![Apple C1 vs Qualcomm Modem Performance [Speedtest]](https://www.iclarified.com/images/news/96767/96767/96767-640.jpg)
![Apple Studio Display On Sale for $1249 [Lowest Price Ever]](https://www.iclarified.com/images/news/96770/96770/96770-640.jpg)
![Alleged Case for Rumored iPhone 17 Air Surfaces Online [Image]](https://www.iclarified.com/images/news/96763/96763/96763-640.jpg)
![Google Home camera history adds double-tap to quick seek [U]](https://i0.wp.com/9to5google.com/wp-content/uploads/sites/4/2023/08/nest-cam-google-home-app-1.jpg?resize=1200%2C628&quality=82&strip=all&ssl=1)
![Galaxy Tab S10 FE leak reveals Samsung’s 10.9-inch and 13.1-inch tablets in full [Gallery]](https://i0.wp.com/9to5google.com/wp-content/uploads/sites/4/2025/03/galaxy-tab-s10-fe-wf-10.jpg?resize=1200%2C628&quality=82&strip=all&ssl=1)
![iOS 18.4 makes your Safari search history way more visible, for better or worse [U]](https://i0.wp.com/9to5mac.com/wp-content/uploads/sites/6/2023/02/New-iPhone-browsers.jpg?resize=1200%2C628&quality=82&strip=all&ssl=1)
_NicoElNino_Alamy.png?#)
_Kjetil_Kolbjørnsrud_Alamy.jpg?#)
![[The AI Show Episode 139]: The Government Knows AGI Is Coming, Superintelligence Strategy, OpenAI’s $20,000 Per Month Agents & Top 100 Gen AI Apps](https://www.marketingaiinstitute.com/hubfs/ep%20139%20cover-2.png)
![[The AI Show Episode 138]: Introducing GPT-4.5, Claude 3.7 Sonnet, Alexa+, Deep Research Now in ChatGPT Plus & How AI Is Disrupting Writing](https://www.marketingaiinstitute.com/hubfs/ep%20138%20cover.png)
-I-Interviewed-Niantic-about-Selling-Pokémon-GO-to-Scopely-00-14-13.png?width=1920&height=1920&fit=bounds&quality=80&format=jpg&auto=webp#)
.jpg?#)
VPN Vulnerabilities Emerges As The Key Tool for Threat Actors to Attack Organizations
VPN infrastructure has become a prime target for cybercriminals and state-sponsored actors, with vulnerabilities in these systems serving as gateways to widespread organizational compromise. Even years after their disclosure, critical VPN vulnerabilities continue to enable threat actors to steal credentials and gain administrative control over corporate networks at an unprecedented scale. This persistent exploitation demonstrates […] The post VPN Vulnerabilities Emerges As The Key Tool for Threat Actors to Attack Organizations appeared first on Cyber Security News.
VPN infrastructure has become a prime target for cybercriminals and state-sponsored actors, with vulnerabilities in these systems serving as gateways to widespread organizational compromise.
Even years after their disclosure, critical VPN vulnerabilities continue to enable threat actors to steal credentials and gain administrative control over corporate networks at an unprecedented scale.
This persistent exploitation demonstrates how older, often overlooked security flaws remain highly effective attack vectors.
Two particularly concerning vulnerabilities continue to plague organizations worldwide: CVE-2018-13379, a path traversal vulnerability in Fortinet’s FortiGate SSL VPN devices, and CVE-2022-40684, an authentication bypass flaw affecting Fortinet FortiOS, FortiProxy, and FortiManager.
Both maintain an alarming 97% Exploit Prediction Scoring System (EPSS) score, placing them among the top 3% of vulnerabilities most likely to be exploited within the next 30 days.
ReliaQuest researchers identified a staggering 4,223% increase in chatter related specifically to Fortinet VPNs on cybercriminal forums since 2018, highlighting threat actors’ growing focus on exploiting these vulnerabilities.
The research team also discovered that 64% of VPN vulnerabilities are directly linked to ransomware campaigns, demonstrating how quickly attackers monetize stolen credentials.
The enduring popularity of these vulnerabilities stems from their effectiveness and the slow pace of patching across organizations.
CVE-2018-13379, despite being nearly five years old, remains on CISA’s list of routinely exploited vulnerabilities, providing attackers with direct access to plaintext credentials without requiring advanced tools or expertise.
.webp)
What makes these exploits particularly dangerous is the automation behind them. Threat actors are sharing sophisticated, Python-based tools designed to exploit these vulnerabilities at scale, which shows an automated PoC for CVE-2018-13379 shared on a cybercriminal forum.
Automated Exploitation Changing the Threat Landscape
The industrialization of VPN exploitation was demonstrated in January 2025 when the threat actor Belsen_Group used CVE-2022-40684 to compromise over 15,000 FortiGate devices worldwide.
.webp)
This breach exposed sensitive data including IP addresses, VPN credentials, and configuration files from government and private sector organizations.
The exploit code, capable of scanning up to 5 million IPs daily, automates the creation of administrative accounts, extraction of sensitive data, and deployment of malicious policies, all while generating organized output files detailing successful exploits and vulnerable servers.
Organizations must prioritize patching these vulnerabilities and implement network segmentation, multi-factor authentication, and continuous monitoring to protect their VPN infrastructure from these increasingly sophisticated attacks.
Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free
The post VPN Vulnerabilities Emerges As The Key Tool for Threat Actors to Attack Organizations appeared first on Cyber Security News.
