Threat Actors Weaponize AI Hype to Deliver AsyncRAT
FortiGuard Labs analyzes a multi-stage malware campaign that uses fake AI-themed documents, hidden PowerShell scripts, AutoHotkey loaders, and process injection to deploy AsyncRAT and maintain remote access.
Cybercriminals Are Targeting the FIFA World Cup 2026
FortiGuard Labs research shows how cybercriminals are exploiting the demand for the FIFA World Cup 2026 through phishing, fake tickets, malware, impersonation, and credential theft.
Inside the Cross-Platform Propagation of a New Gafgyt Variant C0XMO
FortiGuard Labs analyzes C0XMO, a new Gafgyt variant leveraging DD-WRT exploitation and multi-architecture propagation to expand IoT botnet infections.
Phishing Campaign Deploys JavaScript-Driven PureLogs Variant to Steal Sensitive Data
FortiGuard Labs analyzed a new phishing campaign that uses obfuscated JavaScript, PowerShell, process hollowing, and PureLogs to steal sensitive data
Misconfigured, Enrolled and Dormant: Anatomy of a P2Pinfect Kubernetes Compromise
FortiGuard Labs analyzed several P2PInfect compromises in GKE clusters, showing how exposed Redis instances can enable persistent botnet enrollment, dormancy, and cloud runtime risk.
PureLogs: Delivery via PawsRunner Steganography
FortiGuard Labs has analyzed a steganography-based malware campaign that uses PawsRunner to deliver the PureLogs infostealer, highlighting evolving delivery methods and detection strategies.
Tracking Mirai Variant Nexcorium: A Vulnerability-Driven IoT Botnet Campaign
TBK DVRs targeted by Nexcorium: exploiting, persisting, brute-force attacks, and multi-architecture Mirai-style DDoS in a single campaign. From CVE-2024-3721 exploitation to CVE-2017-17215 reuse, this botnet demonstrates how quickly IoT threats continue to evolve.
DPRK-Related Campaigns with LNK and GitHub C2
Analysis of DPRK-linked LNK-based attacks using GitHub as covert C2 infrastructure, detailing multi-stage PowerShell execution, persistence mechanisms, and data exfiltration techniques targeting Windows environments.
Cyber Fallout After the Strikes: Signal, Noise, and What Comes Next
Following U.S.-Israeli strikes on Iran, FortiGuard Labs has not yet observed large-scale cyber retaliation. However, we observed that regional cyber activity is rising. Organizations should take action to strengthen cyber hygiene, rotate credentials, and reduce exposure.
Unmasking Agent Tesla: A Deep Dive into a Multi-Stage Campaign
FortiGuard Labs provides a technical breakdown of a multi-stage Agent Tesla campaign, from phishing and encrypted scripts to in-memory execution, process hollowing, and data exfiltration
