On January 14, 2025 Fortinet confirmed a critical zero-day vulnerability, CVE-2024-55591, in Fortinet’s FortiOS and FortiProxy systems that has been actively exploited in the wild. This authentication bypass vulnerability allows attackers to gain super-admin privileges via crafted requests to the Node.js WebSocket module, enabling unauthorized access to firewalls, rogue administrative account creation, and configuration changes.

PowerSchool, a widely used cloud-based and on-premises platform, experienced a data breach reported on December 28, 2024. The platform helps K-12 schools manage student and teacher information, including Personally Identifiable Information (PII), attendance records, grades, medical information, and Social Security numbers. The breach affected both cloud and on-premises customers after a compromise of maintenance account credentials allowed the threat actor to exfiltrate sensitive data.