Insights

Threat actors are actively targeting Fortinet FortiGate next-generation firewalls (NGFWs) to gain initial access into enterprise networks. Recent campaigns leverage authentication bypass vulnerabilities affecting FortiCloud Single Sign-On (SSO) functionality, allowing attackers to obtain administrative access to exposed devices. Once access is obtained, attackers are able to export the device configuration, gaining visibility into network architecture, firewall policies, and authentication integrations such as Active Directory or LDAP. This intelligence can be used to pivot deeper into internal networks. Organisations operating internet-accessible FortiGate appliances should review exposure and apply mitigations immediately. Vulnerabilities Observed The following vulnerabilities have been associated with active exploitation activity: • CVE-2025-59718 - FortiCloud SSO authentication bypass• CVE-2025-59719 - FortiCloud SSO authentication bypass• CVE-2026-24858 - Additional authentication bypass affecting SSO mechanisms These vulnerabilities may allow attackers to authenticate to the FortiGate administrative interface without valid credentials. Observed Attack Behaviour SOC investigations and threat-intelligence reporting indicate a consistent attack pattern:…

February 2026 Intelligence Update Critical Path Security is introducing a new initiative designed to provide clearer visibility into the evolving cyber and physical threat landscape affecting critical infrastructure, enterprise networks, and operational technology environments. Our Monthly Threat Brief will highlight the most relevant geopolitical developments, emerging vulnerabilities, adversary activity, and operational security considerations observed by our team. The goal is simple: give defenders a practical understanding of where the threat landscape is moving so they can act early. This February 2026 briefing is the first in the series and reflects several themes that security leaders should be paying close attention to. Readers can view the full briefing here: Monthly Threat Brief Geopolitical Conflict Is Increasing Cyber Risk Escalating tensions in the Middle East have raised concerns about retaliatory cyber operations and broader disruption targeting infrastructure and strategic industries. Recent developments included sustained military strikes across the region, targeting strategic assets…

Investment provides growth capital and operational resources to accelerate IT and OT cybersecurity services and technology - while preserving leadership continuity and client experience. Atlanta, GA - March 4, 2026 - Today, Critical Path Security ("CPS") and Léargas Security announced a strategic growth investment from Shoals Growth, a technology services investment fund focused on cybersecurity. The investment strengthens CPS and Léargas' ability to invest in people, capabilities, and product innovation - while keeping day-to-day operations and client engagements unchanged. CPS and Léargas will continue operating under their respective brands, with the same teams and the same commitment to responsive, outcome-driven security for clients across both IT and OT environments. Leadership As part of this next chapter, LJ Campbell will join CPS and Léargas as Chief Executive Officer. Campbell brings deep industry experience from his time at Bain & Company and Booz Allen Hamilton's commercial cyber risk practice, with work spanning…

Critical Path Security is expanding its managed security capabilities to include ScubaGoggles configuration testing for our MSOC and XDR customers. As organizations continue to rely heavily on cloud collaboration platforms, configuration risk has become one of the most common and most exploitable security gaps. Misconfigurations in SaaS environments routinely undermine otherwise strong endpoint, network, and identity controls. Addressing this risk requires structured, repeatable assessment aligned to authoritative baselines. ScubaGoggles provides that framework. What Is ScubaGoggles Cybersecurity and Infrastructure Security Agency (CISA) developed ScubaGoggles as part of its Secure Cloud Business Applications initiative. The tool is designed to assess Google Workspace tenant configurations against CISA-published secure configuration baselines. ScubaGoggles evaluates tenant settings, applies policy validation through Open Policy Agent rules, and generates structured reports identifying deviations from recommended security controls. The result is a repeatable and defensible configuration review aligned to federal guidance and industry best practices. Why Configuration Assessment Matters…