Cybercriminals Are Targeting the FIFA World Cup 2026
FortiGuard Labs research shows how cybercriminals are exploiting the demand for the FIFA World Cup 2026 through phishing, fake tickets, malware, impersonatio...
Fortinet Blog
15 articles
Inside the Cross-Platform Propagation of a New Gafgyt Variant C0XMO
FortiGuard Labs analyzes C0XMO, a new Gafgyt variant leveraging DD-WRT exploitation and multi-architecture propagation to expand IoT botnet infections.
Phishing Campaign Deploys JavaScript-Driven PureLogs Variant to Steal Sensitive Data
FortiGuard Labs analyzed a new phishing campaign that uses obfuscated JavaScript, PowerShell, process hollowing, and PureLogs to steal sensitive data
Misconfigured, Enrolled and Dormant: Anatomy of a P2Pinfect Kubernetes Compromise
FortiGuard Labs analyzed several P2PInfect compromises in GKE clusters, showing how exposed Redis instances can enable persistent botnet enrollment, dormancy...
PureLogs: Delivery via PawsRunner Steganography
FortiGuard Labs has analyzed a steganography-based malware campaign that uses PawsRunner to deliver the PureLogs infostealer, highlighting evolving delivery ...
Tracking Mirai Variant Nexcorium: A Vulnerability-Driven IoT Botnet Campaign
TBK DVRs targeted by Nexcorium: exploiting, persisting, brute-force attacks, and multi-architecture Mirai-style DDoS in a single campaign. From CVE-2024-3721...
DPRK-Related Campaigns with LNK and GitHub C2
Analysis of DPRK-linked LNK-based attacks using GitHub as covert C2 infrastructure, detailing multi-stage PowerShell execution, persistence mechanisms, and d...
Cyber Fallout After the Strikes: Signal, Noise, and What Comes Next
Following U.S.
Unmasking Agent Tesla: A Deep Dive into a Multi-Stage Campaign
FortiGuard Labs provides a technical breakdown of a multi-stage Agent Tesla campaign, from phishing and encrypted scripts to in-memory execution, process hol...
Massive Winos 4.0 Campaigns Target Taiwan
FortiGuard Labs analyzes Winos 4.
Deep Dive into New XWorm Campaign Utilizing Multiple-Themed Phishing Emails
FortiGuard Labs details a new XWorm RAT campaign using multi-language phishing emails, Excel exploits (CVE-2018-0802), HTA execution, and fileless .
Interlock Ransomware: New Techniques, Same Old Tricks
An in-depth analysis of an Interlock ransomware intrusion, detailing new malware tooling, defense evasion techniques, and high-ROI detection strategies.
Unveiling the Weaponized Web Shell EncystPHP
FortiGuard Labs analyzes EncystPHP, a stealthy web shell exploiting CVE-2025-64328 in FreePBX environments to enable remote command execution, persistence, a...
Inside a Multi-Stage Windows Malware Campaign
FortiGuard Labs analysis of a multi-stage Windows malware campaign that abuses trusted platforms to disable defenses, deploy RATs, and deliver ransomware.
New Remcos Campaign Distributed Through Fake Shipping Document
FortiGuard Labs analyzes a phishing campaign delivering a fileless Remcos RAT via malicious Word templates, CVE-2017-11882 exploitation, and in-memory execut...