Fortiguard Labs
Threat Research
May 20, 2026
Misconfigured, Enrolled and Dormant: Anatomy of a P2Pinfect Kubernetes Compromise
Threat Signal
May 01, 2026
Microsoft Shell Spoofing Zero-day Vulnerability
Outbreak Alert
Apr 27, 2026
Cisco ASA and FTD Firewall RCE
Outbreak Reports
Outbreak Alert
Cisco ASA and FTD Firewall RCE
Critical zero-day vulnerabilities affecting Cisco Secure Firewall Adaptive Security Appliance (ASA) and Cisco Secure Firewall Threat Defense (FTD)...
3 weeks ago
Outbreak Alert
SmarterTools SmarterMail RCE
An actively targeted vulnerability has been identified in SmarterTools SmarterMail, tracked as CVE-2025-52691, with a CVSS score of 10.0...
1 month ago
Outbreak Alert
React2Shell Remote Code Execution
React2Shell is a critical unauthenticated remote code execution (RCE) vulnerability affecting React Server Components (RSC) and frameworks that...
1 month ago
Outbreak Alert
Iran-linked Cyber Attacks
This report provides an overview of ongoing Iran-linked cyber operations, highlighting activity attributed to state-aligned proxies and hacktivist...
1 month ago
Outbreak Alert
Interlock Ransomware Attack
An active Interlock ransomware campaign is exploiting a critical vulnerability (CVE-2026-20131) in Cisco Secure Firewall Management Center (FMC),...
2 months ago
Outbreak Alert
FEATURED
Outbreak Alert- Annual Report 2025
In 2025, the FortiGuard Labs team processed and blocked 3.8 trillion vulnerability exploitation attempts, preventing 2.71 billion malware...
2 months ago
Outbreak Alert
Versa Concerto SD-WAN Authentication Bypass
Multiple critical security vulnerabilities in the Versa Concerto network security and SD-WAN orchestration platform. When chained, these flaws...
3 months ago
Outbreak Alert
Zimbra Collaboration Local File Inclusion
A Local File Inclusion (LFI) vulnerability (CVE-2025-68645) exists in the Zimbra Collaboration Suite (ZCS) Webmail Classic UI due to improper...
3 months ago
Outbreak Alert
UNC1549 Critical Infrastructure Espionage Attack
A suspected Iran-linked espionage group tracked as UNC1549 is actively targeting aerospace, defense, and telecommunications organizations across...
5 months ago
Outbreak Alert
Akira Ransomware
FortiGuard Labs continue to observe detections in the wild related to the Akira ransomware group. According to the new report by CISA it has...
6 months agoThreat Research
Threat Research
Misconfigured, Enrolled and Dormant: Anatomy of a P2Pinfect Kubernetes Compromise
FortiGuard Labs analyzed several P2PInfect compromises in GKE clusters, showing how exposed Redis instances can enable persistent botnet...
19 hours ago
Threat Research
PureLogs: Delivery via PawsRunner Steganography
FortiGuard Labs has analyzed a steganography-based malware campaign that uses PawsRunner to deliver the PureLogs infostealer, highlighting...
5 days ago
Threat Research
Tracking Mirai Variant Nexcorium: A Vulnerability-Driven IoT Botnet Campaign
TBK DVRs targeted by Nexcorium: exploiting, persisting, brute-force attacks, and multi-architecture Mirai-style DDoS in a single campaign. From...
1 month ago
Threat Research
DPRK-Related Campaigns with LNK and GitHub C2
Analysis of DPRK-linked LNK-based attacks using GitHub as covert C2 infrastructure, detailing multi-stage PowerShell execution, persistence...
1 month ago
Threat Research
Cyber Fallout After the Strikes: Signal, Noise, and What Comes Next
Following U.S.-Israeli strikes on Iran, FortiGuard Labs has not yet observed large-scale cyber retaliation. However, we observed that regional...
2 months ago
Threat Research
Unmasking Agent Tesla: A Deep Dive into a Multi-Stage Campaign
FortiGuard Labs provides a technical breakdown of a multi-stage Agent Tesla campaign, from phishing and encrypted scripts to in-memory execution,...
2 months ago
Threat Research
Massive Winos 4.0 Campaigns Target Taiwan
FortiGuard Labs analyzes Winos 4.0 (ValleyRat) campaigns targeting Taiwan, detailing phishing lures, DLL sideloading, BYOVD abuse, and evolving...
2 months ago
Threat Research
Deep Dive into New XWorm Campaign Utilizing Multiple-Themed Phishing Emails
FortiGuard Labs details a new XWorm RAT campaign using multi-language phishing emails, Excel exploits (CVE-2018-0802), HTA execution, and fileless...
