Fortinet's got another critical zero-day on its hands (CVE-2025-64446), and this one's a doozy. Attackers have been exploiting an unauthenticated path traversal flaw in FortiWeb since early October to create admin accounts—complete with cheeky passwords like "AFT3$tH4ck." CVSS 9.8. CISA KEV-listed. Actively exploited. If you're running FortiWeb 8.0.1 or earlier and haven't patched to 8.0.2 yet, drop everything and do it now. Then check your device for unauthorized admin accounts. Full breakdown inside.