Fortiguard Labs
Latest Reports
Outbreak Alert
Versa Concerto SD-WAN Authentication Bypass
Feb 03, 2026Multiple critical security vulnerabilities in the Versa Concerto network security and SD-WAN orchestration platform. When chained, these flaws could allow remote attackers to bypass...
Outbreak Alert
Zimbra Collaboration Local File Inclusion
Jan 30, 2026A Local File Inclusion (LFI) vulnerability (CVE-2025-68645) exists in the Zimbra Collaboration Suite (ZCS) Webmail Classic UI due to improper handling of user-supplied request parameters in the...
Threat Research Blog
Interlock Ransomware: New Techniques, Same Old Tricks
Jan 29, 2026An in-depth analysis of an Interlock ransomware intrusion, detailing new malware tooling, defense evasion techniques, and high-ROI detection strategies.
Outbreak Alert
SmarterTools SmarterMail RCE
Jan 29, 2026An actively targeted vulnerability has been identified in SmarterTools SmarterMail, tracked as CVE-2025-52691, with a CVSS score of 10.0 (Critical). The flaw allows unauthenticated attackers to...
Threat Research Blog
Unveiling the Weaponized Web Shell EncystPHP
Jan 28, 2026FortiGuard Labs analyzes EncystPHP, a stealthy web shell exploiting CVE-2025-64328 in FreePBX environments to enable remote command execution, persistence, and long-term system compromise
Threat Research Blog
Inside a Multi-Stage Windows Malware Campaign
Jan 20, 2026FortiGuard Labs analysis of a multi-stage Windows malware campaign that abuses trusted platforms to disable defenses, deploy RATs, and deliver ransomware.
Threat Signal Report
UAT-8837 Critical Infrastructure Attack
Jan 16, 2026An active campaign has been linked, with medium confidence, to a threat actor designated UAT-8837, which Cisco Talos assesses as a China-nexus group targeting critical infrastructure organizations...
Threat Research Blog
New Remcos Campaign Distributed Through Fake Shipping Document
Jan 14, 2026FortiGuard Labs analyzes a phishing campaign delivering a fileless Remcos RAT via malicious Word templates, CVE-2017-11882 exploitation, and in-memory execution.
Threat Signal Report
n8n Unauthenticated Remote Code Execution
Jan 08, 2026CVE-2026-21858 arises from a Content-Type confusion flaw in n8n’s webhook and form handling logic. Specifically, certain form-based workflows do not adequately validate or enforce multipart form...
Threat Signal Report
MongoBleed Unauthenticated Memory Leak
Dec 29, 2025A critical vulnerability in MongoDB Server’s handling of zlib-compressed network traffic allows a fully unauthenticated remote attacker to read uninitialized heap memory and leak sensitive data...
Outbreak Alert
Cisco ASA and FTD Firewall RCE
Dec 18, 2025Critical zero-day vulnerabilities affecting Cisco Secure Firewall Adaptive Security Appliance (ASA) and Cisco Secure Firewall Threat Defense (FTD) software have been actively exploited in the...
Threat Signal Report
Cisco AsyncOS Zero-day
Dec 18, 2025Cisco has confirmed the active exploitation of a critical zero-day vulnerability in AsyncOS, tracked as CVE-2025-20393, affecting Cisco Secure Email Gateway (SEG) and Secure Email and Web Manager...
Threat Signal Report
Gladinet CentreStack & Triofox Insecure Cryptography Vulnerability
Dec 16, 2025CVE-2025-14611 is a high-severity insecure cryptography vulnerability affecting Gladinet CentreStack and Triofox products prior to version 16.12.10420.56791. The flaw stems from hardcoded AES...
Threat Research Blog
Uncovering Hidden Forensic Evidence in Windows: The Mystery of AutoLogger-Diagtrack-Listener.etl
Dec 09, 2025FortiGuard IR uncovers forensic insights in Windows AutoLogger-Diagtrack-Listener.etl, a telemetry artefact with untapped investigative value.
