News

Fortinet Confirms Critical Zero-Day Vulnerability in Firewalls (CVE-2024-55591)

Luciano Ferrari

01 Jan 2026 — 2 min read

Thursday, January 1, 2026

Top 5 Cybersecurity Stories You Should Know

Fortinet Confirms Critical Zero-Day Vulnerability in Firewalls (CVE-2024-55591) — tl;dr: In early 2025, Fortinet disclosed a critical zero-day vulnerability (CVE-2024-55591) affecting FortiGate firewalls and FortiProxy, rated CVSS 9.6. This flaw allows for authentication bypass and has been actively exploited in the wild, with reports of large-scale attacks targeting exposed management interfaces since December 2024. Organizations using affected Fortinet products are urged to implement immediate patching and credential rotation to mitigate potential risks. The vulnerability underscores the necessity for robust security measures and continuous monitoring of network devices.
↪ https://www.infosecurity-magazine.com/news/infosecurity-top-10-stories-2025/
ESA Confirms Breach; Ex-Staff Plead Guilty in BlackCat Ransomware Case — tl;dr: The European Space Agency (ESA) has confirmed a cyber incident involving external servers, allegedly accessed by a threat actor who claims to have exfiltrated over 200GB of data, including private repositories. A forensic analysis is underway, and affected stakeholders have been notified. In a separate case, two former employees of cyber incident response firms pleaded guilty to participating in BlackCat ransomware attacks against U.S. organizations, facing up to 20 years in prison. Organizations are advised to review their cybersecurity measures and ensure robust incident response protocols are in place to mitigate insider threats.
↪ https://www.integrity360.com/cyber-news-roundup-january-2nd-2026
2026: A Call for Genuine Cybersecurity Commitment — tl;dr: As we approach 2026, organizations must move beyond superficial security measures and genuinely commit to robust cybersecurity practices. The alarming rise in data breaches, exemplified by a 211% increase in victim notifications in 2025, underscores the urgent need for accountability in protecting sensitive information. Companies should not only validate their security programs but also educate clients on their data security responsibilities. By leveraging tools like TCT Portal, organizations can streamline compliance and enhance their security posture, ensuring they are not the next to issue a breach notification.
↪ https://www.totalcompliancetracking.com/security-breach-notifications-2026/
Cyber Hygiene Lessons from 2025: Key Priorities for 2026 — tl;dr: The year 2025 highlighted critical cybersecurity challenges, including rampant ransomware, AI-driven threats, and supply chain vulnerabilities. Major incidents, such as the Jaguar Land Rover attack, underscored the importance of robust cyber hygiene practices. For 2026, organizations must prioritize AI governance, identity-first security, and supply chain risk management. Emphasizing automation in incident response and resilience over mere detection is essential. As hackers remain relentless, companies should adopt a proactive approach to cybersecurity, ensuring their defenses are not just reactive but embedded in every operational layer.
↪ https://www.secureworld.io/industry-news/hackers-dont-take-holidays
10 Cybersecurity Resolutions for a Safer Online Experience in 2026 — tl;dr: As we enter 2026, it's crucial to enhance your online security against rising cyber threats. Implementing strong, unique passwords and enabling two-factor authentication (2FA) can significantly reduce the risk of account takeovers. Regularly auditing your digital presence and removing unused accounts helps limit exposure to potential scams. Keeping software updated and considering a personal data removal service can further protect your privacy. These simple yet effective resolutions can help safeguard your digital life and reduce the chances of falling victim to cybercrime this year.
↪ https://www.foxnews.com/tech/10-simple-cybersecurity-resolutions-safer-2026