Fortiguard Labs
Threat Research
Mar 04, 2026
Cyber Fallout After the Strikes: Signal, Noise, and What Comes Next
Threat Signal
Feb 18, 2026
Dell RecoverPoint for Virtual Machines Zero Day Attack
Outbreak Alert
Feb 03, 2026
Versa Concerto SD-WAN Authentication Bypass
Outbreak Reports
Outbreak Alert
Versa Concerto SD-WAN Authentication Bypass
Multiple critical security vulnerabilities in the Versa Concerto network security and SD-WAN orchestration platform. When chained, these flaws...
4 weeks ago
Outbreak Alert
Zimbra Collaboration Local File Inclusion
A Local File Inclusion (LFI) vulnerability (CVE-2025-68645) exists in the Zimbra Collaboration Suite (ZCS) Webmail Classic UI due to improper...
1 month ago
Outbreak Alert
SmarterTools SmarterMail RCE
An actively targeted vulnerability has been identified in SmarterTools SmarterMail, tracked as CVE-2025-52691, with a CVSS score of 10.0...
1 month ago
Outbreak Alert
Cisco ASA and FTD Firewall RCE
Critical zero-day vulnerabilities affecting Cisco Secure Firewall Adaptive Security Appliance (ASA) and Cisco Secure Firewall Threat Defense (FTD)...
2 months ago
Outbreak Alert
React2Shell Remote Code Execution
React2Shell is a critical unauthenticated remote code execution (RCE) vulnerability affecting React Server Components (RSC) and frameworks that...
2 months ago
Outbreak Alert
UNC1549 Critical Infrastructure Espionage Attack
A suspected Iran-linked espionage group tracked as UNC1549 is actively targeting aerospace, defense, and telecommunications organizations across...
3 months ago
Outbreak Alert
Akira Ransomware
FortiGuard Labs continue to observe detections in the wild related to the Akira ransomware group. According to the new report by CISA it has...
3 months ago
Outbreak Alert
Oracle E-Business Suite RCE Zero-day
Actively exploited as a zero-day in data theft and extortion campaigns, with activity linked to the Cl0p ransomware group. Successful exploitation...
4 months ago
Outbreak Alert
Fortra GoAnywhere MFT Attack
A critical deserialization vulnerability in GoAnywhere MFT’s License Servlet (CVSS 10.0) is actively being exploited in the wild. The flaw allows...
4 months ago
Outbreak Alert
ShadowSilk Data Exfiltration Attack
FortiGuard Labs’ network telemetry has observed active exploitation of known vulnerabilities in Drupal Core and the WP-Automatic WordPress plugin...
5 months agoThreat Research
Threat Research
Cyber Fallout After the Strikes: Signal, Noise, and What Comes Next
Following U.S.-Israeli strikes on Iran, FortiGuard Labs has not yet observed large-scale cyber retaliation. However, we observed that regional...
1 day ago
Threat Research
Unmasking Agent Tesla: A Deep Dive into a Multi-Stage Campaign
FortiGuard Labs provides a technical breakdown of a multi-stage Agent Tesla campaign, from phishing and encrypted scripts to in-memory execution,...
1 week ago
Threat Research
Massive Winos 4.0 Campaigns Target Taiwan
FortiGuard Labs analyzes Winos 4.0 (ValleyRat) campaigns targeting Taiwan, detailing phishing lures, DLL sideloading, BYOVD abuse, and evolving...
1 week ago
Threat Research
Deep Dive into New XWorm Campaign Utilizing Multiple-Themed Phishing Emails
FortiGuard Labs details a new XWorm RAT campaign using multi-language phishing emails, Excel exploits (CVE-2018-0802), HTA execution, and fileless...
3 weeks ago
Threat Research
Interlock Ransomware: New Techniques, Same Old Tricks
An in-depth analysis of an Interlock ransomware intrusion, detailing new malware tooling, defense evasion techniques, and high-ROI detection...
1 month ago
Threat Research
Unveiling the Weaponized Web Shell EncystPHP
FortiGuard Labs analyzes EncystPHP, a stealthy web shell exploiting CVE-2025-64328 in FreePBX environments to enable remote command execution,...
1 month ago
Threat Research
Inside a Multi-Stage Windows Malware Campaign
FortiGuard Labs analysis of a multi-stage Windows malware campaign that abuses trusted platforms to disable defenses, deploy RATs, and deliver...
1 month ago
Threat Research
New Remcos Campaign Distributed Through Fake Shipping Document
FortiGuard Labs analyzes a phishing campaign delivering a fileless Remcos RAT via malicious Word templates, CVE-2017-11882 exploitation, and...
1 month ago
Threat Research
Uncovering Hidden Forensic Evidence in Windows: The Mystery of AutoLogger-Diagtrack-Listener.etl
FortiGuard IR uncovers forensic insights in Windows AutoLogger-Diagtrack-Listener.etl, a telemetry artefact with untapped investigative value.
2 months ago
Threat Research
UDPGangster Campaigns Target Multiple Countries
FortiGuard Labs uncovers UDPGangster campaigns linked to MuddyWater, using macro-laden phishing lures, evasion techniques, and UDP backdoors to...
2 months agoThreat Signals
Threat Signal
Dell RecoverPoint for Virtual Machines Zero Day Attack
The attack involves the threat cluster UNC6201 (a suspected China-nexus Advanced Persistent Threat (APT)) actively exploiting a critical zero-day...
2 weeks ago
Threat Signal
UAT-8837 Critical Infrastructure Attack
An active campaign has been linked, with medium confidence, to a threat actor designated UAT-8837, which Cisco Talos assesses as a China-nexus...
1 month ago
Threat Signal
n8n Unauthenticated Remote Code Execution
CVE-2026-21858 arises from a Content-Type confusion flaw in n8n’s webhook and form handling logic. Specifically, certain form-based workflows do...
1 month ago
Threat Signal
MongoBleed Unauthenticated Memory Leak
A critical vulnerability in MongoDB Server’s handling of zlib-compressed network traffic allows a fully unauthenticated remote attacker to read...
2 months ago
Threat Signal
Cisco AsyncOS Zero-day
Cisco has confirmed the active exploitation of a critical zero-day vulnerability in AsyncOS, tracked as CVE-2025-20393, affecting Cisco Secure...
2 months ago
Threat Signal
Gladinet CentreStack & Triofox Insecure Cryptography Vulnerability
CVE-2025-14611 is a high-severity insecure cryptography vulnerability affecting Gladinet CentreStack and Triofox products prior to version...
2 months agoServices
-
Network -
Cloud and Web Application -
Files and Endpoint -
Security Operations
Select one for more details:
-
Anti-recon and Exploit
-
Botnet Domain Reputation DB
-
Data Loss Prevention
-
Indicators of Compromise
-
Intrusion Protection
-
IP Reputation/Anti-Botnet
-
Internet Services
-
Secure DNS
-
Application Control
-
Web Application Security (FADC)
-
Client Application Firewall
-
Web Application Security (FWB)
-
OT Threat
-
IoT Device Detection
-
Web Filtering
-
Cloud Access Security
