Fortiguard Labs
Latest Reports
Threat Signal Report
Multiple ZTNA Products Authentication Bypass
Aug 14, 2025A series of critical vulnerabilities affecting leading zero trust platforms - Zscaler, Netskope, and Check Point (Perimeter 81) - have been disclosed following a seven-month research campaign by...
Threat Research Blog
From ClickFix to Command: A Full PowerShell Attack Chain
Aug 11, 2025A regionally targeted PowerShell-based campaign used phishing lures, obfuscation, and RAT delivery to infiltrate Israeli organizations. Learn how the attack chain worked—and how Fortinet blocked it.
Threat Research Blog
Unveiling a New Variant of the DarkCloud Campaign
Aug 07, 2025FortiGuard Labs has uncovered a stealthy new variant of DarkCloud malware that leverages phishing emails, obfuscated JavaScript, PowerShell loaders, and process hollowing to exfiltrate...
Outbreak Alert
Citrix Bleed 2
Aug 06, 2025FortiGuard Labs has observed a sharp increase in exploitation attempts targeting the 'Citrix Bleed 2' vulnerability since July 28, 2025. Telemetry indicates activity has surged to over 6,000...
Threat Research Blog
Malicious Packages Across Open-Source Registries: Detection Statistics and Trends (Q2 2025)
Aug 04, 2025Malware threats continue to infiltrate open-source software registries. FortiGuard Labs’ Q2 2025 analysis reveals persistent tactics used in malicious NPM and PyPI packages, including credential...
Outbreak Alert
Microsoft SharePoint Zero-day Attack
Jul 31, 2025FortiGuard Labs has detected and successfully blocked hundreds of exploitation attempts targeting a newly discovered zero-day vulnerability chain in on-premises Microsoft SharePoint servers. This...
Threat Research Blog
In-Depth Analysis of an Obfuscated Web Shell Script
Jul 25, 2025Detailed analysis of an obfuscated web shell used in a CNI attack. Explores its structure, traffic patterns, and Fortinet’s detection and protection.
Threat Research Blog
Inside The ToolShell Campaign
Jul 25, 2025FortiGuard Labs uncovers ToolShell, a sophisticated exploit chain targeting Microsoft SharePoint servers using a mix of patched and zero-day CVEs. Learn how attackers deploy GhostWebShell and...
Threat Research Blog
A Special Mission to Nowhere
Jul 23, 2025Following the Israel-Iran ceasefire, FortiGuard Labs uncovered a phishing campaign posing as a private jet evacuation service from Tel Aviv to New York. Learn how attackers used crisis-driven fear...
Threat Research Blog
NailaoLocker Ransomware’s “Cheese”
Jul 18, 2025FortiGuard Labs analyzes NailaoLocker ransomware, a unique variant using SM2 encryption and a built-in decryption function. Learn how it works, why it matters, and how Fortinet protects against it.
Outbreak Alert
SonicWall Secure Mobile Access Attack
Jul 18, 2025A campaign targeting SonicWall SMA 100 series appliances is currently under active exploitation, leveraging both known vulnerabilities and potential zero-days to gain persistent access to...
Threat Research Blog
Improving Cloud Intrusion Detection and Triage with FortiCNAPP Composite Alerts
Jul 17, 2025FortiCNAPP Composite Alerts link weak signals into clear timelines—helping security teams detect cloud-native threats earlier and triage them faster.
Threat Research Blog
Old Miner, New Tricks
Jul 16, 2025FortiCNAPP Labs uncovers Lcrypt0rx, a likely AI-generated ransomware variant used in updated H2Miner campaigns targeting cloud resources for Monero mining.
Threat Signal Report
Wing FTP Remote Code Execution Vulnerability
Jul 15, 2025CVE-2025-47812 is a recently disclosed Remote Code Execution (RCE) vulnerability impacting Wing FTP Server, a cross-platform file transfer solution. This critical flaw affects versions prior to...
