PureLogs: Delivery via PawsRunner Steganography
FortiGuard Labs has analyzed a steganography-based malware campaign that uses PawsRunner to deliver the PureLogs infostealer, highlighting evolving delivery ...
Fortinet Blog
11 articles
Tracking Mirai Variant Nexcorium: A Vulnerability-Driven IoT Botnet Campaign
TBK DVRs targeted by Nexcorium: exploiting, persisting, brute-force attacks, and multi-architecture Mirai-style DDoS in a single campaign. From CVE-2024-3721...
DPRK-Related Campaigns with LNK and GitHub C2
Analysis of DPRK-linked LNK-based attacks using GitHub as covert C2 infrastructure, detailing multi-stage PowerShell execution, persistence mechanisms, and d...
Cyber Fallout After the Strikes: Signal, Noise, and What Comes Next
Following U.S.
Unmasking Agent Tesla: A Deep Dive into a Multi-Stage Campaign
FortiGuard Labs provides a technical breakdown of a multi-stage Agent Tesla campaign, from phishing and encrypted scripts to in-memory execution, process hol...
Massive Winos 4.0 Campaigns Target Taiwan
FortiGuard Labs analyzes Winos 4.
Deep Dive into New XWorm Campaign Utilizing Multiple-Themed Phishing Emails
FortiGuard Labs details a new XWorm RAT campaign using multi-language phishing emails, Excel exploits (CVE-2018-0802), HTA execution, and fileless .
Interlock Ransomware: New Techniques, Same Old Tricks
An in-depth analysis of an Interlock ransomware intrusion, detailing new malware tooling, defense evasion techniques, and high-ROI detection strategies.
Unveiling the Weaponized Web Shell EncystPHP
FortiGuard Labs analyzes EncystPHP, a stealthy web shell exploiting CVE-2025-64328 in FreePBX environments to enable remote command execution, persistence, a...
Inside a Multi-Stage Windows Malware Campaign
FortiGuard Labs analysis of a multi-stage Windows malware campaign that abuses trusted platforms to disable defenses, deploy RATs, and deliver ransomware.
New Remcos Campaign Distributed Through Fake Shipping Document
FortiGuard Labs analyzes a phishing campaign delivering a fileless Remcos RAT via malicious Word templates, CVE-2017-11882 exploitation, and in-memory execut...