April 16, 2025 By Lawrence Abrams
Over 16,000 internet-exposed Fortinet devices have been detected as compromised with a new symlink backdoor that allows read-only access to sensitive files on previously compromised devices.
This exposure is being reported by threat monitoring platform The Shadowserver Foundation, which initially reported 14,000 devices were exposed.
Today, Shadowserver's Piotr Kijewski told BleepingComputer that the cybersecurity organization now detects 16,620 devices impacted by the recently revealed persistence mechanism.