Lostbrain

🚨 CRITICAL ALERT: 2 Active Exploits Detected (2026-06-10)

🚨 CRITICAL ALERT: 2 Active Exploits Detected (2026-06-10)

🚨 CRITICAL ALERT: Active Zero-Day Exploits

Two critical vulnerabilities currently in the CISA Known Exploited Vulnerabilities catalog create immediate risk of unauthorized access and remote code execution. CVE-2025-59718 is a CVSS 9.8 Fortinet authentication bypass that allows unauthenticated attackers to evade FortiCloud SSO using a crafted SAML response, and CVE-2026-11645 is a CVSS 8.8 Google Chrome V8 flaw that can enable arbitrary code execution via a malicious HTML page.[1][4][6] Both issues should be treated as urgent, high-priority exposure with immediate patching and compensating controls.

Critical Vulnerabilities (CVSS >= 8.0)

  • CVE-2025-59718 (CVSS: 9.8): Improper verification of cryptographic signatures in Fortinet FortiOS, FortiProxy, and FortiSwitchManager allows an unauthenticated attacker to bypass FortiCloud SSO login authentication via a crafted SAML response; the flaw is actively targeted and is listed in CISA KEV. View NVD | CISA KEV
  • CVE-2026-11645 (CVSS: 8.8): Out-of-bounds read and write in Chrome’s V8 engine prior to 149.0.7827.103 allows a remote attacker to execute arbitrary code inside a sandbox through a crafted HTML page; it is also listed in CISA KEV. View NVD | CISA KEV

⚡ Immediate Actions Required

Fortinet administrators: patch to the first fixed releases immediately and disable FortiCloud SSO login until remediation is confirmed. Fortinet’s guidance for CVE-2025-59718 recommends upgrading FortiOS to 7.6.4, 7.4.9, 7.2.12, or 7.0.18 or later; FortiProxy to 7.6.4, 7.4.11, 7.2.15, or 7.0.22 or later; and FortiSwitchManager to 7.2.7 or 7.0.6 or later.[6] Fortinet also advises turning off “Allow administrative login using FortiCloud SSO” or disabling it via CLI until affected systems are fully upgraded.[6]

Chrome defenders: force update Google Chrome to 149.0.7827.103 or later across all endpoints, verify browser version compliance, and isolate internet-facing or high-risk user groups first. Because the bug enables remote code execution through a crafted page, exposure is highest where users browse untrusted content or where browser sandbox escape chains may be attempted.[4]

Threat hunting priorities: review authentication logs for suspicious FortiCloud SSO activity, unexpected administrative logins, and newly created privileged accounts; on Chrome-managed fleets, confirm patch deployment and look for exploit-triggering browsing behavior or crashes associated with V8 memory corruption.[1][2][6]

Sarah

,