<ul><li>Hackers linked to the LockBit gang are exploiting Fortinet firewall vulnerabilities to carry out ransomware attacks on company networks.</li><li>The hackers are specifically using two vulnerabilities, CVE-2024-55591 and CVE-2025-24472, to breach the networks and deploy a custom ransomware strain called 'SuperBlack.'</li><li>Forescout Research has investigated three attacks, and there may be others, with the hackers selectively encrypting file servers after exfiltrating data.</li><li>The threat actor, Mora_001, shows close ties to the previously disrupted LockBit ransomware gang.</li></ul>

Hackers are exploiting Fortinet firewall bugs to plant ransomware

Discover more