FortiGuard Labs

Has #ransomware become background noise? 💥 📩 Derek Manky shares insights from the latest Global Threat Landscape Report, including how cybercrime is becoming more targeted and how AI is expanding access to advanced attack capabilities. As exploit timelines shrink, defenders must focus on what matters most—prioritizing real exposures and adapting to faster-moving threats. 🎙️ Interview: TechSpective 👉 Watch the full discussion: ftnt.net/6015B6WIJD

For years, defenders could focus on a small set of high-risk CVEs. That model is shifting as attackers use AI and automation to test and exploit vulnerabilities at scale. #FortiGuardLabs’ Aamir Lakhani, highlights how this shift is expanding the attack surface—and why defenders must move beyond CVE prioritization to full exposure visibility. 🔗 Read more: ftnt.net/6019B6wewR

Following recent events in the Middle East, our #FortiGuardLabs researchers are seeing a surge in regional cyber activity—hacktivism, opportunistic intrusions, and psychological signaling, rather than coordinated state retaliation. 💬 The takeaway: early noise can mask more deliberate activity later. Read our analysis: ftnt.net/6014B6urU6

Let’s be honest—SOC teams are tired of dealing with thousands of alerts every day. 🚨 That’s why #FortiGuard Outbreak Alerts exist. FortiGuard Outbreak Alerts provide key details on what’s happening, including the vulnerability, who may be targeted, the adversaries involved, and how the threat is evolving. 🔔 Subscribe today to stay informed about emerging threats. 🔗 Learn more: ftnt.net/6015B6Kqdb #Accelerate26

#AgentTesla isn’t new, but it’s still highly effective. Our team recently revealed how this #MaaS uses phishing, obfuscated loaders, reflective .NET execution, and process hollowing to stay hidden entirely in memory. 🔎 See how this attack stays invisible from delivery to execution. 🔗 Read more: ftnt.net/6017B6D4kT #FortiGuardLabs

🚨 New Outbreak Alert: Multiple critical vulnerabilities in #Versa Concerto network security and SD-WAN platform (CVE-2025-34027, CVE-2025-34026, CVE-2025-34025). When chained, attackers can bypass authentication, escape Docker containers, and fully compromise the host system. Get full details and mitigation steps: ftnt.net/6011hCPnV 👈

🚨 #Winos 4.0 campaigns are escalating. Our team recently reported Silver Fox targeting organizations in Taiwan using localized #phishing lures, rotating domains, DLL sideloading, and BYOVD techniques to evade detection. 🔗 Full analysis: ftnt.net/6018h2ems

🔔 New Outbreak Alert: #FortiGuardLabs confirmed an actively exploited Local File Inclusion (LFI) vulnerability in #Zimbra Collaboration Suite Webmail Classic UI (CVE-2025-68645) allowing unauthenticated attackers to expose sensitive configuration files and application data. Get full details: ftnt.net/6013hs78P 👈

🎣 ✉️ #Phishing isn’t new, but attackers keep refining how they execute. New coverage from @CSOonline highlights #FortiGuardLabs' research on a campaign chaining a legacy Office flaw with fileless execution to deploy the modular XWorm RAT. Explore the full analysis: ftnt.net/6015hmRPv

🔔 New Outbreak Alert: Our researchers are tracking an unauthenticated remote code execution vulnerability (CVE-2025-52691) that is being actively exploited in SmarterTools' #SmarterMail servers. CVSS: 10.0 (Critical) 🚨 Get full details and mitigation guidance: ftnt.net/6019h5l1v

🆕 A new #XWorm campaign shows how familiar phishing tactics are being paired with increasingly sophisticated execution chains, from malicious Excel attachments to fileless loaders and process hollowing. Our blog breaks down the full infection chain and XWorm’s modular plugin architecture. ftnt.net/6019hZSwx 👈

⏳⚛️ The quantum countdown has begun. Threat actors are harvesting encrypted data today, betting on future decryption. #Fortinet firewalls are quantum-ready today, with post-quantum cryptography built natively into #FortiOS and accelerated by purpose-built ASICs—so you can protect IPsec VPNs with no performance impact. Read how to prepare for post-quantum security: ftnt.net/6018hMlbE 👈

Same ransomware. New techniques. 📥 ✉️ Our Incident Response team recently analyzed an Interlock #ransomware intrusion, revealing evolving tradecraft, new indicators, and attempts to evade EDR and AV defenses. See how this group adapts, and best defense practices. 🔗 Full analysis: ftnt.net/6019hJjwH #FortiGuardLabs

🤖 AI vs. 🤖 AI is the new security battleground. #FortiGuardLabs, Aamir Lakhani shares insights on the industrialization of cybercrime, and what this means for enterprises and telcos securing #5G, #AI, and #OT/IT infrastructure. 📑 Article: @FierceNetwork_ 👉 Read more: ftnt.net/6010hHiPg

🚨 Just in: Our team has identified #EncystPHP, a persistent FreePBX web shell exploiting CVE-2025-64328 to enable long-term administrative compromise. This activity aligns with INJ3CTOR3 campaigns. Learn why unpatched PBX systems remain prime targets. 🔍 Read the blog: ftnt.net/6016hDPCY #FortiGuardLabs

Social engineering is just the opening move. ♟️ In our latest blog, our researchers break down a multi-stage Windows malware campaign that bypasses Defender, abuses trusted cloud services, deploys surveillance tooling, and ultimately delivers #ransomware. 👉 Read the full threat analysis: ftnt.net/6018h6OPG

🎣 Phishing is evolving, and this one never touches disk. Our team uncovered a new #phishing campaign delivering a fileless Remcos RAT, using malicious Word and RTF files to exploit vulnerabilities, run PowerShell in memory, and inject malware via process hollowing. 🔗 Read the full threat analysis: ftnt.net/6014C46fn #FortiGuardLabs

New year. New pace of cybercrime. ⏩🔒 2026 marks a shift to high-speed, automated attacks powered by #AI. Our latest Cyberthreat Predictions report explains what this means for defenders, and how to respond at machine speed. 👉 Read the report: ftnt.net/6016CxZJQ

Staying ahead in 2026 starts with knowing what’s coming. Our #FortiGuardLabs Outbreak Alerts deliver real-time visibility into active threats, emerging campaigns, and critical vulnerabilities—backed by one of the world’s largest threat research teams. 🔔 Stay informed. Stay ready. 👉 Subscribe for alerts today: ftnt.net/6018CYtFs

Threat actors may try to erase everything, but #FortiGuardLabs just found a new forensic clue hiding in plain sight. 🔍 Our IR team uncovered how an obscure Windows telemetry file can reveal traces of deleted malware and attacker activity—offering unexpected value in post-intrusion investigations. 👉 Full analysis: ftnt.net/6015CnaGN