Fortinet Threat Research

FortiGuard Labs uncovers ToolShell, a sophisticated exploit chain targeting Microsoft SharePoint servers using a mix of patched and zero-day CVEs. Learn how attackers deploy GhostWebShell and KeySiphon for stealthy remote code execution and credential theft.      

Detailed analysis of an obfuscated web shell used in a CNI attack. Explores its structure, traffic patterns, and Fortinet’s detection and protection.      

Following the Israel-Iran ceasefire, FortiGuard Labs uncovered a phishing campaign posing as a private jet evacuation service from Tel Aviv to New York. Learn how attackers used crisis-driven fear to steal personal and financial data.      

FortiGuard Labs analyzes NailaoLocker ransomware, a unique variant using SM2 encryption and a built-in decryption function. Learn how it works, why it matters, and how Fortinet protects against it.      

FortiCNAPP Composite Alerts link weak signals into clear timelines—helping security teams detect cloud-native threats earlier and triage them faster.      

FortiCNAPP Labs uncovers Lcrypt0rx, a likely AI-generated ransomware variant used in updated H2Miner campaigns targeting cloud resources for Monero mining.      

Discover how FortiSandbox 5.0 detects Dark 101 ransomware, even with sandbox evasion tactics. Learn how advanced behavioral analysis blocks file encryption, system tampering, and ransom note deployment.      

Explore how AI is changing the cat-and-mouse dynamic of cybersecurity, from cracking obfuscation and legacy languages to challenging new malware built with Flutter, Rust, and Delphi.      

FortiGuard Labs explores how NordDragonScan utilizes an effective distribution network for dissemination. Learn more.      

FortiGuard Labs analyzes RondoDox, a stealthy new botnet targeting TBK DVRs and Four-Faith routers via CVE-2024-3721 and CVE-2024-12856. Learn how it evades detection, establishes persistence, and mimics gaming and VPN traffic to launch DDoS attacks.