Outbreak Alert
React2Shell Remote Code Execution
Dec 05, 2025React2Shell is a critical unauthenticated remote code execution (RCE) vulnerability affecting React Server Components (RSC) and frameworks that implement the Flight protocol, including specific...
Threat Research Blog
UDPGangster Campaigns Target Multiple Countries
Dec 04, 2025FortiGuard Labs uncovers UDPGangster campaigns linked to MuddyWater, using macro-laden phishing lures, evasion techniques, and UDP backdoors to target multiple countries
Threat Research Blog
New eBPF Filters for Symbiote and BPFdoor Malware
Dec 02, 2025FortiGuard Labs discovered new Symbiote and BPFDoor variants exploiting eBPF filters to enhance stealth through IPv6 support, UDP traffic, and dynamic port hopping for covert C2 communication.
Outbreak Alert
UNC1549 Critical Infrastructure Espionage Attack
Dec 02, 2025A suspected Iran-linked espionage group tracked as UNC1549 is actively targeting aerospace, defense, and telecommunications organizations across Europe and other regions. The threat actor employs...
Outbreak Alert
Versa Concerto SD-WAN Authentication Bypass
Feb 03, 2026Multiple critical security vulnerabilities in the Versa Concerto network security and SD-WAN orchestration platform. When chained, these flaws could allow remote attackers to bypass...
Outbreak Alert
Zimbra Collaboration Local File Inclusion
Jan 30, 2026A Local File Inclusion (LFI) vulnerability (CVE-2025-68645) exists in the Zimbra Collaboration Suite (ZCS) Webmail Classic UI due to improper handling of user-supplied request parameters in the...
Threat Research Blog
Interlock Ransomware: New Techniques, Same Old Tricks
Jan 29, 2026An in-depth analysis of an Interlock ransomware intrusion, detailing new malware tooling, defense evasion techniques, and high-ROI detection strategies.
Outbreak Alert
SmarterTools SmarterMail RCE
Jan 29, 2026An actively targeted vulnerability has been identified in SmarterTools SmarterMail, tracked as CVE-2025-52691, with a CVSS score of 10.0 (Critical). The flaw allows unauthenticated attackers to...
Threat Research Blog
Unveiling the Weaponized Web Shell EncystPHP
Jan 28, 2026FortiGuard Labs analyzes EncystPHP, a stealthy web shell exploiting CVE-2025-64328 in FreePBX environments to enable remote command execution, persistence, and long-term system compromise
Threat Research Blog
Inside a Multi-Stage Windows Malware Campaign
Jan 20, 2026FortiGuard Labs analysis of a multi-stage Windows malware campaign that abuses trusted platforms to disable defenses, deploy RATs, and deliver ransomware.
Threat Signal Report
UAT-8837 Critical Infrastructure Attack
Jan 16, 2026An active campaign has been linked, with medium confidence, to a threat actor designated UAT-8837, which Cisco Talos assesses as a China-nexus group targeting critical infrastructure organizations...
Threat Research Blog
New Remcos Campaign Distributed Through Fake Shipping Document
Jan 14, 2026FortiGuard Labs analyzes a phishing campaign delivering a fileless Remcos RAT via malicious Word templates, CVE-2017-11882 exploitation, and in-memory execution.
Threat Signal Report
n8n Unauthenticated Remote Code Execution
Jan 08, 2026CVE-2026-21858 arises from a Content-Type confusion flaw in n8n’s webhook and form handling logic. Specifically, certain form-based workflows do not adequately validate or enforce multipart form...
Threat Signal Report
MongoBleed Unauthenticated Memory Leak
Dec 29, 2025A critical vulnerability in MongoDB Server’s handling of zlib-compressed network traffic allows a fully unauthenticated remote attacker to read uninitialized heap memory and leak sensitive data...
