Category: Fortinet Threat Research Blog

A new Stealit campaign uses Node.js Single Executable Application (SEA) to deliver obfuscated malware. FortiGuard Labs details tactics and defenses. Learn more.        This article has been indexed from Fortinet Threat Research Blog Read the original article: New Stealit Campaign…

Read more →

FortiGuard Labs details Chaos-C++, a ransomware variant using destructive encryption and clipboard hijacking to amplify damage and theft. Read more.        This article has been indexed from Fortinet Threat Research Blog Read the original article: The Evolution of Chaos Ransomware:…

Read more →

FortiGuard Labs has uncovered a shift in the tactics of threat actor Confucius, from stealers to Python backdoors, highlighting advanced techniques used in South Asian cyber espionage. Read more.        This article has been indexed from Fortinet Threat Research Blog…

Read more →

A phishing campaign in Ukraine uses malicious SVG files to drop Amatera Stealer and PureMiner, enabling data theft and cryptomining. Learn more.        This article has been indexed from Fortinet Threat Research Blog Read the original article: SVG Phishing hits…

Read more →

FortiGuard Labs uncovered an SEO poisoning campaign targeting Chinese users with fake software sites delivering Hiddengh0st and Winos malware.        This article has been indexed from Fortinet Threat Research Blog Read the original article: SEO Poisoning Attack Targets Chinese-Speaking Users…

Read more →

FortiGuard Labs uncovers MostereRAT’s use of phishing, EPL code, and remote access tools like AnyDesk and TightVNC to evade defenses and seize full system control.        This article has been indexed from Fortinet Threat Research Blog Read the original article:…

Read more →

FortiGuard Labs uncovers MostereRAT’s use of phishing, EPL code, and remote access tools like AnyDesk and TightVNC to evade defenses and seize full system control.        This article has been indexed from Fortinet Threat Research Blog Read the original article:…

Read more →

FortiGuard Labs uncovers a phishing campaign using fake emails and UpCrypter malware to deliver RATs like PureHVNC and DCRat across industries.        This article has been indexed from Fortinet Threat Research Blog Read the original article: Phishing Campaign Targeting Companies…

Read more →

FortiGuard Labs analyzes the Gayfemboy botnet, a Mirai variant targeting global sectors. Learn its tactics, C2 methods, and Fortinet defenses.        This article has been indexed from Fortinet Threat Research Blog Read the original article: The Resurgence of IoT Malware:…

Read more →

A regionally targeted PowerShell-based campaign used phishing lures, obfuscation, and RAT delivery to infiltrate Israeli organizations. Learn how the attack chain worked—and how Fortinet blocked it.        This article has been indexed from Fortinet Threat Research Blog Read the original…

Read more →

FortiGuard Labs has uncovered a stealthy new variant of DarkCloud malware that leverages phishing emails, obfuscated JavaScript, PowerShell loaders, and process hollowing to exfiltrate credentials, payment data, and email contacts—all without dropping a file to disk.        This article has…

Read more →

Malware threats continue to infiltrate open-source software registries. FortiGuard Labs’ Q2 2025 analysis reveals persistent tactics used in malicious NPM and PyPI packages, including credential theft, obfuscation, and install-time payloads. Learn how threat actors exploit OSS and how to stay…

Read more →

Malware threats continue to infiltrate open-source software registries. FortiGuard Labs’ Q2 2025 analysis reveals persistent tactics used in malicious NPM and PyPI packages, including credential theft, obfuscation, and install-time payloads. Learn how threat actors exploit OSS and how to stay…

Read more →

FortiGuard Labs uncovers ToolShell, a sophisticated exploit chain targeting Microsoft SharePoint servers using a mix of patched and zero-day CVEs. Learn how attackers deploy GhostWebShell and KeySiphon for stealthy remote code execution and credential theft.        This article has been…

Read more →

Detailed analysis of an obfuscated web shell used in a CNI attack. Explores its structure, traffic patterns, and Fortinet’s detection and protection.        This article has been indexed from Fortinet Threat Research Blog Read the original article: In-Depth Analysis of…

Read more →

Following the Israel-Iran ceasefire, FortiGuard Labs uncovered a phishing campaign posing as a private jet evacuation service from Tel Aviv to New York. Learn how attackers used crisis-driven fear to steal personal and financial data.        This article has been…

Read more →

FortiGuard Labs analyzes NailaoLocker ransomware, a unique variant using SM2 encryption and a built-in decryption function. Learn how it works, why it matters, and how Fortinet protects against it.        This article has been indexed from Fortinet Threat Research Blog…

Read more →

FortiCNAPP Composite Alerts link weak signals into clear timelines—helping security teams detect cloud-native threats earlier and triage them faster.        This article has been indexed from Fortinet Threat Research Blog Read the original article: Improving Cloud Intrusion Detection and Triage…

Read more →

FortiCNAPP Labs uncovers Lcrypt0rx, a likely AI-generated ransomware variant used in updated H2Miner campaigns targeting cloud resources for Monero mining.        This article has been indexed from Fortinet Threat Research Blog Read the original article: Old Miner, New Tricks

Read more →

Discover how FortiSandbox 5.0 detects Dark 101 ransomware, even with sandbox evasion tactics. Learn how advanced behavioral analysis blocks file encryption, system tampering, and ransom note deployment.        This article has been indexed from Fortinet Threat Research Blog Read the…

Read more →