Arctic Wolf detected malicious SSO logins on FortiGate appliances linked to critical vulnerabilities CVE-2025-59718 and CVE-2025-59719. These vulnerabilities allow unauthenticated access via crafted SAML messages if the FortiCloud SSO feature is enabled. Administrators are urged to reset credentials, restrict access, and upgrade to the latest software versions.