Security Bulletin: ScreenConnect Authentication Trust Vulnerability and Hardening Advisory

Date: March 19, 2026Severity: HighAffected Product: ConnectWise ScreenConnect (versions prior to 26.1) Executive Summary Critical Path Security is advising clients of a recently disclosed security concern impacting ConnectWise ScreenConnect related to the potential abuse of ASP.NET machine key material used for authentication trust. If cryptographic material associated with a ScreenConnect instance is exposed, a threat actor may be able to forge or manipulate trusted application data. This could result in unauthorized access, session hijacking, and privilege escalation within the platform. ConnectWise has released version 26.1 to address this risk through enhanced protection and rotation of cryptographic material. Immediate action is recommended. Technical Overview ScreenConnect relies on ASP.NET machine keys to sign and validate protected application data, including authentication tokens and session state. Under normal conditions, these keys ensure: Data integrity Authenticity of session information Protection against tampering However, if machine key material becomes accessible through: Misconfigured backups Exposed configuration files…

0 Comments

Cisco Firewall Zero-Day Actively Exploited in Ransomware Attacks

Security Bulletin Cisco Firewall Zero-Day Exploitation in Ransomware Campaigns Date: March 2026Severity: CriticalThreat Type: Initial Access / Infrastructure Compromise Executive Summary A recently disclosed set of Cisco firewall and management interface vulnerabilities are now being actively exploited in the wild, including in ransomware campaigns associated with the Interlock group. These vulnerabilities allow unauthenticated attackers to gain control of firewall infrastructure, effectively bypassing traditional security controls and gaining direct access into internal networks. This represents a significant shift in attacker behavior, targeting core network infrastructure rather than endpoints or users. What's Going On Cisco has disclosed multiple critical vulnerabilities affecting firewall management platforms, including Cisco Secure Firewall Management Center (FMC). These vulnerabilities enable attackers to: Execute arbitrary code remotely Bypass authentication mechanisms Obtain root-level access to affected systems In some observed cases, exploitation can occur through crafted HTTP requests sent directly to exposed management interfaces. This means an externally accessible firewall…

0 Comments

FortiGate NGFW Exploitation: How Threat Actors Breach Networks via Service Account Credentials

Threat actors are actively targeting Fortinet FortiGate next-generation firewalls (NGFWs) to gain initial access into enterprise networks. Recent campaigns leverage authentication bypass vulnerabilities affecting FortiCloud Single Sign-On (SSO) functionality, allowing attackers to obtain administrative access to exposed devices. Once access is obtained, attackers are able to export the device configuration, gaining visibility into network architecture, firewall policies, and authentication integrations such as Active Directory or LDAP. This intelligence can be used to pivot deeper into internal networks. Organisations operating internet-accessible FortiGate appliances should review exposure and apply mitigations immediately. Vulnerabilities Observed The following vulnerabilities have been associated with active exploitation activity: • CVE-2025-59718 - FortiCloud SSO authentication bypass• CVE-2025-59719 - FortiCloud SSO authentication bypass• CVE-2026-24858 - Additional authentication bypass affecting SSO mechanisms These vulnerabilities may allow attackers to authenticate to the FortiGate administrative interface without valid credentials. Observed Attack Behaviour SOC investigations and threat-intelligence reporting indicate a consistent attack pattern:…

0 Comments

Critical Path Security Launches Monthly Threat Briefing

February 2026 Intelligence Update Critical Path Security is introducing a new initiative designed to provide clearer visibility into the evolving cyber and physical threat landscape affecting critical infrastructure, enterprise networks, and operational technology environments. Our Monthly Threat Brief will highlight the most relevant geopolitical developments, emerging vulnerabilities, adversary activity, and operational security considerations observed by our team. The goal is simple: give defenders a practical understanding of where the threat landscape is moving so they can act early. This February 2026 briefing is the first in the series and reflects several themes that security leaders should be paying close attention to. Readers can view the full briefing here: Monthly Threat Brief Geopolitical Conflict Is Increasing Cyber Risk Escalating tensions in the Middle East have raised concerns about retaliatory cyber operations and broader disruption targeting infrastructure and strategic industries. Recent developments included sustained military strikes across the region, targeting strategic assets…

0 Comments