Category: Uncategorized

Ravie LakshmananJan 22, 2026Network Security / Vulnerability

Cybersecurity company Arctic Wolf has warned of a “new cluster of automated malicious activity” that involves unauthorized firewall configuration changes on Fortinet FortiGate devices.

The activity, it said, commenced on January 15, 2026, adding it shares similarities with a December 2025 campaign in which malicious SSO logins on FortiGate appliances were recorded against the admin account from different hosting providers by exploiting CVE-2025-59718 and CVE-2025-59719.

Both vulnerabilities allow for unauthenticated bypass of SSO login authentication via crafted SAML messages when the FortiCloud single sign-on (SSO) feature is enabled on affected Devices. The shortcomings impact FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager.

“This activity involved the creation of generic accounts intended for persistence, configuration changes granting VPN access to those accounts, as well as exfiltration of firewall configurations,” Arctic Wolf said of the developing threat cluster.

Specifically, this entails carrying out malicious SSO logins against a malicious account “cloud-init@mail.io” from four different IP addresses, following which the firewall configuration files are exported to the same IP addresses via the GUI interface. The list of source IP addresses is below –

• 104.28.244[.]115
• 104.28.212[.]114
• 217.119.139[.]50
• 37.1.209[.]19

In addition, the threat actors have been observed creating secondary accounts, such as “secadmin,” “itadmin,” “support,” “backup,” “remoteadmin,” and “audit,” for persistence.

“All of the above events took place within seconds of each other, indicating the possibility of automated activity,” Arctic Wolf added.

The disclosure coincides with a post on Reddit in which multiple users reported seeing malicious SSO logins on fully-patched FortiOS devices, with one user stating the “Fortinet developer team has confirmed the vulnerability persists or is not fixed in version 7.4.10.”

The Hacker News has reached out to Fortinet for comment, and we will update the story if we hear back. In the interim, it’s advised to disable the “admin-forticloud-sso-login” setting.

Japan has suspended operations at the world’s largest nuclear power plant, hours after its restart, its operator has said.

An alarm sounded “during reactor-start-up procedures” at Kashiwazaki-Kariwa in Tokyo but the reactor remained “stable”, Tokyo Electric Power Company (Tepco) spokesperson Takashi Kobayashi said.

Reactor number six restarted on Wednesday a day later than planned due to an alarm malfunction – the first at the plant to be turned on since the 2011 Fukashima disaster.

Japan shut down all of its 54 reactors after a 9.0 magnitude earthquake triggered a meltdown at its Fukashima plant 15 years ago, causing one of the worst nuclear disasters in history.

At the time, radiation leakage from the plant forced more than 150,000 people to evacuate their homes. Many have not returned despite assurances it is now safe.

Following the suspension of reactor number six on Thursday, Kobayashi said it was “stable and there is no radioactive impact outside”.

The reactor was initially set to start on Tuesday, but was pushed back due to a technical issue. It is due to begin operating commercially next month.

Kobayashi said Tepco was “currently investigating the cause” of the incident and did not say when operations would resume.

The seventh reactor at Kashiwazaki-Kariwa is not expected to be turned back on until 2030, while the other five could be decommissioned.

This would leave the plant with far less capacity than it once had when all seven reactors were operational.

Reactor number six was given the green light to restart despite safety concerns from local residents.

A small crowd of people gathered outside Tepco’s headquarters to protest last week, while hundreds gathered outside the Niigata prefectural assembly in December.

Japan was an early adopter of nuclear power – before 2011, nuclear accounted for nearly 30% of its electricity and the country planned to get that up to 50% by 2030.

After it was forced to shut them all down in the wake of the Fukashima disaster, it has spent the past decade attempting to revive the plants as part of its goal to reach net zero emissions by 2050.

Since 2015, Japan has restarted 15 out of its 33 operable reactors.

Three people have died after a reported shooting in a small town in New South Wales, Australia, police say.

A fourth person has been taken to hospital in a serious but stable condition.

Local police are now investigating the reported shooting which took place in Lake Cargelligo at about 16:40 local time (05:40 GMT).

Police have also told the public to avoid the area and that local residents should stay inside. Local reports say that the gunman is still at large.

A police statement said emergency services were called to Walker Street near Yelkin Street following reports of the shooting.

Two women and a man have died.

The Sydney Morning Herald reports that the incident was a suspected domestic violence attack.

It also reports that authorities are still trying to locate the gunman and that heavily armed tactical police have been deployed.

Seven News reports that the gunman had fled the scene in a vehicle owned by the local council.

Lake Cargelligo is located in the centre of New South Wales and has a population of about 1,500 people.

The incident comes after last month’s mass shooting at Sydney’s Bondi Beach which killed 15 people.