Outbreak Alert
Cisco ASA and FTD Firewall RCE
Dec 18, 2025Critical zero-day vulnerabilities affecting Cisco Secure Firewall Adaptive Security Appliance (ASA) and Cisco Secure Firewall Threat Defense (FTD) software have been actively exploited in the...
Threat Signal Report
Cisco AsyncOS Zero-day
Dec 18, 2025Cisco has confirmed the active exploitation of a critical zero-day vulnerability in AsyncOS, tracked as CVE-2025-20393, affecting Cisco Secure Email Gateway (SEG) and Secure Email and Web Manager...
Threat Signal Report
Gladinet CentreStack & Triofox Insecure Cryptography Vulnerability
Dec 16, 2025CVE-2025-14611 is a high-severity insecure cryptography vulnerability affecting Gladinet CentreStack and Triofox products prior to version 16.12.10420.56791. The flaw stems from hardcoded AES...
Threat Research Blog
Uncovering Hidden Forensic Evidence in Windows: The Mystery of AutoLogger-Diagtrack-Listener.etl
Dec 09, 2025FortiGuard IR uncovers forensic insights in Windows AutoLogger-Diagtrack-Listener.etl, a telemetry artefact with untapped investigative value.
Outbreak Alert
React2Shell Remote Code Execution
Dec 05, 2025React2Shell is a critical unauthenticated remote code execution (RCE) vulnerability affecting React Server Components (RSC) and frameworks that implement the Flight protocol, including specific...
Threat Research Blog
UDPGangster Campaigns Target Multiple Countries
Dec 04, 2025FortiGuard Labs uncovers UDPGangster campaigns linked to MuddyWater, using macro-laden phishing lures, evasion techniques, and UDP backdoors to target multiple countries
Threat Research Blog
New eBPF Filters for Symbiote and BPFdoor Malware
Dec 02, 2025FortiGuard Labs discovered new Symbiote and BPFDoor variants exploiting eBPF filters to enhance stealth through IPv6 support, UDP traffic, and dynamic port hopping for covert C2 communication.
Outbreak Alert
UNC1549 Critical Infrastructure Espionage Attack
Dec 02, 2025A suspected Iran-linked espionage group tracked as UNC1549 is actively targeting aerospace, defense, and telecommunications organizations across Europe and other regions. The threat actor employs...
Outbreak Alert
Versa Concerto SD-WAN Authentication Bypass
Feb 03, 2026Multiple critical security vulnerabilities in the Versa Concerto network security and SD-WAN orchestration platform. When chained, these flaws could allow remote attackers to bypass...
Outbreak Alert
Zimbra Collaboration Local File Inclusion
Jan 30, 2026A Local File Inclusion (LFI) vulnerability (CVE-2025-68645) exists in the Zimbra Collaboration Suite (ZCS) Webmail Classic UI due to improper handling of user-supplied request parameters in the...
Threat Research Blog
Interlock Ransomware: New Techniques, Same Old Tricks
Jan 29, 2026An in-depth analysis of an Interlock ransomware intrusion, detailing new malware tooling, defense evasion techniques, and high-ROI detection strategies.
Outbreak Alert
SmarterTools SmarterMail RCE
Jan 29, 2026An actively targeted vulnerability has been identified in SmarterTools SmarterMail, tracked as CVE-2025-52691, with a CVSS score of 10.0 (Critical). The flaw allows unauthenticated attackers to...
Threat Research Blog
Unveiling the Weaponized Web Shell EncystPHP
Jan 28, 2026FortiGuard Labs analyzes EncystPHP, a stealthy web shell exploiting CVE-2025-64328 in FreePBX environments to enable remote command execution, persistence, and long-term system compromise
Threat Research Blog
Inside a Multi-Stage Windows Malware Campaign
Jan 20, 2026FortiGuard Labs analysis of a multi-stage Windows malware campaign that abuses trusted platforms to disable defenses, deploy RATs, and deliver ransomware.
