Attacks Target Freshly Patched, Critical Fortinet Flaws

Chinese Attackers Among Those Tied to Attempted Exploits of FortiSIEM Appliances Mathew J. Schwartz (euroinfosec) • January 21, 2026

Mere weeks into the new year, this trend from 2025 still holds true: researchers unearth more critical vulnerabilities in edge devices and attackers quickly deploy them in hacks.

See Also: On Demand | From Patch to Prevention: Modernizing Remediation Across Hybrid Environments

Lately, this includes a critical flaw in Fortinet's FortiSIEM security information and event management appliances, which can be remotely exploited by attackers to fully compromise the system and gain access to an organization's network.

Tracked as CVE-2025-64155, security firm Defused reported Thursday that its honeypots began detecting active, in-the-wild attempts to exploit the vulnerability, hot on the heels of Fortinet issuing a security alert.

The attack attempts include "strong activity" from IP addresses in China, with a number of targeted attacks commencing "almost instantly since the vulnerability ...