
FortiJump: FortiManager Zero-Day Config Heist
A FortiManager appliance is breached through an FGFM authentication bypass (the FortiJump zero-day): an attacker-controlled FortiManager registers itself as a trusted device, stages every managed FortiGate's configuration into a single hidden archive on the appliance, and exfiltrates it over HTTPS, stealing the fleet inventory and FortiOS256-hashed administrator passwords. Weeks later the operator re-registers and exfiltrates again to fresh infrastructure. With no malware on any firewall and no endpoint to inspect, reconstruct the entire heist from the appliance event log and perimeter firewall alone.
Launches in 5 days
Tuesday, July 21, 2026 at 9:00 AM
Pro unlocks this operation at launch.
Training Tools
What you'll investigate
7 objectives unlock when this operation goes live.
Be first when it launches
Create your account and grab Pro before launch. The moment this operation goes live on Jul 21, 2026, you can jump straight in.
Get Started Free