Get Your Free Report
Start for Free
SOCRadar® Cyber Intelligence Inc. | SSO 0-Day & Fortinet Exploits, Allianz Breach, Social Media Ban Service Listed on Dark Web
Jul 07, 2025
4 Mins Read
Moon

SSO 0-Day & Fortinet Exploits, Allianz Breach, Social Media Ban Service Listed on Dark Web

SOCRadar’s Dark Web Team has identified a fresh batch of alarming listings on underground forums. This week’s discoveries include an alleged 0-day redirect vulnerability in major Single Sign-On (SSO) platforms, and a separate exploit targeting known Fortinet CVEs, potentially allowing mass credential theft. In addition, a database tied to Allianz Seguros Spain is reportedly on sale, exposing millions of insurance records. A newly advertised social media ban service also claims to offer targeted takedowns across multiple platforms.

Receive a Free Dark Web Report for Your Organization:

Alleged 0-Day Vulnerability of a Single Sign-On System is on Sale

Alleged 0-Day Vulnerability of a Single Sign-On System is on Sale

SOCRadar Dark Web Team has observed a threat actor on a hacker forum advertising an alleged 0-day vulnerability in major Single Sign-On (SSO) systems. According to the threat actor’s claims, the vulnerability is an unauthenticated open redirect that purportedly affects platforms such as Apereo CAS, Jasig, and Keycloak with the CAS plugin.

The post asserts that the issue remains undocumented and unpatched, and could be used to redirect users from trusted login portals to attacker-controlled domains—potentially enabling phishing, session hijacking, or login bypass. The actor claims it affects over 12,000 live systems, including those in government, healthcare, finance, and international organizations.

CVE-2024-55591 Exploit of FortiGate is on Sale

CVE-2024-55591 Exploit of FortiGate is on Sale

SOCRadar Dark Web Team has detected a dark web post offering an exploit for CVE-2024-55591 (CVSS 9.8), a known authentication bypass vulnerability in Fortinet FortiOS and FortiProxy. The post allegedly describes a mass-exploitation script that can extract VPN and LDAP credentials, VPN ports, domain names, and DNS server information from vulnerable systems.

According to the threat actor, the exploit affects:

  • FortiOS versions 7.0.0 – 7.0.16
  • FortiProxy versions 7.0.0 – 7.0.19 and 7.2.0 – 7.2.12

The tool is purportedly multi-threaded, capable of scanning between 50 and 1,000 IP addresses depending on the server’s capacity. The actor also claims that newly deployed systems running unpatched versions continue to appear regularly. The package allegedly includes detailed instructions and is priced at $2,500, with only two copies for sale.

Alleged Database of Allianz Insurance Spain is on Sale

Alleged Database of Allianz Insurance Spain is on Sale

SOCRadar Dark Web Team has detected a dark web post allegedly offering a stolen database purportedly linked to Allianz Seguros Spain, the Spanish branch of the multinational insurance company. The threat actor claims the breach occurred on June 19, 2025, and includes approximately 4.6 million records. According to the post, the leaked dataset contains policy identifiers, NIF, full names, addresses, postal codes, and phone numbers.

A New Social Media Ban Service is Detected

A New Social Media Ban Service is Detected 

SOCRadar Dark Web Team has detected a dark web post promoting an alleged social media ban service targeting major platforms. The service claims to offer account takedown operations for platforms including Facebook, Twitter, Instagram, WhatsApp, LinkedIn, VK, Snapchat, and Reddit. According to the post, pricing depends on the target, and not all accounts are eligible for banning. The threat actor asserts a full refund policy if the takedown does not occur within a guaranteed timeframe, and cites “200+ happy customers” and “40+ positive feedbacks” as proof of success.

Powered by DarkMirror™

Gaining visibility into deep and dark web threats can be extremely useful from an actionable threat intelligence and digital risk protection perspective. However, monitoring all sources is simply not feasible, which can be time-consuming and challenging. One click-by-mistake can result in malware bot infection. To tackle these challenges, SOCRadar’s DarkMirror™ screen empowers your SOC team to follow up with the latest posts of threat actors and groups filtered by the targeted country or industry.