Fortiguard Labs
Latest Reports
Publications
[Barb'hack 2025] Decompile Linux malware with r2ai
Sep 01, 2025About reversing 2 Linux malware with AI assistance. Learn to spot AI errors + learn to tweak your context size and prompt to get the best results.
Threat Signal Report
ShadowSilk Data Exfiltration Attack
Aug 28, 2025Nearly three dozen organizations across Central Asia and the Asia-Pacific region, predominantly government agencies, have been compromised in data exfiltration campaigns attributed to the Russian...
Threat Research Blog
Phishing Campaign Targeting Companies via UpCrypter
Aug 25, 2025FortiGuard Labs uncovers a phishing campaign using fake emails and UpCrypter malware to deliver RATs like PureHVNC and DCRat across industries.
Threat Research Blog
The Resurgence of IoT Malware: Inside the Mirai-Based Botnet Campaign
Aug 22, 2025FortiGuard Labs analyzes the botnet campaign, a Mirai variant targeting global sectors. Learn its tactics, C2 methods, and Fortinet defenses.
Threat Research Blog
The Resurgence of IoT Malware: Inside the Mirai-Based “Gayfemboy” Botnet Campaign
Aug 22, 2025FortiGuard Labs analyzes the Gayfemboy botnet, a Mirai variant targeting global sectors. Learn its tactics, C2 methods, and Fortinet defenses.
Threat Signal Report
Multiple ZTNA Products Authentication Bypass
Aug 14, 2025A series of critical vulnerabilities affecting leading zero trust platforms - Zscaler, Netskope, and Check Point (Perimeter 81) - have been disclosed following a seven-month research campaign by...
Threat Research Blog
From ClickFix to Command: A Full PowerShell Attack Chain
Aug 11, 2025A regionally targeted PowerShell-based campaign used phishing lures, obfuscation, and RAT delivery to infiltrate Israeli organizations. Learn how the attack chain worked—and how Fortinet blocked it.
Threat Research Blog
Unveiling a New Variant of the DarkCloud Campaign
Aug 07, 2025FortiGuard Labs has uncovered a stealthy new variant of DarkCloud malware that leverages phishing emails, obfuscated JavaScript, PowerShell loaders, and process hollowing to exfiltrate...
Outbreak Alert
Citrix Bleed 2
Aug 06, 2025FortiGuard Labs has observed a sharp increase in exploitation attempts targeting the 'Citrix Bleed 2' vulnerability since July 28, 2025. Telemetry indicates activity has surged to over 6,000...
Threat Research Blog
Malicious Packages Across Open-Source Registries: Detection Statistics and Trends (Q2 2025)
Aug 04, 2025Malware threats continue to infiltrate open-source software registries. FortiGuard Labs’ Q2 2025 analysis reveals persistent tactics used in malicious NPM and PyPI packages, including credential...
Outbreak Alert
Microsoft SharePoint Zero-day Attack
Jul 31, 2025FortiGuard Labs has detected and successfully blocked hundreds of exploitation attempts targeting a newly discovered zero-day vulnerability chain in on-premises Microsoft SharePoint servers. This...
Threat Research Blog
In-Depth Analysis of an Obfuscated Web Shell Script
Jul 25, 2025Detailed analysis of an obfuscated web shell used in a CNI attack. Explores its structure, traffic patterns, and Fortinet’s detection and protection.
Threat Research Blog
Inside The ToolShell Campaign
Jul 25, 2025FortiGuard Labs uncovers ToolShell, a sophisticated exploit chain targeting Microsoft SharePoint servers using a mix of patched and zero-day CVEs. Learn how attackers deploy GhostWebShell and...
Threat Research Blog
A Special Mission to Nowhere
Jul 23, 2025Following the Israel-Iran ceasefire, FortiGuard Labs uncovered a phishing campaign posing as a private jet evacuation service from Tel Aviv to New York. Learn how attackers used crisis-driven fear...
Threat Research Blog
NailaoLocker Ransomware’s “Cheese”
Jul 18, 2025FortiGuard Labs analyzes NailaoLocker ransomware, a unique variant using SM2 encryption and a built-in decryption function. Learn how it works, why it matters, and how Fortinet protects against it.
Outbreak Alert
SonicWall Secure Mobile Access Attack
Jul 18, 2025A campaign targeting SonicWall SMA 100 series appliances is currently under active exploitation, leveraging both known vulnerabilities and potential zero-days to gain persistent access to...
Threat Research Blog
Improving Cloud Intrusion Detection and Triage with FortiCNAPP Composite Alerts
Jul 17, 2025FortiCNAPP Composite Alerts link weak signals into clear timelines—helping security teams detect cloud-native threats earlier and triage them faster.
Threat Research Blog
Old Miner, New Tricks
Jul 16, 2025FortiCNAPP Labs uncovers Lcrypt0rx, a likely AI-generated ransomware variant used in updated H2Miner campaigns targeting cloud resources for Monero mining.
Publications
[Barb'hack 2025] Decompile Linux malware with r2ai
Sep 01, 2025About reversing 2 Linux malware with AI assistance. Learn to spot AI errors + learn to tweak your context size and prompt to get the best results.
