Fortiguard Labs
Threat Research
Jun 04, 2026
Cybercriminals Are Targeting the FIFA World Cup 2026
Outbreak Alert
May 28, 2026
Citrix NetScaler Memory Overread Vulnerability
Threat Signal
May 22, 2026
Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability
Outbreak Reports
Outbreak Alert
Citrix NetScaler Memory Overread Vulnerability
Exploitation activity targeting vulnerable Citrix NetScaler ADC and Gateway appliances remains persistent and widespread, with FortiGuard Labs...
1 week ago
Outbreak Alert
Cisco ASA and FTD Firewall RCE
Critical zero-day vulnerabilities affecting Cisco Secure Firewall Adaptive Security Appliance (ASA) and Cisco Secure Firewall Threat Defense (FTD)...
1 month ago
Outbreak Alert
SmarterTools SmarterMail RCE
An actively targeted vulnerability has been identified in SmarterTools SmarterMail, tracked as CVE-2025-52691, with a CVSS score of 10.0...
1 month ago
Outbreak Alert
React2Shell Remote Code Execution
React2Shell is a critical unauthenticated remote code execution (RCE) vulnerability affecting React Server Components (RSC) and frameworks that...
2 months ago
Outbreak Alert
Iran-linked Cyber Attacks
This report provides an overview of ongoing Iran-linked cyber operations, highlighting activity attributed to state-aligned proxies and hacktivist...
2 months ago
Outbreak Alert
Interlock Ransomware Attack
An active Interlock ransomware campaign is exploiting a critical vulnerability (CVE-2026-20131) in Cisco Secure Firewall Management Center (FMC),...
2 months ago
Outbreak Alert
FEATURED
Outbreak Alert- Annual Report 2025
In 2025, the FortiGuard Labs team processed and blocked 3.8 trillion vulnerability exploitation attempts, preventing 2.71 billion malware...
2 months ago
Outbreak Alert
Versa Concerto SD-WAN Authentication Bypass
Multiple critical security vulnerabilities in the Versa Concerto network security and SD-WAN orchestration platform. When chained, these flaws...
4 months ago
Outbreak Alert
Zimbra Collaboration Local File Inclusion
A Local File Inclusion (LFI) vulnerability (CVE-2025-68645) exists in the Zimbra Collaboration Suite (ZCS) Webmail Classic UI due to improper...
4 months ago
Outbreak Alert
UNC1549 Critical Infrastructure Espionage Attack
A suspected Iran-linked espionage group tracked as UNC1549 is actively targeting aerospace, defense, and telecommunications organizations across...
6 months agoThreat Research
Threat Research
Cybercriminals Are Targeting the FIFA World Cup 2026
FortiGuard Labs research shows how cybercriminals are exploiting the demand for the FIFA World Cup 2026 through phishing, fake tickets, malware,...
1 day ago
Threat Research
Inside the Cross-Platform Propagation of a New Gafgyt Variant C0XMO
FortiGuard Labs analyzes C0XMO, a new Gafgyt variant leveraging DD-WRT exploitation and multi-architecture propagation to expand IoT botnet...
2 days ago
Threat Research
Phishing Campaign Deploys JavaScript-Driven PureLogs Variant to Steal Sensitive Data
FortiGuard Labs analyzed a new phishing campaign that uses obfuscated JavaScript, PowerShell, process hollowing, and PureLogs to steal sensitive data     Â
1 week ago
Threat Research
Misconfigured, Enrolled and Dormant: Anatomy of a P2Pinfect Kubernetes Compromise
FortiGuard Labs analyzed several P2PInfect compromises in GKE clusters, showing how exposed Redis instances can enable persistent botnet...
2 weeks ago
Threat Research
PureLogs: Delivery via PawsRunner Steganography
FortiGuard Labs has analyzed a steganography-based malware campaign that uses PawsRunner to deliver the PureLogs infostealer, highlighting...
3 weeks ago
Threat Research
Tracking Mirai Variant Nexcorium: A Vulnerability-Driven IoT Botnet Campaign
TBK DVRs targeted by Nexcorium: exploiting, persisting, brute-force attacks, and multi-architecture Mirai-style DDoS in a single campaign. From...
1 month ago
Threat Research
DPRK-Related Campaigns with LNK and GitHub C2
Analysis of DPRK-linked LNK-based attacks using GitHub as covert C2 infrastructure, detailing multi-stage PowerShell execution, persistence...
2 months ago
Threat Research
Cyber Fallout After the Strikes: Signal, Noise, and What Comes Next
Following U.S.-Israeli strikes on Iran, FortiGuard Labs has not yet observed large-scale cyber retaliation. However, we observed that regional...
3 months ago
Threat Research
Unmasking Agent Tesla: A Deep Dive into a Multi-Stage Campaign
FortiGuard Labs provides a technical breakdown of a multi-stage Agent Tesla campaign, from phishing and encrypted scripts to in-memory execution,...
3 months ago
Threat Research
Massive Winos 4.0 Campaigns Target Taiwan
FortiGuard Labs analyzes Winos 4.0 (ValleyRat) campaigns targeting Taiwan, detailing phishing lures, DLL sideloading, BYOVD abuse, and evolving...
