FortiGate firewalls hit by silent SSO attacks & config theft... still happening after latest patch

FortiGate firewalls are experiencing silent attacks where attackers bypass SSO protections to reconfigure settings, create backdoor admin users, and steal configuration files. Arctic Wolf warns of automated malicious activity targeting FortiGate appliances since January 15. Despite patches for critical authentication bypass bugs, admins report ongoing intrusions, suggesting a patch bypass for CVE-2025-59718. Fortinet is preparing new releases to fully address the issue.