Threat Research Blog
How FortiSandbox 5.0 Detects Dark 101 Ransomware Despite Evasion Techniques
Jul 14, 2025Discover how FortiSandbox 5.0 detects Dark 101 ransomware, even with sandbox evasion tactics. Learn how advanced behavioral analysis blocks file encryption, system tampering, and ransom note...
Threat Signal Report
Next.js Middleware Auth.Bypass Vulnerability
Jul 11, 2025FortiGuard Labs has identified ongoing attack attempts targeting a critical authorization bypass vulnerability (CVE-2025-29927) in the middleware system of the Next.js framework, a popular...
Outbreak Alert
Langflow Unauth RCE Attack
Jun 25, 2025FortiGuard Labs has observed a significant uptick in attacks targeting Langflow, leveraging a recently discovered authentication bypass vulnerability that allows unauthenticated remote attackers...
Threat Signal Report
Teleport Remote Authentication Bypass
Jun 20, 2025Teleport security engineers have discovered a critical vulnerability affecting Teleport versions earlier than 17.5.2. This flaw allows remote attackers to bypass SSH authentication on servers...
Threat Signal Report
Multiple ZTNA Products Authentication Bypass
Aug 14, 2025A series of critical vulnerabilities affecting leading zero trust platforms - Zscaler, Netskope, and Check Point (Perimeter 81) - have been disclosed following a seven-month research campaign by...
Threat Research Blog
From ClickFix to Command: A Full PowerShell Attack Chain
Aug 11, 2025A regionally targeted PowerShell-based campaign used phishing lures, obfuscation, and RAT delivery to infiltrate Israeli organizations. Learn how the attack chain worked—and how Fortinet blocked it.
Threat Research Blog
Unveiling a New Variant of the DarkCloud Campaign
Aug 07, 2025FortiGuard Labs has uncovered a stealthy new variant of DarkCloud malware that leverages phishing emails, obfuscated JavaScript, PowerShell loaders, and process hollowing to exfiltrate...
Outbreak Alert
Citrix Bleed 2
Aug 06, 2025FortiGuard Labs has observed a sharp increase in exploitation attempts targeting the 'Citrix Bleed 2' vulnerability since July 28, 2025. Telemetry indicates activity has surged to over 6,000...
Threat Research Blog
Malicious Packages Across Open-Source Registries: Detection Statistics and Trends (Q2 2025)
Aug 04, 2025Malware threats continue to infiltrate open-source software registries. FortiGuard Labs’ Q2 2025 analysis reveals persistent tactics used in malicious NPM and PyPI packages, including credential...
Outbreak Alert
Microsoft SharePoint Zero-day Attack
Jul 31, 2025FortiGuard Labs has detected and successfully blocked hundreds of exploitation attempts targeting a newly discovered zero-day vulnerability chain in on-premises Microsoft SharePoint servers. This...
Threat Research Blog
In-Depth Analysis of an Obfuscated Web Shell Script
Jul 25, 2025Detailed analysis of an obfuscated web shell used in a CNI attack. Explores its structure, traffic patterns, and Fortinet’s detection and protection.
Threat Research Blog
Inside The ToolShell Campaign
Jul 25, 2025FortiGuard Labs uncovers ToolShell, a sophisticated exploit chain targeting Microsoft SharePoint servers using a mix of patched and zero-day CVEs. Learn how attackers deploy GhostWebShell and...
Threat Research Blog
A Special Mission to Nowhere
Jul 23, 2025Following the Israel-Iran ceasefire, FortiGuard Labs uncovered a phishing campaign posing as a private jet evacuation service from Tel Aviv to New York. Learn how attackers used crisis-driven fear...
Threat Research Blog
NailaoLocker Ransomware’s “Cheese”
Jul 18, 2025FortiGuard Labs analyzes NailaoLocker ransomware, a unique variant using SM2 encryption and a built-in decryption function. Learn how it works, why it matters, and how Fortinet protects against it.