3 months agoThreat Signals
Threat Signal
Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability
CVE-2026-20182 is a critical authentication bypass vulnerability affecting Cisco Catalyst SD-WAN Controller and Manager deployments, including...
2 weeks ago
Threat Signal
cPanel & WHM Authentication Bypass
CVE-2026-41940 is a critical authentication bypass vulnerability affecting WebPros cPanel & WHM, DNSOnly, and WP Squared installations. The...
2 weeks ago
Threat Signal
Microsoft Shell Spoofing Zero-day Vulnerability
A newly disclosed vulnerability, CVE-2026-32202, has emerged due to an incomplete patch by Microsoft for a previously exploited remote code...
1 month ago
Threat Signal
Apache ActiveMQ RCE
CVE-2026-34197 is a high-severity remote code execution (RCE) vulnerability affecting Apache ActiveMQ Classic. The flaw resides in the exposed...
1 month ago
Threat Signal
TrueConf Zero-Day Attack
Operation TrueChaos is a targeted cyber espionage campaign exploiting a zero-day vulnerability in the TrueConf video conferencing platform. The...
1 month ago
Threat Signal
Axios npm Supply Chain Compromise
A software supply chain attack targeted the widely used JavaScript library Axios after an attacker reportedly compromised a maintainer’s npm...
2 months ago
Threat Signal
DarkSword iOS Exploit Chain
Researchers from Google Threat Intelligence Group identified DarkSword, a sophisticated full-chain iOS exploit framework actively used by multiple...
2 months ago
Threat Signal
Handala Wiper Attack
A large-scale cyberattack against medical technology company Stryker resulted in widespread system outages. The attack was driven by a destructive...
2 months ago
Threat Signal
Dell RecoverPoint for Virtual Machines Zero Day Attack
The attack involves the threat cluster UNC6201 (a suspected China-nexus Advanced Persistent Threat (APT)) actively exploiting a critical zero-day...
3 months agoFortiGuard Labs
AI-powered threat intelligence research, securing customers across the entire attack surface.
Services
Comprehensive security services designed to protect your infrastructure, applications, and data at every layer.
Network
-
Anti-recon and ExploitDetects and blocks reconnaissance and exploit attempts in real time.
-
Botnet Domain Reputation DBBlocks communication with known malicious botnet domains.
-
Data Loss PreventionPrevents unauthorized exposure of sensitive data across channels.
-
Indicators of CompromiseDetects threats using a global feed of verified indicators.
-
Intrusion ProtectionBlocks malicious traffic and prevents network-based attacks.
-
IP Reputation/Anti-BotnetFilters malicious IPs and stops botnet traffic at the network edge.
-
Internet ServicesEnsures availability and performance of internet services.
-
Secure DNSDNS-layer protection against malicious domains and phishing.
Cloud and Web Application
-
Application ControlMonitors and controls app usage to reduce risk and enforce policy.
-
AI-Protect SecurityBlocks AI threats, malicious prompts, and unsafe AI use.
-
Web Application Security (FADC)Protects web apps from advanced attacks and application-layer threats.
-
Client Application FirewallSecures client apps by blocking malicious outbound traffic.
-
Web Application Security (FWB)Protects hosted web apps from exploits, bots, and malicious traffic.
-
OT ThreatDetects and stops threats and rogue activity in OT systems.
-
IoT Device DetectionDiscovers and classifies IoT devices to surface rogue assets and risk.
-
Web FilteringBlocks malicious, inappropriate, or high-risk sites by web category.
-
Cloud Access SecurityControls cloud app usage and protects sensitive SaaS data.
Files and Endpoint
-
AntiVirusDetects and blocks malware, ransomware, and malicious files.
-
IoT Device DetectionMonitors IoT devices to reduce unmanaged security risks.
-
Endpoint Detection and ResponseDetects, investigates, and responds to advanced endpoint threats.
-
Endpoint VulnerabilityFinds endpoint flaws, missing patches, and config issues.
-
Mobile ServicesDefends mobile devices from malware, phishing, and unauthorized access.
-
Sandbox EngineIsolates suspicious files to detect unknown and zero-day threats.
-
FortiClient Outbreak DetectionDetects IoCs and suspicious endpoint activity tied to active outbreaks.
Security Operations
-
Breach Attack SimulationSimulates real-world attacks to identify gaps and validate defenses.
-
FortiNDRDetects anomalous network behavior to rapidly contain threats.
-
DevSecOpsEmbeds security testing and policy enforcement in the dev lifecycle.
-
FortiSIEM Outbreak DetectionCorrelates events to detect and respond to outbreaks at scale.
-
Outbreak Detection ServiceDetects outbreaks using global threat intelligence and analytics.
-
Pen Testing serviceTests infrastructure and apps for exploitable weaknesses.
-
Security Rating ServicesRates security posture and flags compliance gaps.
-
Outbreak Deception ServiceUses decoys to detect lateral movement and attacker activity.