Threat Signal Report
ShadowSilk Data Exfiltration Attack
Aug 28, 2025Nearly three dozen organizations across Central Asia and the Asia-Pacific region, predominantly government agencies, have been compromised in data exfiltration campaigns attributed to the Russian...
Threat Research Blog
Phishing Campaign Targeting Companies via UpCrypter
Aug 25, 2025FortiGuard Labs uncovers a phishing campaign using fake emails and UpCrypter malware to deliver RATs like PureHVNC and DCRat across industries.
Threat Research Blog
The Resurgence of IoT Malware: Inside the Mirai-Based Botnet Campaign
Aug 22, 2025FortiGuard Labs analyzes the botnet campaign, a Mirai variant targeting global sectors. Learn its tactics, C2 methods, and Fortinet defenses.
Threat Research Blog
The Resurgence of IoT Malware: Inside the Mirai-Based “Gayfemboy” Botnet Campaign
Aug 22, 2025FortiGuard Labs analyzes the Gayfemboy botnet, a Mirai variant targeting global sectors. Learn its tactics, C2 methods, and Fortinet defenses.
Threat Signal Report
Multiple ZTNA Products Authentication Bypass
Aug 14, 2025A series of critical vulnerabilities affecting leading zero trust platforms - Zscaler, Netskope, and Check Point (Perimeter 81) - have been disclosed following a seven-month research campaign by...
Threat Research Blog
From ClickFix to Command: A Full PowerShell Attack Chain
Aug 11, 2025A regionally targeted PowerShell-based campaign used phishing lures, obfuscation, and RAT delivery to infiltrate Israeli organizations. Learn how the attack chain worked—and how Fortinet blocked it.
Threat Research Blog
Unveiling a New Variant of the DarkCloud Campaign
Aug 07, 2025FortiGuard Labs has uncovered a stealthy new variant of DarkCloud malware that leverages phishing emails, obfuscated JavaScript, PowerShell loaders, and process hollowing to exfiltrate...
Outbreak Alert
Citrix Bleed 2
Aug 06, 2025FortiGuard Labs has observed a sharp increase in exploitation attempts targeting the 'Citrix Bleed 2' vulnerability since July 28, 2025. Telemetry indicates activity has surged to over 6,000...
Threat Research Blog
Malicious Packages Across Open-Source Registries: Detection Statistics and Trends (Q2 2025)
Aug 04, 2025Malware threats continue to infiltrate open-source software registries. FortiGuard Labs’ Q2 2025 analysis reveals persistent tactics used in malicious NPM and PyPI packages, including credential...
Outbreak Alert
Microsoft SharePoint Zero-day Attack
Jul 31, 2025FortiGuard Labs has detected and successfully blocked hundreds of exploitation attempts targeting a newly discovered zero-day vulnerability chain in on-premises Microsoft SharePoint servers. This...
Threat Research Blog
In-Depth Analysis of an Obfuscated Web Shell Script
Jul 25, 2025Detailed analysis of an obfuscated web shell used in a CNI attack. Explores its structure, traffic patterns, and Fortinet’s detection and protection.
Threat Research Blog
Inside The ToolShell Campaign
Jul 25, 2025FortiGuard Labs uncovers ToolShell, a sophisticated exploit chain targeting Microsoft SharePoint servers using a mix of patched and zero-day CVEs. Learn how attackers deploy GhostWebShell and...
Threat Research Blog
A Special Mission to Nowhere
Jul 23, 2025Following the Israel-Iran ceasefire, FortiGuard Labs uncovered a phishing campaign posing as a private jet evacuation service from Tel Aviv to New York. Learn how attackers used crisis-driven fear...
Threat Research Blog
NailaoLocker Ransomware’s “Cheese”
Jul 18, 2025FortiGuard Labs analyzes NailaoLocker ransomware, a unique variant using SM2 encryption and a built-in decryption function. Learn how it works, why it matters, and how Fortinet protects against it.
Outbreak Alert
SonicWall Secure Mobile Access Attack
Jul 18, 2025A campaign targeting SonicWall SMA 100 series appliances is currently under active exploitation, leveraging both known vulnerabilities and potential zero-days to gain persistent access to...
Threat Research Blog
Improving Cloud Intrusion Detection and Triage with FortiCNAPP Composite Alerts
Jul 17, 2025FortiCNAPP Composite Alerts link weak signals into clear timelines—helping security teams detect cloud-native threats earlier and triage them faster.
Threat Research Blog
Old Miner, New Tricks
Jul 16, 2025FortiCNAPP Labs uncovers Lcrypt0rx, a likely AI-generated ransomware variant used in updated H2Miner campaigns targeting cloud resources for Monero mining.
Publications
[Barb'hack 2025] Decompile Linux malware with r2ai
Sep 01, 2025About reversing 2 Linux malware with AI assistance. Learn to spot AI errors + learn to tweak your context size and prompt to get the best results.
Threat Signal Report
ShadowSilk Data Exfiltration Attack
Aug 28, 2025Nearly three dozen organizations across Central Asia and the Asia-Pacific region, predominantly government agencies, have been compromised in data exfiltration campaigns attributed to the Russian...
