BaltimoreCyber Brief
All briefs
16 June 2025·4 min read

MOVEit fallout continues and Fortinet patches critical zero-day

VulnerabilitySupply ChainPatching

In 30 seconds

  • A fresh wave of MOVEit Transfer exploitation has targeted financial services firms across Europe, with attackers leveraging previously patched vulnerabilities in unpatched instances.
  • Fortinet released an emergency patch for CVE-2025-32756, a critical zero-day in FortiGate firewalls that is being actively exploited in the wild.
  • The NCSC has published updated guidance on supply chain risk management, with practical steps for boards and compliance teams.

Why it matters

The MOVEit story refuses to go away. What started as a single vulnerability in 2023 has become a recurring theme: organisations that patched quickly moved on, while those that delayed are still being caught out. This latest wave is a reminder that "we patched it last year" is not the same as "we are monitoring it continuously."

For regulated firms in the Channel Islands, this is particularly relevant. Many use file transfer solutions as part of their client reporting and fund administration workflows. If your organisation uses MOVEit, or any managed file transfer tool, the question is not whether you patched the original vulnerability. The question is whether you have visibility of new exploitation attempts against your environment right now.

The Fortinet zero-day is a different kind of problem. FortiGate firewalls sit at the perimeter of thousands of networks. When a zero-day is actively exploited before a patch is available, the window between disclosure and patching becomes critical. Fortinet acted quickly, but the attackers were already inside some networks before the patch landed.

The NCSC's updated supply chain guidance is worth reading in full. It moves beyond the usual "assess your suppliers" advice and provides practical frameworks for boards. If your compliance team is reviewing third-party risk this quarter, this is a useful reference point.

Questions to ask your team this week

  1. 1.Do we use MOVEit or any managed file transfer tool? If so, when was it last patched and are we monitoring for new exploitation attempts?
  2. 2.Are our Fortinet devices running the latest firmware? What is our process for applying emergency patches outside the normal cycle?
  3. 3.When did we last review our supply chain risk register? Does it include our critical technology suppliers?
  4. 4.If a perimeter device was compromised tomorrow, how quickly would we know? Do we have the monitoring in place to detect lateral movement?

One thing to do this week

Ask your IT team or managed service provider for a list of all internet-facing devices and their current firmware versions. Compare that list against the vendor's latest security advisories. If anything is out of date, escalate it.

Sources

  • NCSC - Supply Chain Security Guidance (June 2025)
  • Fortinet PSIRT - CVE-2025-32756 Advisory
  • CISA - Known Exploited Vulnerabilities Catalog
  • BleepingComputer - MOVEit Transfer exploitation update
  • The Record by Recorded Future - Fortinet zero-day analysis

Want to discuss anything from this week's brief?

Join the conversation on LinkedIn