{"id":227042,"date":"2026-03-19T10:25:00","date_gmt":"2026-03-19T14:25:00","guid":{"rendered":"https:\/\/news-you-need.com\/index.php\/2026\/03\/19\/fortigate-raas-citrix-exploits-mcp-abuse-livechat-phish-more\/"},"modified":"2026-03-24T09:30:15","modified_gmt":"2026-03-24T13:30:15","slug":"fortigate-raas-citrix-exploits-mcp-abuse-livechat-phish-more","status":"publish","type":"post","link":"https:\/\/news-you-need.com\/index.php\/2026\/03\/19\/fortigate-raas-citrix-exploits-mcp-abuse-livechat-phish-more\/","title":{"rendered":"FortiGate RaaS, Citrix Exploits, MCP Abuse, LiveChat Phish &#038; More"},"content":{"rendered":"<p><a href=\"https:\/\/thehackernews.com\/2026\/03\/threatsday-bulletin-fortigate-raas.html\">FortiGate RaaS, Citrix Exploits, MCP Abuse, LiveChat Phish &#038; More<\/a><\/p>\n<p><a href=\"https:\/\/thehackernews.com\/2026\/03\/threatsday-bulletin-fortigate-raas.html\">https:\/\/thehackernews.com\/2026\/03\/threatsday-bulletin-fortigate-raas.html<\/a><\/p>\n<p>Publish Date: <a href=\"publish_date]\">2026-03-19 10:25:00<\/a><\/p>\n<p>Source Domain: <a href=\"thehackernews.com\">thehackernews.com<\/a><\/p>\n<p><span class=\"p-author\">\ue804<span class=\"author\">Ravie Lakshmanan<\/span>\ue802<span class=\"author\">Mar 19, 2026<\/span><\/span><span class=\"p-tags\">Cybersecurity \/ Hacking News<\/span><\/p>\n<p>ThreatsDay Bulletin is back on The Hacker News, and this week feels off in a familiar way. Nothing loud, nothing breaking everything at once. Just a lot of small things that shouldn\u2019t work anymore but still do.<\/p>\n<p>Some of it looks simple, almost sloppy, until you see how well it lands. Other bits feel a little too practical, like they\u2019re already closer to real-world use than anyone wants to admit. And the background noise is getting louder again, the kind people usually ignore.<\/p>\n<p>A few stories are clever in a bad way. Others are just frustratingly avoidable. Overall, it feels like quiet pressure is building in places that matter.<\/p>\n<p>Skim it or read it properly, but don\u2019t skip this one.<\/p>\n<ol class=\"td-timeline\" role=\"list\">\n<li class=\"td-item\">\n  <span aria-hidden=\"true\" class=\"td-dot\"\/><\/p>\n<p>    <span class=\"td-punch\">Emerging RaaS exploiting FortiGate flaws<\/span><\/p>\n<p class=\"td-desc\">\n      Group-IB has shed light on the various tactics adopted by The Gentlemen, a nascent Ransomware-as-a-Service (RaaS) operation that consists of about 20 members. It originated from a payment dispute after its operator &#8220;hastalamuerte&#8221; opened a public arbitration thread on the RAMP cybercrime forum, accusing Qilin ransomware operators of unpaid affiliate commission amounting to $48,000. The group primarily uses CVE-2024-55591, a critical authentication bypass vulnerability in FortiOS\/FortiProxy, for initial access. &#8220;The group maintains an operational database of approximately 14,700 already exploited FortiGate devices globally,&#8221; the company said. &#8220;Separate from exploited devices, the operators maintain 969 validated brute-forced FortiGate VPN credentials ready for attack.&#8221; The Gentlemen also employs defense evasion via the bring your own vulnerable driver (BYOVD) technique to terminate security processes at the kernel level. About 94 organizations have already been attacked by this threat group since its emergence in July\/August 2025.\n    <\/p>\n<\/li>\n<li class=\"td-item\">\n  <span aria-hidden=\"true\" class=\"td-dot\"\/><\/p>\n<p>    <span class=\"td-punch\">Pre-auth RCE chain in ITSM platform<\/span><\/p>\n<p class=\"td-desc\">\n      Four security flaws (CVE-2025-71257,&#8230;<\/p>\n<\/li>\n<\/ol>\n<p><a href=\"https:\/\/thehackernews.com\/2026\/03\/threatsday-bulletin-fortigate-raas.html\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>FortiGate RaaS, Citrix Exploits, MCP Abuse, LiveChat Phish &#038; More https:\/\/thehackernews.com\/2026\/03\/threatsday-bulletin-fortigate-raas.html Publish Date: 2026-03-19 10:25:00&#8230;<\/p>\n","protected":false},"author":1,"featured_media":227043,"comment_status":"closed","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgo8NYPjdG8isSFFKDJkDtz603as8VZqTtFenMMZGF6GB_abFJsu8Kj6alv-Bnk_K0k9sXEqyPo2WxK12jRPz9cMIEvzX7whTVEESRW_n8mQguCvj5nQzTjXdmcvmPKP6GMFJuropryXpS7Uyi0VKDAmdGFFu4OqeHFnYVkhDCNO86SgTRMcLu6O_ZtJKen\/s1600\/tdays.jpg","fifu_image_alt":"","footnotes":""},"categories":[15],"tags":[24,35,27],"class_list":["post-227042","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-cybersecurity","tag-hacker","tag-vulnerability"],"_links":{"self":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/227042"}],"collection":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/comments?post=227042"}],"version-history":[{"count":1,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/227042\/revisions"}],"predecessor-version":[{"id":227044,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/posts\/227042\/revisions\/227044"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media\/227043"}],"wp:attachment":[{"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/media?parent=227042"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/categories?post=227042"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/news-you-need.com\/index.php\/wp-json\/wp\/v2\/tags?post=227042"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}