Threat Research Blog
Phishing Campaign Targeting Companies via UpCrypter
Aug 25, 2025FortiGuard Labs uncovers a phishing campaign using fake emails and UpCrypter malware to deliver RATs like PureHVNC and DCRat across industries.
Threat Research Blog
The Resurgence of IoT Malware: Inside the Mirai-Based Botnet Campaign
Aug 22, 2025FortiGuard Labs analyzes the botnet campaign, a Mirai variant targeting global sectors. Learn its tactics, C2 methods, and Fortinet defenses.
Threat Research Blog
The Resurgence of IoT Malware: Inside the Mirai-Based “Gayfemboy” Botnet Campaign
Aug 22, 2025FortiGuard Labs analyzes the Gayfemboy botnet, a Mirai variant targeting global sectors. Learn its tactics, C2 methods, and Fortinet defenses.
Threat Signal Report
Multiple ZTNA Products Authentication Bypass
Aug 14, 2025A series of critical vulnerabilities affecting leading zero trust platforms - Zscaler, Netskope, and Check Point (Perimeter 81) - have been disclosed following a seven-month research campaign by...
Threat Research Blog
From ClickFix to Command: A Full PowerShell Attack Chain
Aug 11, 2025A regionally targeted PowerShell-based campaign used phishing lures, obfuscation, and RAT delivery to infiltrate Israeli organizations. Learn how the attack chain worked—and how Fortinet blocked it.
Threat Research Blog
Unveiling a New Variant of the DarkCloud Campaign
Aug 07, 2025FortiGuard Labs has uncovered a stealthy new variant of DarkCloud malware that leverages phishing emails, obfuscated JavaScript, PowerShell loaders, and process hollowing to exfiltrate...
Outbreak Alert
Citrix Bleed 2
Aug 06, 2025FortiGuard Labs has observed a sharp increase in exploitation attempts targeting the 'Citrix Bleed 2' vulnerability since July 28, 2025. Telemetry indicates activity has surged to over 6,000...
Threat Research Blog
Malicious Packages Across Open-Source Registries: Detection Statistics and Trends (Q2 2025)
Aug 04, 2025Malware threats continue to infiltrate open-source software registries. FortiGuard Labs’ Q2 2025 analysis reveals persistent tactics used in malicious NPM and PyPI packages, including credential...
Outbreak Alert
Microsoft SharePoint Zero-day Attack
Jul 31, 2025FortiGuard Labs has detected and successfully blocked hundreds of exploitation attempts targeting a newly discovered zero-day vulnerability chain in on-premises Microsoft SharePoint servers. This...
Threat Research Blog
In-Depth Analysis of an Obfuscated Web Shell Script
Jul 25, 2025Detailed analysis of an obfuscated web shell used in a CNI attack. Explores its structure, traffic patterns, and Fortinet’s detection and protection.
Threat Research Blog
Inside The ToolShell Campaign
Jul 25, 2025FortiGuard Labs uncovers ToolShell, a sophisticated exploit chain targeting Microsoft SharePoint servers using a mix of patched and zero-day CVEs. Learn how attackers deploy GhostWebShell and...
Threat Research Blog
A Special Mission to Nowhere
Jul 23, 2025Following the Israel-Iran ceasefire, FortiGuard Labs uncovered a phishing campaign posing as a private jet evacuation service from Tel Aviv to New York. Learn how attackers used crisis-driven fear...
Threat Research Blog
NailaoLocker Ransomware’s “Cheese”
Jul 18, 2025FortiGuard Labs analyzes NailaoLocker ransomware, a unique variant using SM2 encryption and a built-in decryption function. Learn how it works, why it matters, and how Fortinet protects against it.
Outbreak Alert
SonicWall Secure Mobile Access Attack
Jul 18, 2025A campaign targeting SonicWall SMA 100 series appliances is currently under active exploitation, leveraging both known vulnerabilities and potential zero-days to gain persistent access to...
Threat Research Blog
Improving Cloud Intrusion Detection and Triage with FortiCNAPP Composite Alerts
Jul 17, 2025FortiCNAPP Composite Alerts link weak signals into clear timelines—helping security teams detect cloud-native threats earlier and triage them faster.
Threat Research Blog
Old Miner, New Tricks
Jul 16, 2025FortiCNAPP Labs uncovers Lcrypt0rx, a likely AI-generated ransomware variant used in updated H2Miner campaigns targeting cloud resources for Monero mining.
Services
-
Network -
Cloud and Web Application -
Files and Endpoint -
Security Operations
Select one for more details:
-
Anti-recon and Exploit
-
Botnet Domain Reputation DB
-
Data Loss Prevention
-
Indicators of Compromise
-
Intrusion Protection
-
IP Reputation/Anti-Botnet
-
Internet Services
-
Secure DNS
-
Application Control
-
Web Application Security (FADC)
-
Client Application Firewall
-
Web Application Security (FWB)
-
OT Threat
-
IoT Device Detection
-
Web Filtering
-
Cloud Access Security
