Aggregator

增长强势 成果丰硕 | Fortinet发布2025年第二季度财报

嘶吼
1 month 2 weeks ago

近日,专注推动网络与安全融合的全球性综合网络安全解决方案供应商Fortinet,发布2025年第二季度财报。

Fortinet 创始人、董事长兼首席执行官谢青(Ken Xie)表示:“Fortinet 二季度业绩表现亮眼,账单收入超出预期,全年账单收入有望实现新突破!如此强劲的业绩表现和持续增长的业务记录,正是我们坚持锐意创新和客户至上战略所取得的丰硕成果。作为全球部署量最多的防火墙产品供应商,Fortinet 持续引领网络安全行业创新发展,不仅推出下一代 SASE 防火墙,更荣膺 2025 年 Gartner® 魔力象限™ SASE 平台‘领导者’称号。Fortinet强劲的业务增长势头、良好的财务前景、持续创新能力,以及收获五项不同网络安全魔力象限™认证的卓越产品,充分彰显了 Fortinet 基于 AI 驱动安全解决方案的领军实力,以及旗下统一操作系统 FortiOS 的差异化战略优势。”

Fortinet 2025年第二季度财报摘要

• 营收 16.3 亿美元,较去年同期增长 14%

• 账单收入 17.8 亿美元,较去年同期增长 15%

• 统一 SASE 和安全运营年度经常性收入(ARR),较去年同期分别增长 22% 和 35%

• GAAP 营业利润率达 28%

• 非 GAAP 营业利润率达 33%

• 二季度账单收入超预期,全年账单收入指引中间值上调 1 亿美元

近期Fortinet市场领先优势摘要

• 成功斩获 2025 年 Gartner® 安全访问服务边缘(SASE)平台魔力象限™ 领导者称号,并凭借出色表现,跻身本次关键能力报告“安全分支机构网络现代化”应用场景榜首。成为业内唯一一家包揽 Gartner® 五大不同领域魔力象限™ 报告殊荣的安全厂商,包括安全服务边缘(SSE)、SD-WAN、单一供应商 SASE、网络防火墙以及企业级有线和无线局域网基础设施领域。

• 扩展 FortiCloud,新增三种原生集成服务:FortiIdentity、FortiDrive 和 FortiConnect,进一步增强产品功能和灵活性,全方位保护企业网络安全和数据安全。

• 2025 年,连续三年稳居 Westlands Advisory IT/OT Network Protection Platform NavigatorTM(网络保护平台领航者)报告整体领导者阵营。

• 2025 年,连续第二年获评 Gartner® 企业级有线和无线局域网基础设施魔力象限™ 领导者。

• 连续六年蝉联 Gartner Peer Insights™ SD-WAN “客户之选”

• 连续三年荣膺Gartner Peer Insights™ 终端防护平台“客户之选”

• 持续加大研发投资,全球授权专利总数超 1,400 项,已授权及申请中 AI 专利超 500 项。

企业资讯

Windows 10 的 30 美元扩展安全更新支持单一账号 10 台设备

Solidot
1 month 2 weeks ago
Windows 10 即将于 2025 年 10 月 14 日终止支持,之后微软不再提供安全更新。然而 Windows 10 仍然有相当高的市场占有率,因此届时可能会有数以亿计的用户将无法获得安全更新。对于短时间内不会更新到 Windows 11 的用户,微软将向他们提供一次性的为期一年的扩展安全更新,费用为 30 美元,截至 2026 年 10 月 13 日。根据微软的支持文档,30 美元的扩展安全更新许可证支持一个微软帐户最多 10 台设备。

CVE-2025-23311

CVE Trends
1 month 2 weeks ago
Currently trending CVE - Hype Score: 1 - NVIDIA Triton Inference Server contains a vulnerability where an attacker could cause a stack overflow through specially crafted HTTP requests. A successful exploit of this vulnerability might lead to remote code execution, denial of service, information disclosure, or data ...

