedding is expected to make his first court appearance on Monday.

    Wedding is accused of running a vast drug trafficking operation responsible for importing some 60 metric tonnes of cocaine a year.

    The organisation operated across North America, as well as several countries in Latin America and the Caribbean, and was also the largest supplier of cocaine to Canada, bringing in an estimated $1bn a year.

    Before he was arrested, Wedding was accused of killing a federal witness in a case against him. Officials say he has also ordered the murders of several others.

    Wedding is now facing a slew of felony charges, including witness tampering and intimidation, murder, money laundering and drug trafficking.

    The FBI had previously placed a $15m (£11m) reward for information leading to his arrest. Patel declined to comment on whether anyone would be claiming the reward money.

    US officials have not released any information regarding how Wedding was captured, except to say that his arrest took place on Thursday night in Mexico City.

    Mexico’s top security official, Omar García Harfuch, said in a post on X that Patel had visited Mexico City on Thursday, and departed with two fugitives on the FBI’s 10 Most Wanted list.

    He did not name the men arrested, but said one was a “Canadian citizen who voluntarily surrendered” at the US embassy in Mexico.

    The Associated Press, citing an unnamed Mexican Security Cabinet member, reported that Wedding is the Canadian who turned himself in at the US embassy.

    In his remarks at a news conference, Patel described Wedding as a “modern-day Pablo Escobar”, referring to the Colombian cartel leader. US officials have also compared him to Joaquín “El Chapo” Guzmán in Mexico.

    “When you go after a guy like Ryan Wedding, it takes a united front,” Patel said, thanking Canadian and Mexican authorities for their help in the investigation.

    Wedding’s aliases include “El Jefe,” “Giant,” “Public Enemy,” “James Conrad King,” and “Jesse King”, the FBI said. He has reportedly had plastic surgery to change his appearance while on the run.

    Officials allege that he launched his criminal enterprise following his release from a US federal prison in 2011, where he was serving a sentence for cocaine distribution.

    Authorities allege he has ordered dozens of murders across the globe, including in the US, Canada and Latin America.

    Officials say he had been living in luxury in Mexico. In December, Mexican authorities announced that they had seized $40m in racing motorcycles owned by Wedding. They also seized other valuable items, including luxury paintings, artworks, drugs and two Olympic gold medals.

    It is unclear to whom the medals belong. Wedding competed for Canada in the 2002 Olympic Games in Salt Lake City, but did not win any medals. He came in 24th place in the men’s giant parallel slalom ski event.

    In November, the FBI seized his rare 2002 Mercedes CLK-GTR, which had been valued at $13m.

    Patel also spoke about the recent arrest of another man in Mexico who had been on the FBI’s most wanted list.

    American man Alejandro Castillo was wanted for the murder of his ex-girlfriend. According to the FBI, he has been in hiding in Mexico for nearly 10 years, and will now be extradited back to North Carolina for trial.



    Source link

  • Not only Americans risked life and limb to serve in Afghanistan

    Not only Americans risked life and limb to serve in Afghanistan


    Frank GardnerBBC Security Correspondent

    PA Media Royal Marines of M Company of 42 Commando in military fatigues and wielding guns during an operation to clear compounds used by the Taliban in Helmand Province of Southern AfghanistanPA Media

    Blast walls, rocket attacks, Forward Operating Bases (FOBs), Improvised Explosive Devices (IEDs)… and long queues in the canteen. Anyone who deployed to Afghanistan, in whatever role, between 2001-2021 will have their own vivid memories of that time.

    It started with the flight in – to Kandahar, Kabul or Camp Bastion. It could be a long, slow descent with the lights out on an RAF jet, or a rapid, corkscrew down in a C-130 transport plane. In both cases the aim was to avoid being blown out of the air by a Taliban surface-to-air missile.

    Over the course of 20 years thousands of servicemen and women, as well as civilians, from dozens of countries deployed to Afghanistan, answering the US call for assistance.

    That call came in the form of invoking Nato’s Article 5 of its charter – the only time it has ever happened in Nato’s 77-year history – which states that an attack on one member shall be deemed an attack on all.

    America was reeling from the devastating 9/11 attacks when al-Qaeda, which was being sheltered by the Taliban in Afghanistan, murdered nearly 3,000 people by flying packed airliners into New York’s Twin Towers and the Pentagon in Washington.

    The Taliban were swiftly driven from power in a joint effort by the US military, the CIA and Afghanistan’s Northern Alliance.

    Then it was all about trying to hunt down the remnants of al-Qaeda as Britain’s Royal Marines, together with UK Special Forces, pursued them over the mountains but many escaped to safety to regroup in Pakistan.

    It was not until ten years later that the US Navy’s Seal Team Six commandos tracked down the al-Qaeda leader, Osama Bin Laden, in a villa in Abbottabad, Pakistan.

    The first two years of the US-led “Operation Enduring Freedom” as it was called, were relatively quiet. By late 2003, as America’s attention switched to Iraq, US servicemen we met even started referring to Afghanistan as “Op Forgotten”. But it was still dangerous.

    From a rain-soaked Kandahar airbase we watched Romanian troops edge nervously out on patrol in their Soviet-era armoured vehicles, wary of the next ambush.

    Flying into a remote US-manned firebase in the mountainous Paktika province in a Blackhawk helicopter, my BBC crew and I were told cheerfully: “You’ve come to the worst place in the world”.

    Sure enough, the Taliban launched Chinese-made rockets at the base after dark, planted there, we were told, by farmers who had been either bribed or coerced into doing so.

    Everything changed after 2006, when the UK deployed in force to Helmand province, a part of Afghanistan that had been relatively peaceful until then.

    The Taliban made their intentions clear. If you come, they said, then we will fight you.

    And yet the UK government at the time appeared shocked at the ferocity of the fighting 3 Para now found themselves engaged in, with British paratroopers calling in mortar and artillery fire so close to their positions it was termed “danger close”, in an effort to stop their bases from being overrun.

    Over the next eight years, until the end of combat operations in 2014, it was not just Americans who were risking life and limb to serve in Afghanistan.

    Brits, Canadians, Danes and Estonians were among those who saw the toughest fighting in Kandahar and Helmand provinces. It would also be churlish to ignore the bravery and sacrifice of so many Afghans who fought and died over two decades.

    I say “fighting” but most soldiers’ biggest fears stemmed from the hidden IEDs, those expertly concealed Improvised Explosive Devices. The Taliban, who of course knew every inch of their terrain, were often able to guess correctly exactly where troops would need to cross an irrigation ditch or canal and so place the bomb accordingly.

    In the space of a split second, in a blinding flash and puff of black smoke, a fit, healthy, 20-something individual would have their life either ended or catastrophically changed, facing amputation and a host of other complications.

    So prevalent were these IEDs that soldiers were going out of the gates of their FOBs – Forward Operating Bases – on patrol praying that if they got hit it would result in a below-the-knee amputation, not one above the knee.

    The courage and resilience of the people I have met since, who have managed, despite terrible loss and adversity, to turn their shattered lives around, is both humbling and awe-inspiring.

    These are just some of the people who answered America’s call for help after the 9/11 attacks.

    It is little wonder there has been such nationwide outrage at that country’s president’s suggestion that they somehow dodged the fighting.



    Source link