Fortinet Threat Research

ShadowV2, a new Mirai-based botnet targeting IoT devices, surfaced during the recent AWS outage. FortiGuard Labs examines its propagation, DDoS capabilities, and global footprint.      

Cybercriminal activity is surging ahead of the 2025 holiday season. Deceptive domains, stolen accounts, and e-commerce attacks are accelerating. Here’s what leaders need to know.      

FortiGuard Labs analyzes TruffleNet, a large-scale campaign abusing AWS SES with stolen credentials and linked to Business Email Compromise (BEC).      

FortiGuard IR analysis of H1 2025 shows financially motivated actors increasingly abusing valid accounts and legitimate remote access tools to bypass detection, emphasizing the need for identity-centric defenses.      

FortiGuard Labs has tracked a hacker group expanding attacks from Mainland China to Malaysia, linking campaigns through shared code, infrastructure, and tactics.      

A new Stealit campaign uses Node.js Single Executable Application (SEA) to deliver obfuscated malware. FortiGuard Labs details tactics and defenses. Learn more.      

FortiGuard Labs details Chaos-C++, a ransomware variant using destructive encryption and clipboard hijacking to amplify damage and theft. Read more.      

FortiGuard Labs has uncovered a shift in the tactics of threat actor Confucius, from stealers to Python backdoors, highlighting advanced techniques used in South Asian cyber espionage. Read more.      

A phishing campaign in Ukraine uses malicious SVG files to drop Amatera Stealer and PureMiner, enabling data theft and cryptomining. Learn more.      

FortiGuard Labs uncovered an SEO poisoning campaign targeting Chinese users with fake software sites delivering Hiddengh0st and Winos malware.