Outbreak Alert
SonicWall Secure Mobile Access Attack
Jul 18, 2025A campaign targeting SonicWall SMA 100 series appliances is currently under active exploitation, leveraging both known vulnerabilities and potential zero-days to gain persistent access to...
Threat Research Blog
Improving Cloud Intrusion Detection and Triage with FortiCNAPP Composite Alerts
Jul 17, 2025FortiCNAPP Composite Alerts link weak signals into clear timelines—helping security teams detect cloud-native threats earlier and triage them faster.
Threat Research Blog
Old Miner, New Tricks
Jul 16, 2025FortiCNAPP Labs uncovers Lcrypt0rx, a likely AI-generated ransomware variant used in updated H2Miner campaigns targeting cloud resources for Monero mining.
Threat Signal Report
Wing FTP Remote Code Execution Vulnerability
Jul 15, 2025CVE-2025-47812 is a recently disclosed Remote Code Execution (RCE) vulnerability impacting Wing FTP Server, a cross-platform file transfer solution. This critical flaw affects versions prior to...
Threat Research Blog
How FortiSandbox 5.0 Detects Dark 101 Ransomware Despite Evasion Techniques
Jul 14, 2025Discover how FortiSandbox 5.0 detects Dark 101 ransomware, even with sandbox evasion tactics. Learn how advanced behavioral analysis blocks file encryption, system tampering, and ransom note...
Threat Signal Report
Next.js Middleware Auth.Bypass Vulnerability
Jul 11, 2025FortiGuard Labs has identified ongoing attack attempts targeting a critical authorization bypass vulnerability (CVE-2025-29927) in the middleware system of the Next.js framework, a popular...
Outbreak Alert
Langflow Unauth RCE Attack
Jun 25, 2025FortiGuard Labs has observed a significant uptick in attacks targeting Langflow, leveraging a recently discovered authentication bypass vulnerability that allows unauthenticated remote attackers...
Threat Signal Report
Teleport Remote Authentication Bypass
Jun 20, 2025Teleport security engineers have discovered a critical vulnerability affecting Teleport versions earlier than 17.5.2. This flaw allows remote attackers to bypass SSH authentication on servers...
Threat Signal Report
Multiple ZTNA Products Authentication Bypass
Aug 14, 2025A series of critical vulnerabilities affecting leading zero trust platforms - Zscaler, Netskope, and Check Point (Perimeter 81) - have been disclosed following a seven-month research campaign by...
Threat Research Blog
From ClickFix to Command: A Full PowerShell Attack Chain
Aug 11, 2025A regionally targeted PowerShell-based campaign used phishing lures, obfuscation, and RAT delivery to infiltrate Israeli organizations. Learn how the attack chain worked—and how Fortinet blocked it.
Threat Research Blog
Unveiling a New Variant of the DarkCloud Campaign
Aug 07, 2025FortiGuard Labs has uncovered a stealthy new variant of DarkCloud malware that leverages phishing emails, obfuscated JavaScript, PowerShell loaders, and process hollowing to exfiltrate...
Outbreak Alert
Citrix Bleed 2
Aug 06, 2025FortiGuard Labs has observed a sharp increase in exploitation attempts targeting the 'Citrix Bleed 2' vulnerability since July 28, 2025. Telemetry indicates activity has surged to over 6,000...
Threat Research Blog
Malicious Packages Across Open-Source Registries: Detection Statistics and Trends (Q2 2025)
Aug 04, 2025Malware threats continue to infiltrate open-source software registries. FortiGuard Labs’ Q2 2025 analysis reveals persistent tactics used in malicious NPM and PyPI packages, including credential...
Outbreak Alert
Microsoft SharePoint Zero-day Attack
Jul 31, 2025FortiGuard Labs has detected and successfully blocked hundreds of exploitation attempts targeting a newly discovered zero-day vulnerability chain in on-premises Microsoft SharePoint servers. This...
