Fortinet Threat Research.
FortiGuard Labs Threat Research Official blog feed of Fortinet
- Unmasking Agent Tesla: A Deep Dive into a Multi-Stage Campaign
on February 25, 2026 at 2:00 pmFortiGuard Labs provides a technical breakdown of a multi-stage Agent Tesla campaign, from phishing and encrypted scripts to in-memory execution, process hollowing, and data exfiltration
- Massive Winos 4.0 Campaigns Target Taiwanon February 20, 2026 at 2:00 pm
FortiGuard Labs analyzes Winos 4.0 (ValleyRat) campaigns targeting Taiwan, detailing phishing lures, DLL sideloading, BYOVD abuse, and evolving attacker infrastructure
- Deep Dive into New XWorm Campaign Utilizing Multiple-Themed Phishing Emailson February 10, 2026 at 2:00 pm
FortiGuard Labs details a new XWorm RAT campaign using multi-language phishing emails, Excel exploits (CVE-2018-0802), HTA execution, and fileless .NET techniques to gain full remote control of Windows systems
- Interlock Ransomware: New Techniques, Same Old Trickson January 29, 2026 at 2:00 pm
An in-depth analysis of an Interlock ransomware intrusion, detailing new malware tooling, defense evasion techniques, and high-ROI detection strategies.
- Unveiling the Weaponized Web Shell EncystPHPon January 28, 2026 at 2:00 pm
FortiGuard Labs analyzes EncystPHP, a stealthy web shell exploiting CVE-2025-64328 in FreePBX environments to enable remote command execution, persistence, and long-term system compromise
- Inside a Multi-Stage Windows Malware Campaignon January 20, 2026 at 2:00 pm
FortiGuard Labs analysis of a multi-stage Windows malware campaign that abuses trusted platforms to disable defenses, deploy RATs, and deliver ransomware.
- New Remcos Campaign Distributed Through Fake Shipping Documenton January 14, 2026 at 2:00 pm
FortiGuard Labs analyzes a phishing campaign delivering a fileless Remcos RAT via malicious Word templates, CVE-2017-11882 exploitation, and in-memory execution.
- Uncovering Hidden Forensic Evidence in Windows: The Mystery of AutoLogger-Diagtrack-Listener.etlon December 9, 2025 at 2:00 pm
FortiGuard IR uncovers forensic insights in Windows AutoLogger-Diagtrack-Listener.etl, a telemetry artefact with untapped investigative value.
- UDPGangster Campaigns Target Multiple Countrieson December 4, 2025 at 2:00 pm
FortiGuard Labs uncovers UDPGangster campaigns linked to MuddyWater, using macro-laden phishing lures, evasion techniques, and UDP backdoors to target multiple countries
- New eBPF Filters for Symbiote and BPFdoor Malwareon December 2, 2025 at 2:00 pm
FortiGuard Labs discovered new Symbiote and BPFDoor variants exploiting eBPF filters to enhance stealth through IPv6 support, UDP traffic, and dynamic port hopping for covert C2 communication.