CVE-2025-54136

CVE Trends
1 month 2 weeks ago
Currently trending CVE - Hype Score: 1 - Cursor is a code editor built for programming with AI. In versions 1.2.4 and below, attackers can achieve remote and persistent code execution by modifying an already trusted MCP configuration file inside a shared GitHub repository or editing the file locally on the target's ...

CVE-2024-2887

CVE Trends
1 month 2 weeks ago
Currently trending CVE - Hype Score: 41 - Type Confusion in WebAssembly in Google Chrome prior to 123.0.6312.86 allowed a remote attacker to execute arbitrary code via a crafted HTML page. (Chromium security severity: High)

GreedyBear Steals $1M in Crypto Using 150+ Malicious Firefox Wallet Extensions

The Hackers News
1 month 2 weeks ago
A newly discovered campaign dubbed GreedyBear has leveraged over 150 malicious extensions to the Firefox marketplace that are designed to impersonate popular cryptocurrency wallets and steal more than $1 million in digital assets. The published browser add-ons masquerade as MetaMask, TronLink, Exodus, and Rabby Wallet, among others, Koi Security researcher Tuval Admoni said. What makes the
The Hacker News

GreedyBear Steals $1M in Crypto Using 150+ Malicious Firefox Wallet Extensions

不安全
1 month 2 weeks ago
GreedyBear 恶意活动利用150多个伪装成流行加密货币钱包的恶意Firefox扩展程序窃取超百万美元数字资产。攻击者通过"Extension Hollowing"技术绕过安全审查,在合法扩展中植入恶意功能以获取用户信任。这些扩展捕获钱包凭证并将其发送到攻击者服务器,并收集受害者IP地址用于追踪。该活动还涉及仿冒网站和恶意软件分发,影响范围不断扩大。

Stop Geo-Spoofing with Secure API Integration for Mobile Application

不安全
1 month 2 weeks ago
“地理位置欺骗涉及伪造设备位置以绕过限制或进行欺诈。攻击者利用VPN、假GPS应用等手段改变位置信息。这对依赖地理位置的移动应用如流媒体和金融类服务构成威胁。通过检测模拟器、根权限设备及篡改环境等方法可有效阻止此类攻击。”

Stop Geo-Spoofing with Secure API Integration for Mobile Application

Security Boulevard
1 month 2 weeks ago

Location Spoofing or Geo Spoofing is the act of deliberately falsifying the geographical location of a device. This can be performed using various techniques such as GPS manipulation, tweaking OS settings, or by using specialized software that tricks apps into reporting incorrect location data. 

The post Stop Geo-Spoofing with Secure API Integration for Mobile Application appeared first on Security Boulevard.

George McGregor

SonicWall dismisses zero-day fears after Ransomware probe

Security Affairs
1 month 2 weeks ago
SonicWall found no evidence of a new vulnerability after probing reports of a zero-day used in ransomware attacks. SonicWall investigated claims of a zero-day being used in ransomware attacks but found no evidence of any new vulnerability in its products. SonicWall launched the investigation after a surge in Akira ransomware attacks targeting Gen 7 firewalls with SSLVPN […]
Pierluigi Paganini

AI Kill Chain in Action: Devin AI Exposes Ports to the Internet with Prompt Injection

不安全
1 month 2 weeks ago
Devin AI系统中隐藏的工具可将本地端口暴露至互联网,可能被攻击者利用间接提示注入攻击暴露敏感信息或创建后门访问。该工具允许Devin在开发或测试中将本地服务公开,但存在安全风险。攻击者可通过多阶段注入控制Devin创建Web服务器并暴露文件系统。漏洞已报告但未修复。

AI Kill Chain in Action: Devin AI Exposes Ports to the Internet with Prompt Injection

Embrace The Red
1 month 2 weeks ago
Today let’s explore Devin’s system prompt a bit more. Specifically, an interesing tool that I discovered when reading through it. Hidden in Devin’s capabilities is a tool that can open any local port to the public Internet. That means, with the right indirect prompt injection nudge, Devin can be tricked into publishing sensitive files or services for anyone to access. This tunneling feature can be invoked without a human in the loop.

Managed ad