Hackers weaponize Fortinet FortiSandbox zero-days in live attacks

Security teams relying on Fortinet’s FortiSandbox threat detection platform are being urged to patch immediately after researchers confirmed that attackers have begun exploiting critical vulnerabilities in live operations.

According to threat intelligence firm Defused, multiple flaws in the sandboxing solution are now being weaponized to bypass security controls and deploy additional malicious payloads. The company did not specify which exact vulnerabilities are involved or the scale of the ongoing attacks, but emphasized that exploitation is actively underway.

Why sandboxing tools are prime targets

FortiSandbox is designed to analyze suspicious files and isolate potential threats in a controlled environment before they reach production systems. By compromising the sandbox itself, attackers can trick the platform into misclassifying malware as safe, allowing malicious content to slip into corporate networks undetected. This approach mirrors similar campaigns against other security appliances, where attackers target the very tools meant to stop them.

A familiar pattern of urgency

The development follows a familiar script seen with other widely deployed security products. When critical vulnerabilities emerge in perimeter defenses, threat actors move quickly to weaponize them before patches can be widely applied. Fortinet has not yet released public advisories detailing remediation steps, but users are advised to monitor the vendor’s security bulletins closely and apply updates as soon as they become available. In the meantime, organizations should reinforce network monitoring and restrict administrative access to sandbox systems to reduce exposure.

---

Source: BleepingComputer. AI-assisted editorial synthesis — TechnoExpress.