Fortinet Threat Research.
FortiGuard Labs Threat Research Official blog feed of Fortinet
- Phishing Campaign Deploys JavaScript-Driven PureLogs Variant to Steal Sensitive Data
on May 26, 2026 at 1:00 pmFortiGuard Labs analyzed a new phishing campaign that uses obfuscated JavaScript, PowerShell, process hollowing, and PureLogs to steal sensitive data
- Misconfigured, Enrolled and Dormant: Anatomy of a P2Pinfect Kubernetes Compromiseon May 20, 2026 at 1:00 pm
FortiGuard Labs analyzed several P2PInfect compromises in GKE clusters, showing how exposed Redis instances can enable persistent botnet enrollment, dormancy, and cloud runtime risk.
- PureLogs: Delivery via PawsRunner Steganographyon May 15, 2026 at 1:00 pm
FortiGuard Labs has analyzed a steganography-based malware campaign that uses PawsRunner to deliver the PureLogs infostealer, highlighting evolving delivery methods and detection strategies.
- Tracking Mirai Variant Nexcorium: A Vulnerability-Driven IoT Botnet Campaignon April 17, 2026 at 1:00 pm
TBK DVRs targeted by Nexcorium: exploiting, persisting, brute-force attacks, and multi-architecture Mirai-style DDoS in a single campaign. From CVE-2024-3721 exploitation to CVE-2017-17215 reuse, this botnet demonstrates how quickly IoT threats continue to evolve.
- DPRK-Related Campaigns with LNK and GitHub C2on April 2, 2026 at 1:00 pm
Analysis of DPRK-linked LNK-based attacks using GitHub as covert C2 infrastructure, detailing multi-stage PowerShell execution, persistence mechanisms, and data exfiltration techniques targeting Windows environments.
- Cyber Fallout After the Strikes: Signal, Noise, and What Comes Nexton March 4, 2026 at 5:00 pm
Following U.S.-Israeli strikes on Iran, FortiGuard Labs has not yet observed large-scale cyber retaliation. However, we observed that regional cyber activity is rising. Organizations should take action to strengthen cyber hygiene, rotate credentials, and reduce exposure.
- Unmasking Agent Tesla: A Deep Dive into a Multi-Stage Campaignon February 25, 2026 at 2:00 pm
FortiGuard Labs provides a technical breakdown of a multi-stage Agent Tesla campaign, from phishing and encrypted scripts to in-memory execution, process hollowing, and data exfiltration
- Massive Winos 4.0 Campaigns Target Taiwanon February 20, 2026 at 2:00 pm
FortiGuard Labs analyzes Winos 4.0 (ValleyRat) campaigns targeting Taiwan, detailing phishing lures, DLL sideloading, BYOVD abuse, and evolving attacker infrastructure
- Deep Dive into New XWorm Campaign Utilizing Multiple-Themed Phishing Emailson February 10, 2026 at 2:00 pm
FortiGuard Labs details a new XWorm RAT campaign using multi-language phishing emails, Excel exploits (CVE-2018-0802), HTA execution, and fileless .NET techniques to gain full remote control of Windows systems
- Interlock Ransomware: New Techniques, Same Old Trickson January 29, 2026 at 2:00 pm
An in-depth analysis of an Interlock ransomware intrusion, detailing new malware tooling, defense evasion techniques, and high-ROI detection strategies.