Threat Signal Report
UAT-8837 Critical Infrastructure Attack
Jan 16, 2026An active campaign has been linked, with medium confidence, to a threat actor designated UAT-8837, which Cisco Talos assesses as a China-nexus group targeting critical infrastructure organizations...
Threat Research Blog
New Remcos Campaign Distributed Through Fake Shipping Document
Jan 14, 2026FortiGuard Labs analyzes a phishing campaign delivering a fileless Remcos RAT via malicious Word templates, CVE-2017-11882 exploitation, and in-memory execution.
Threat Signal Report
n8n Unauthenticated Remote Code Execution
Jan 08, 2026CVE-2026-21858 arises from a Content-Type confusion flaw in n8n’s webhook and form handling logic. Specifically, certain form-based workflows do not adequately validate or enforce multipart form...
Threat Signal Report
MongoBleed Unauthenticated Memory Leak
Dec 29, 2025A critical vulnerability in MongoDB Server’s handling of zlib-compressed network traffic allows a fully unauthenticated remote attacker to read uninitialized heap memory and leak sensitive data...
Outbreak Alert
Cisco ASA and FTD Firewall RCE
Dec 18, 2025Critical zero-day vulnerabilities affecting Cisco Secure Firewall Adaptive Security Appliance (ASA) and Cisco Secure Firewall Threat Defense (FTD) software have been actively exploited in the...
Threat Signal Report
Cisco AsyncOS Zero-day
Dec 18, 2025Cisco has confirmed the active exploitation of a critical zero-day vulnerability in AsyncOS, tracked as CVE-2025-20393, affecting Cisco Secure Email Gateway (SEG) and Secure Email and Web Manager...
Threat Signal Report
Gladinet CentreStack & Triofox Insecure Cryptography Vulnerability
Dec 16, 2025CVE-2025-14611 is a high-severity insecure cryptography vulnerability affecting Gladinet CentreStack and Triofox products prior to version 16.12.10420.56791. The flaw stems from hardcoded AES...
Threat Research Blog
Uncovering Hidden Forensic Evidence in Windows: The Mystery of AutoLogger-Diagtrack-Listener.etl
Dec 09, 2025FortiGuard IR uncovers forensic insights in Windows AutoLogger-Diagtrack-Listener.etl, a telemetry artefact with untapped investigative value.
Outbreak Alert
React2Shell Remote Code Execution
Dec 05, 2025React2Shell is a critical unauthenticated remote code execution (RCE) vulnerability affecting React Server Components (RSC) and frameworks that implement the Flight protocol, including specific...
Threat Research Blog
UDPGangster Campaigns Target Multiple Countries
Dec 04, 2025FortiGuard Labs uncovers UDPGangster campaigns linked to MuddyWater, using macro-laden phishing lures, evasion techniques, and UDP backdoors to target multiple countries
Threat Research Blog
New eBPF Filters for Symbiote and BPFdoor Malware
Dec 02, 2025FortiGuard Labs discovered new Symbiote and BPFDoor variants exploiting eBPF filters to enhance stealth through IPv6 support, UDP traffic, and dynamic port hopping for covert C2 communication.
Outbreak Alert
UNC1549 Critical Infrastructure Espionage Attack
Dec 02, 2025A suspected Iran-linked espionage group tracked as UNC1549 is actively targeting aerospace, defense, and telecommunications organizations across Europe and other regions. The threat actor employs...
Services
-
Network -
Cloud and Web Application -
Files and Endpoint -
Security Operations
Select one for more details:
-
Anti-recon and Exploit
-
Botnet Domain Reputation DB
-
Data Loss Prevention
-
Indicators of Compromise
-
Intrusion Protection
-
IP Reputation/Anti-Botnet
-
Internet Services
-
Secure DNS
-
Application Control
-
Web Application Security (FADC)
-
Client Application Firewall
-
Web Application Security (FWB)
-
OT Threat
-
IoT Device Detection
-
Web Filtering
-
Cloud Access Security
