Task-specific Atlas Agents investigate threats at machine speed with full transparency, expert validation, and explainable outcomes you can trust.
Atlas Extended Detection and ResponseOpen XDR with Agentic AI & machine learning that eliminates noise, enables real-time detection and response, and automatically blocks threats.
Atlas User ExperienceSee what our SOC sees, review investigations, and see how we are protecting your business.
Atlas Platform IntegrationsSeamless integrations and threat investigation that adapts to your tools and evolves with your business.
24/7 SOC-as-a-Service with unlimited threat hunting and incident handling.
Threat Response Unit (TRU)Proactive threat intelligence, original threat research and a world-class team of seasoned industry veterans.
Cyber Resilience TeamExtend your team capabilities and prevent business disruption with expertise from eSentire.
Response and RemediationWe balance automated blocks with rapid human-led investigations to manage threats.
Combine AI-driven security operations, multi-signal attack surface coverage and 24/7 Elite Threat Hunters to help you take your security program to the next level.
Get unlimited Incident Response with threat suppression guarantee - anytime, anywhere.
CTEM and advisory programs that identify security gaps and build proactive strategies to address them.
Flexible MDR pricing and packages that fit your unique security requirements.
Entry level foundational MDR coverage
Comprehensive Next Level eSentire MDR
Next Level eSentire MDR with Cyber Risk Advisors to continuously advance your security program
Stop ransomware before it spreads.
Identity ResponseStop identity-based cyberattacks.
Zero Day AttacksDetect and respond to zero-day exploits.
Cybersecurity ComplianceMeet regulatory compliance mandates.
Third-Party RiskDefend third-party and supply chain risk.
Cloud MisconfigurationEnd misconfigurations and policy violations.
Cyber RiskAdopt a risk-based security approach.
Mid-Market SecurityMid-market security essentials to prioritize.
Sensitive Data SecurityProtect your most sensitive data.
Cyber InsuranceMeet insurability requirements with MDR.
Cyber Threat IntelligenceOperationalize cyber threat intelligence.
Security LeadershipBuild a proven security program.
On January 27th, 2026, Fortinet released a security advisory disclosing a zero-day vulnerability impacting multiple Fortinet products. The flaw, tracked as CVE-2026-24858 (CVSS: 9.8), is a…
On January 26th, 2026, Microsoft issued an emergency out-of-band security update to remediate a high-severity zero-day vulnerability in Microsoft Office. The vulnerability, identified as…
eSentire is The Authority in Managed Detection and Response Services, protecting the critical data and applications of 2000+ organizations in 80+ countries from known and unknown cyber threats. Founded in 2001, the company’s mission is to hunt, investigate and stop cyber threats before they become business disrupting events.
About Us Leadership Careers Event Calendar → Newsroom → Aston Villa Football Club →We provide sophisticated cybersecurity solutions for Managed Security Service Providers (MSSPs), Managed Service Providers (MSPs), and Value-Added Resellers (VARs). Find out why you should partner with eSentire, the Authority in Managed Detection and Response, today.
Search our site
Multi-Signal MDR with 300+ technology integrations to support your existing investments.
24/7 SOC-as-a-Service with unlimited threat hunting and incident handling.
We offer three flexible MDR pricing packages that can be customized to your unique needs.
The latest security advisories, blogs, reports, industry publications and webinars published by TRU.
Compare eSentire to other Managed Detection and Response vendors to see how we stack up against the competition.
See why 2000+ organizations globally have chosen eSentire for their MDR Solution.
On January 27th, 2026, Fortinet released a security advisory disclosing a zero-day vulnerability impacting multiple Fortinet products. The flaw, tracked as CVE-2026-24858 (CVSS: 9.8), is a critical authentication bypass vulnerability in FortiOS, FortiManager, FortiAnalyzer, and FortiProxy. It allows an attacker with a FortiCloud account and a registered device to authenticate into devices registered to other accounts via an alternate authentication path or channel. The vulnerability can only be exploited on devices with FortiCloud Single Sign-On (SSO) enabled.
Security patches for the affected product versions are under development at the time of writing. Fortinet stated that the SSO login feature will not allow login from devices running vulnerable versions. Organizations are advised to update vulnerable instances to secure versions as soon as patches become available.
Or use the CLI command:
config system global
set admin-forticloud-sso-login disable
endOr use the CLI command:
config system saml
set forticloud-sso disable
endOn January 22nd, Fortinet investigated reports from customers about malicious SSO login activity that involved two attacker-controlled FortiCloud accounts being used to access victim devices. Security researchers also observed similar activity involving the creation of generic accounts to maintain persistence, changes to grant VPN access, and exfiltration of firewall configuration data. This activity was initially believed to be linked to a patch bypass of another authentication bypass vulnerability, CVE-2025-59718, which had been disclosed, patched, and reported as exploited in the wild in December 2025. Due to the similarities in the exploitation patterns, the recent activity was attributed to the previously patched flaw.
Recent disclosure confirms that the two flaws differ, with CVE-2026-24858 being an authentication bypass by an alternate path or channel, and CVE-2025-59718 occurring due to improper verification of a cryptographic signature.
Following the disclosure, CISA added CVE-2026-24858 to its Known Exploited Vulnerabilities (KEV) catalog, providing federal agencies only three days to mitigate the flaw. On January 26th, Fortinet globally disabled FortiCloud SSO logins from the server side to prevent further exploitation, and re-enabled it on January 27th, ensuring logins from vulnerable instances are blocked. Fortinet also noted that the issue affects all SAML SSO implementations. While logins from vulnerable devices are currently restricted, organizations can still disable FortiCloud SSO on the client side as an additional precaution. FortiWeb and FortiSwitch Manager are still under investigation to determine the impact of the flaw.
Fortinet vulnerabilities are often targeted by threat actors, as they provide easy access to an organization's network. Recent activity included the creation of secondary administrator accounts and exfiltration of configuration data, indicating attempts to establish persistence and map the victim network. This suggests potential efforts for long-term access to compromise networks in the future. Organizations are therefore advised to check for signs of compromise, and Fortinet recommends contacting them if any associated Indicators of Compromise (IoCs) are observed.
References:
[1] https://www.fortiguard.com/psirt/FG-IR-26-060
[2] https://nvd.nist.gov/vuln/detail/CVE-2026-24858
[3] https://www.fortinet.com/blog/psirt-blogs/analysis-of-sso-abuse-on-fortios
[4] https://nvd.nist.gov/vuln/detail/CVE-2025-59718
[5] https://www.cisa.gov/news-events/alerts/2026/01/27/cisa-adds-one-known-exploited-vulnerability-catalog