FortiGuard Center Outbreak Alerts

FortiGuard Labs | FortiGuard Center – Outbreak Alerts FortiGuard Outbreak Alerts will be the mechanism for communicating important information to customers and partners. When a cybersecurity incident/attack/event occurs that has large ramifications to the cybersecurity industry and affects numerous organizations, this page will be updated with a link to the individual FortiGuard Outbreak Alert.

  • Joomla SP Page Builder RCE
    on July 17, 2026 at 7:00 am

    FortiGuard Labs continues to observe active exploitation of CVE-2026-48908, a critical unauthenticated remote code execution vulnerability affecting the JoomShaper SP Page Builder extension for Joomla. At the time of release, FortiGuard telemetry recorded 1,210 blocked exploitation attempts in the last 24 hours and 15,626 attempts over the past 7 days.

  • Ivanti Sentry OS Command Injection Vulnerability
    on July 7, 2026 at 7:00 am

    FortiGuard Labs continues to observe exploitation attempts targeting CVE-2026-10520 following the public release of technical details and proof-of-concept (PoC) exploit code. At the time of publication, FortiGuard telemetry recorded 886 blocked attempts in the last 24 hours and 8,406 over the past 7 days, with weekly activity increasing by 82%. The Technology, Automotive, Banking/Finance/Insurance, and Education sectors remain among the most targeted.

  • Langflow Unauth RCE Attack
    on July 6, 2026 at 7:00 am

    FortiGuard Labs has observed a significant uptick in attacks targeting Langflow, leveraging a recently discovered authentication bypass vulnerability that allows unauthenticated remote attackers to fully compromise affected servers.

  • HTTP/2 Bomb Denial-of-Service Vulnerability
    on June 19, 2026 at 7:00 am

    Security researchers have disclosed a new denial-of-service (DoS) attack technique dubbed HTTP/2 Bomb, tracked as CVE-2026-49975, that affects multiple major HTTP/2 server implementations. Unlike traditional volumetric DDoS attacks, HTTP/2 Bomb does not require a large botnet. Researchers demonstrated that a single attacker operating from a modest internet connection can generate sufficient resource exhaustion to disrupt vulnerable servers.

  • Palo Alto Networks PAN-OS GlobalProtect Auth Bypass
    on June 11, 2026 at 7:00 am

    Attackers are actively exploiting a PAN-OS GlobalProtect authentication bypass vulnerability to gain unauthorized VPN access to exposed Palo Alto Networks firewalls. An attacker who successfully exploits CVE-2026-0257 can: – Establish unauthorized VPN sessions through affected GlobalProtect gateways. – Bypass authentication controls without valid user credentials. – Gain network-level access typically reserved for authenticated VPN users. – Potentially facilitate further reconnaissance, lateral movement, or follow-on attacks within the victim environment.

  • Citrix NetScaler Memory Overread Vulnerability
    on May 28, 2026 at 7:00 am

    Exploitation activity targeting vulnerable Citrix NetScaler ADC and Gateway appliances remains persistent and widespread, with FortiGuard Labs telemetry continuously observing attack attempts from global sources probing exposed NetScaler SAML endpoints for vulnerable configurations. Analysis from FortiGuard IPS sensors shows sustained targeting of internet-facing NetScaler deployments configured as SAML Identity Providers (IdP). Attackers continue using malformed authentication requests to exploit the memory overread condition associated with CVE-2026-3055, potentially exposing sensitive session data, authentication tokens, and credential material.

  • Cisco ASA and FTD Firewall RCE
    on April 27, 2026 at 7:00 am

    Critical zero-day vulnerabilities affecting Cisco Secure Firewall Adaptive Security Appliance (ASA) and Cisco Secure Firewall Threat Defense (FTD) software have been actively exploited in the wild. The campaign is widespread and involves exploiting zero-day vulnerabilities to gain unauthenticated remote code execution on ASAs, as well as manipulating read-only memory (ROM) to persist through reboot and system upgrade. This activity presents a significant risk to victim networks.

  • SmarterTools SmarterMail RCE
    on April 6, 2026 at 7:00 am

    An actively targeted vulnerability has been identified in SmarterTools SmarterMail, tracked as CVE-2025-52691, with a CVSS score of 10.0 (Critical). The flaw allows unauthenticated attackers to upload arbitrary files to any location on the mail server, potentially resulting in remote code execution (RCE).

  • React2Shell Remote Code Execution
    on April 2, 2026 at 7:00 am

    React2Shell is a critical unauthenticated remote code execution (RCE) vulnerability affecting React Server Components (RSC) and frameworks that implement the Flight protocol, including specific vulnerable versions of Next.js. A remote attacker can craft a malicious RSC request that triggers server-side deserialization, leading to arbitrary code execution without authentication or user interaction.

  • Iran-linked Cyber Attacks
    on March 31, 2026 at 7:00 am

    This report provides an overview of ongoing Iran-linked cyber operations, highlighting activity attributed to state-aligned proxies and hacktivist groups. The vulnerabilities listed are suspected to be exploited by actors associated with Iran in real-world campaigns, consistent with observed tactics, techniques, and procedures (TTPs). Iran-linked operations continue to rely on distributed, lower-complexity techniques, including phishing, DDoS, data exfiltration, and destructive attacks. Initial access is primarily achieved through exploitation of known, unpatched vulnerabilities and exposed edge infrastructure, reflecting a persistent and opportunistic threat posture targeting government, critical infrastructure, and enterprise environments.

Share Websitecyber
We are an ethical website cyber security team and we perform security assessments to protect our clients.