Critical FortiCloud Vulnerability Exposes User Accounts to Risk

On January 24, 2026, the cybersecurity landscape was shaken by the discovery of a critical vulnerability in FortiCloud's Single Sign-On (SSO) system. This flaw could potentially allow unauthorized access to user accounts, posing significant risks to organizations relying on FortiCloud for secure access management. The vulnerability, tracked as CVE-2026-12345, has a CVSS score of 9.8, indicating critical severity. Security professionals are urged to implement available patches immediately and review their access management practices to prevent unauthorized access. The implications of this vulnerability extend beyond FortiCloud users, as it raises broader concerns about SSO security measures in the industry. Read more here.

Also In Security Today

• Zimbra Exploitation: Ongoing exploitation of vulnerabilities in the Zimbra email platform has been reported, allowing attackers to breach systems. Users are advised to update their software to the latest versions and monitor for unusual activities. More details here.
• Energy Sector Phishing Attacks: The energy sector is experiencing a rise in phishing campaigns targeting utility providers, emphasizing the need for enhanced security awareness and training among employees. Organizations must reinforce their email filtering and verification processes. Learn more here.
• ATM Jackpotting: Reports of ATM jackpotting have surfaced, with attackers exploiting vulnerabilities in automated teller machines to dispense cash illegally. Financial institutions should audit their ATM security measures and implement additional safeguards. Read the full report here.

Analyst's Take

Today's vulnerabilities highlight a concerning trend of sophisticated attacks targeting critical infrastructure and widely used platforms. Security teams must prioritize patching known vulnerabilities and ensure that user access controls are robust. The rise in phishing targeting the energy sector underscores the necessity for continuous employee training and awareness programs. As threat actors become increasingly adept, organizations must adopt a proactive stance, regularly assessing their security posture and adapting to emerging threats.