Threat Research Blog
In-Depth Analysis of an Obfuscated Web Shell Script
Jul 25, 2025Detailed analysis of an obfuscated web shell used in a CNI attack. Explores its structure, traffic patterns, and Fortinet’s detection and protection.
Threat Research Blog
Inside The ToolShell Campaign
Jul 25, 2025FortiGuard Labs uncovers ToolShell, a sophisticated exploit chain targeting Microsoft SharePoint servers using a mix of patched and zero-day CVEs. Learn how attackers deploy GhostWebShell and...
Threat Research Blog
A Special Mission to Nowhere
Jul 23, 2025Following the Israel-Iran ceasefire, FortiGuard Labs uncovered a phishing campaign posing as a private jet evacuation service from Tel Aviv to New York. Learn how attackers used crisis-driven fear...
Threat Research Blog
NailaoLocker Ransomware’s “Cheese”
Jul 18, 2025FortiGuard Labs analyzes NailaoLocker ransomware, a unique variant using SM2 encryption and a built-in decryption function. Learn how it works, why it matters, and how Fortinet protects against it.
Outbreak Alert
SonicWall Secure Mobile Access Attack
Jul 18, 2025A campaign targeting SonicWall SMA 100 series appliances is currently under active exploitation, leveraging both known vulnerabilities and potential zero-days to gain persistent access to...
Threat Research Blog
Improving Cloud Intrusion Detection and Triage with FortiCNAPP Composite Alerts
Jul 17, 2025FortiCNAPP Composite Alerts link weak signals into clear timelines—helping security teams detect cloud-native threats earlier and triage them faster.
Threat Research Blog
Old Miner, New Tricks
Jul 16, 2025FortiCNAPP Labs uncovers Lcrypt0rx, a likely AI-generated ransomware variant used in updated H2Miner campaigns targeting cloud resources for Monero mining.
Threat Signal Report
Wing FTP Remote Code Execution Vulnerability
Jul 15, 2025CVE-2025-47812 is a recently disclosed Remote Code Execution (RCE) vulnerability impacting Wing FTP Server, a cross-platform file transfer solution. This critical flaw affects versions prior to...
Threat Research Blog
How FortiSandbox 5.0 Detects Dark 101 Ransomware Despite Evasion Techniques
Jul 14, 2025Discover how FortiSandbox 5.0 detects Dark 101 ransomware, even with sandbox evasion tactics. Learn how advanced behavioral analysis blocks file encryption, system tampering, and ransom note...
Threat Signal Report
Next.js Middleware Auth.Bypass Vulnerability
Jul 11, 2025FortiGuard Labs has identified ongoing attack attempts targeting a critical authorization bypass vulnerability (CVE-2025-29927) in the middleware system of the Next.js framework, a popular...
Outbreak Alert
Langflow Unauth RCE Attack
Jun 25, 2025FortiGuard Labs has observed a significant uptick in attacks targeting Langflow, leveraging a recently discovered authentication bypass vulnerability that allows unauthenticated remote attackers...
Threat Signal Report
Teleport Remote Authentication Bypass
Jun 20, 2025Teleport security engineers have discovered a critical vulnerability affecting Teleport versions earlier than 17.5.2. This flaw allows remote attackers to bypass SSH authentication on servers...
Services
-
Network -
Cloud and Web Application -
Files and Endpoint -
Security Operations
Select one for more details:
-
Anti-recon and Exploit
-
Botnet Domain Reputation DB
-
Data Loss Prevention
-
Indicators of Compromise
-
Intrusion Protection
-
IP Reputation/Anti-Botnet
-
Internet Services
-
Secure DNS
-
Application Control
-
Web Application Security (FADC)
-
Client Application Firewall
-
Web Application Security (FWB)
-
OT Threat
-
IoT Device Detection
-
Web Filtering
-
Cloud Access Security