3 months ago
Threat Research
Interlock Ransomware: New Techniques, Same Old Tricks
An in-depth analysis of an Interlock ransomware intrusion, detailing new malware tooling, defense evasion techniques, and high-ROI detection...
3 months ago
Threat Research
Unveiling the Weaponized Web Shell EncystPHP
FortiGuard Labs analyzes EncystPHP, a stealthy web shell exploiting CVE-2025-64328 in FreePBX environments to enable remote command execution,...
3 months agoThreat Signals
Threat Signal
Microsoft Shell Spoofing Zero-day Vulnerability
A newly disclosed vulnerability, CVE-2026-32202, has emerged due to an incomplete patch by Microsoft for a previously exploited remote code...
2 weeks ago
Threat Signal
Apache ActiveMQ RCE
CVE-2026-34197 is a high-severity remote code execution (RCE) vulnerability affecting Apache ActiveMQ Classic. The flaw resides in the exposed...
1 month ago
Threat Signal
TrueConf Zero-Day Attack
Operation TrueChaos is a targeted cyber espionage campaign exploiting a zero-day vulnerability in the TrueConf video conferencing platform. The...
1 month ago
Threat Signal
Axios npm Supply Chain Compromise
A software supply chain attack targeted the widely used JavaScript library Axios after an attacker reportedly compromised a maintainer’s npm...
1 month ago
Threat Signal
DarkSword iOS Exploit Chain
Researchers from Google Threat Intelligence Group identified DarkSword, a sophisticated full-chain iOS exploit framework actively used by multiple...
1 month ago
Threat Signal
Handala Wiper Attack
A large-scale cyberattack against medical technology company Stryker resulted in widespread system outages. The attack was driven by a destructive...
2 months ago
Threat Signal
Dell RecoverPoint for Virtual Machines Zero Day Attack
The attack involves the threat cluster UNC6201 (a suspected China-nexus Advanced Persistent Threat (APT)) actively exploiting a critical zero-day...
3 months agoServices
Comprehensive security services designed to protect your infrastructure, applications, and data at every layer.
Network
-
Anti-recon and ExploitDetects and blocks reconnaissance and exploit attempts in real time.
-
Botnet Domain Reputation DBBlocks communication with known malicious botnet domains.
-
Data Loss PreventionPrevents unauthorized exposure of sensitive data across channels.
-
Indicators of CompromiseDetects threats using a global feed of verified indicators.
-
Intrusion ProtectionBlocks malicious traffic and prevents network-based attacks.
-
IP Reputation/Anti-BotnetFilters malicious IPs and stops botnet traffic at the network edge.
-
Internet ServicesEnsures availability and performance of internet services.
-
Secure DNSDNS-layer protection against malicious domains and phishing.
Cloud and Web Application
-
Application ControlMonitors and controls app usage to reduce risk and enforce policy.
-
AI-Protect SecurityBlocks AI threats, malicious prompts, and unsafe AI use.
-
Web Application Security (FADC)Protects web apps from advanced attacks and application-layer threats.
-
Client Application FirewallSecures client apps by blocking malicious outbound traffic.
-
Web Application Security (FWB)Protects hosted web apps from exploits, bots, and malicious traffic.
-
OT ThreatDetects and stops threats and rogue activity in OT systems.
-
IoT Device DetectionDiscovers and classifies IoT devices to surface rogue assets and risk.
-
Web FilteringBlocks malicious, inappropriate, or high-risk sites by web category.
-
Cloud Access SecurityControls cloud app usage and protects sensitive SaaS data.
Files and Endpoint
-
AntiVirusDetects and blocks malware, ransomware, and malicious files.
-
IoT Device DetectionMonitors IoT devices to reduce unmanaged security risks.
-
Endpoint Detection and ResponseDetects, investigates, and responds to advanced endpoint threats.
-
Endpoint VulnerabilityFinds endpoint flaws, missing patches, and config issues.
-
Mobile ServicesDefends mobile devices from malware, phishing, and unauthorized access.
-
Sandbox EngineIsolates suspicious files to detect unknown and zero-day threats.
-
FortiClient Outbreak DetectionDetects IoCs and suspicious endpoint activity tied to active outbreaks.
Security Operations
-
Breach Attack SimulationSimulates real-world attacks to identify gaps and validate defenses.
-
FortiNDRDetects anomalous network behavior to rapidly contain threats.
-
DevSecOpsEmbeds security testing and policy enforcement in the dev lifecycle.
-
FortiSIEM Outbreak DetectionCorrelates events to detect and respond to outbreaks at scale.
-
Outbreak Detection ServiceDetects outbreaks using global threat intelligence and analytics.
-
Pen Testing serviceTests infrastructure and apps for exploitable weaknesses.
-
Security Rating ServicesRates security posture and flags compliance gaps.
-
Outbreak Deception ServiceUses decoys to detect lateral movement and attacker activity.
