Fortiguard Labs
Threat Research
Feb 25, 2026
Unmasking Agent Tesla: A Deep Dive into a Multi-Stage Campaign
Threat Signal
Feb 18, 2026
Dell RecoverPoint for Virtual Machines Zero Day Attack
Outbreak Alert
Feb 03, 2026
Versa Concerto SD-WAN Authentication Bypass
Outbreak Reports
Outbreak Alert
Versa Concerto SD-WAN Authentication Bypass
Multiple critical security vulnerabilities in the Versa Concerto network security and SD-WAN orchestration platform. When chained, these flaws...
3 weeks ago
Outbreak Alert
Zimbra Collaboration Local File Inclusion
A Local File Inclusion (LFI) vulnerability (CVE-2025-68645) exists in the Zimbra Collaboration Suite (ZCS) Webmail Classic UI due to improper...
4 weeks ago
Outbreak Alert
SmarterTools SmarterMail RCE
An actively targeted vulnerability has been identified in SmarterTools SmarterMail, tracked as CVE-2025-52691, with a CVSS score of 10.0...
4 weeks ago
Outbreak Alert
Cisco ASA and FTD Firewall RCE
Critical zero-day vulnerabilities affecting Cisco Secure Firewall Adaptive Security Appliance (ASA) and Cisco Secure Firewall Threat Defense (FTD)...
2 months ago
Outbreak Alert
React2Shell Remote Code Execution
React2Shell is a critical unauthenticated remote code execution (RCE) vulnerability affecting React Server Components (RSC) and frameworks that...
2 months ago
Outbreak Alert
UNC1549 Critical Infrastructure Espionage Attack
A suspected Iran-linked espionage group tracked as UNC1549 is actively targeting aerospace, defense, and telecommunications organizations across...
2 months ago
Outbreak Alert
Akira Ransomware
FortiGuard Labs continue to observe detections in the wild related to the Akira ransomware group. According to the new report by CISA it has...
3 months ago
Outbreak Alert
Oracle E-Business Suite RCE Zero-day
Actively exploited as a zero-day in data theft and extortion campaigns, with activity linked to the Cl0p ransomware group. Successful exploitation...
4 months ago
Outbreak Alert
Fortra GoAnywhere MFT Attack
A critical deserialization vulnerability in GoAnywhere MFT’s License Servlet (CVSS 10.0) is actively being exploited in the wild. The flaw allows...
4 months ago
Outbreak Alert
ShadowSilk Data Exfiltration Attack
FortiGuard Labs’ network telemetry has observed active exploitation of known vulnerabilities in Drupal Core and the WP-Automatic WordPress plugin...
5 months agoThreat Research
Threat Research
Unmasking Agent Tesla: A Deep Dive into a Multi-Stage Campaign
FortiGuard Labs provides a technical breakdown of a multi-stage Agent Tesla campaign, from phishing and encrypted scripts to in-memory execution,...
2 days ago
Threat Research
Massive Winos 4.0 Campaigns Target Taiwan
FortiGuard Labs analyzes Winos 4.0 (ValleyRat) campaigns targeting Taiwan, detailing phishing lures, DLL sideloading, BYOVD abuse, and evolving...
1 week ago
Threat Research
Deep Dive into New XWorm Campaign Utilizing Multiple-Themed Phishing Emails
FortiGuard Labs details a new XWorm RAT campaign using multi-language phishing emails, Excel exploits (CVE-2018-0802), HTA execution, and fileless...
2 weeks ago
Threat Research
Interlock Ransomware: New Techniques, Same Old Tricks
An in-depth analysis of an Interlock ransomware intrusion, detailing new malware tooling, defense evasion techniques, and high-ROI detection...
4 weeks ago
Threat Research
Unveiling the Weaponized Web Shell EncystPHP
FortiGuard Labs analyzes EncystPHP, a stealthy web shell exploiting CVE-2025-64328 in FreePBX environments to enable remote command execution,...
1 month ago
Threat Research
Inside a Multi-Stage Windows Malware Campaign
FortiGuard Labs analysis of a multi-stage Windows malware campaign that abuses trusted platforms to disable defenses, deploy RATs, and deliver...
1 month ago
Threat Research
New Remcos Campaign Distributed Through Fake Shipping Document
FortiGuard Labs analyzes a phishing campaign delivering a fileless Remcos RAT via malicious Word templates, CVE-2017-11882 exploitation, and...
1 month ago
Threat Research
Uncovering Hidden Forensic Evidence in Windows: The Mystery of AutoLogger-Diagtrack-Listener.etl
FortiGuard IR uncovers forensic insights in Windows AutoLogger-Diagtrack-Listener.etl, a telemetry artefact with untapped investigative value.
2 months ago
Threat Research
UDPGangster Campaigns Target Multiple Countries
FortiGuard Labs uncovers UDPGangster campaigns linked to MuddyWater, using macro-laden phishing lures, evasion techniques, and UDP backdoors to...
2 months ago
Threat Research
New eBPF Filters for Symbiote and BPFdoor Malware
FortiGuard Labs discovered new Symbiote and BPFDoor variants exploiting eBPF filters to enhance stealth through IPv6 support, UDP traffic, and...
2 months agoThreat Signals
Threat Signal
Dell RecoverPoint for Virtual Machines Zero Day Attack
The attack involves the threat cluster UNC6201 (a suspected China-nexus Advanced Persistent Threat (APT)) actively exploiting a critical zero-day...
1 week ago
Threat Signal
UAT-8837 Critical Infrastructure Attack
An active campaign has been linked, with medium confidence, to a threat actor designated UAT-8837, which Cisco Talos assesses as a China-nexus...
1 month ago
Threat Signal
n8n Unauthenticated Remote Code Execution
CVE-2026-21858 arises from a Content-Type confusion flaw in n8n’s webhook and form handling logic. Specifically, certain form-based workflows do...
1 month ago
Threat Signal
MongoBleed Unauthenticated Memory Leak
A critical vulnerability in MongoDB Server’s handling of zlib-compressed network traffic allows a fully unauthenticated remote attacker to read...
1 month ago
Threat Signal
Cisco AsyncOS Zero-day
Cisco has confirmed the active exploitation of a critical zero-day vulnerability in AsyncOS, tracked as CVE-2025-20393, affecting Cisco Secure...
2 months ago
Threat Signal
Gladinet CentreStack & Triofox Insecure Cryptography Vulnerability
CVE-2025-14611 is a high-severity insecure cryptography vulnerability affecting Gladinet CentreStack and Triofox products prior to version...
2 months agoServices
-
Network -
Cloud and Web Application -
Files and Endpoint -
Security Operations
Select one for more details:
-
Anti-recon and Exploit
-
Botnet Domain Reputation DB
-
Data Loss Prevention
-
Indicators of Compromise
-
Intrusion Protection
-
IP Reputation/Anti-Botnet
-
Internet Services
-
Secure DNS
-
Application Control
-
Web Application Security (FADC)
-
Client Application Firewall
-
Web Application Security (FWB)
-
OT Threat
-
IoT Device Detection
-
Web Filtering
-
Cloud Access Security
