Fortiguard Labs
Latest Reports
Threat Signal Report
n8n Unauthenticated Remote Code Execution
Jan 08, 2026CVE-2026-21858 arises from a Content-Type confusion flaw in n8n’s webhook and form handling logic. Specifically, certain form-based workflows do not adequately validate or enforce multipart form...
Threat Signal Report
MongoBleed Unauthenticated Memory Leak
Dec 29, 2025A critical vulnerability in MongoDB Server’s handling of zlib-compressed network traffic allows a fully unauthenticated remote attacker to read uninitialized heap memory and leak sensitive data...
Outbreak Alert
Cisco ASA and FTD Firewall RCE
Dec 18, 2025Critical zero-day vulnerabilities affecting Cisco Secure Firewall Adaptive Security Appliance (ASA) and Cisco Secure Firewall Threat Defense (FTD) software have been actively exploited in the...
Threat Signal Report
Cisco AsyncOS Zero-day
Dec 18, 2025Cisco has confirmed the active exploitation of a critical zero-day vulnerability in AsyncOS, tracked as CVE-2025-20393, affecting Cisco Secure Email Gateway (SEG) and Secure Email and Web Manager...
Threat Signal Report
Gladinet CentreStack & Triofox Insecure Cryptography Vulnerability
Dec 16, 2025CVE-2025-14611 is a high-severity insecure cryptography vulnerability affecting Gladinet CentreStack and Triofox products prior to version 16.12.10420.56791. The flaw stems from hardcoded AES...
Threat Research Blog
Uncovering Hidden Forensic Evidence in Windows: The Mystery of AutoLogger-Diagtrack-Listener.etl
Dec 09, 2025FortiGuard IR uncovers forensic insights in Windows AutoLogger-Diagtrack-Listener.etl, a telemetry artefact with untapped investigative value.
Outbreak Alert
React2Shell Remote Code Execution
Dec 05, 2025React2Shell is a critical unauthenticated remote code execution (RCE) vulnerability affecting React Server Components (RSC) and frameworks that implement the Flight protocol, including specific...
Threat Research Blog
UDPGangster Campaigns Target Multiple Countries
Dec 04, 2025FortiGuard Labs uncovers UDPGangster campaigns linked to MuddyWater, using macro-laden phishing lures, evasion techniques, and UDP backdoors to target multiple countries
Threat Research Blog
New eBPF Filters for Symbiote and BPFdoor Malware
Dec 02, 2025FortiGuard Labs discovered new Symbiote and BPFDoor variants exploiting eBPF filters to enhance stealth through IPv6 support, UDP traffic, and dynamic port hopping for covert C2 communication.
Outbreak Alert
UNC1549 Critical Infrastructure Espionage Attack
Dec 02, 2025A suspected Iran-linked espionage group tracked as UNC1549 is actively targeting aerospace, defense, and telecommunications organizations across Europe and other regions. The threat actor employs...
Threat Research Blog
ShadowV2 Casts a Shadow Over IoT Devices | FortiGuard Lab
Nov 26, 2025ShadowV2, a new Mirai-based botnet targeting IoT devices, surfaced during the recent AWS outage. FortiGuard Labs examines its propagation, DDoS capabilities, and global footprint.
Threat Research Blog
Cyberthreats Targeting the 2025 Holiday Season: What CISOs Need to Know
Nov 25, 2025Cybercriminal activity is surging ahead of the 2025 holiday season. Deceptive domains, stolen accounts, and e-commerce attacks are accelerating. Here’s what leaders need to know.
Threat Signal Report
Oracle Identity Manager Pre-Auth RCE
Nov 25, 2025CVE-2025-61757 is a critical pre-authentication remote code execution vulnerability in Oracle Identity Manager’s REST WebServices. This vulnerability allows an unauthenticated attacker to exploit...
Threat Signal Report
npm (Shai-Hulud) Supply Chain Attack
Nov 25, 2025On November 24, 2025, Shai Hulud launches a second supply-chain attack, compromising Zapier, ENS, AsyncAPI, PostHog, and Postman, along with over 25,000 affected repositories across ~350 unique...
Outbreak Alert
Akira Ransomware
Nov 13, 2025FortiGuard Labs continue to observe detections in the wild related to the Akira ransomware group. According to the new report by CISA it has targeted over 250 organizations since the past year,...
Threat Signal Report
EDR-Freeze Bypass Technique
Nov 12, 2025EDR‑Freeze is a proof‑of‑concept technique that leverages legitimate Windows Error Reporting (WER) components to suspend (place into a ‘frozen’ state) endpoint protection processes from user mode....
Threat Signal Report
runC Container Escape Vulnerabilities
Nov 06, 2025High-severity vulnerabilities in runc (CVE-2025-31133, CVE-2025-52565, CVE-2025-52881) were disclosed in early November 2025. A malicious or compromised container image can abuse how runc handles...
Threat Signal Report
WatchGuard Fireware OS IKEv2 Out-of-Bounds Vulnerability
Nov 05, 2025A critical Out-of-Bounds Write vulnerability (CVE-2025-9242) exists in the WatchGuard Fireware OS iked process, which handles IKEv2 VPN connections. The flaw allows a remote, unauthenticated...
Threat Signal Report
n8n Unauthenticated Remote Code Execution
Jan 08, 2026CVE-2026-21858 arises from a Content-Type confusion flaw in n8n’s webhook and form handling logic. Specifically, certain form-based workflows do not adequately validate or enforce multipart form...
Threat Signal Report
MongoBleed Unauthenticated Memory Leak
Dec 29, 2025A critical vulnerability in MongoDB Server’s handling of zlib-compressed network traffic allows a fully unauthenticated remote attacker to read uninitialized heap memory and leak sensitive data...
Outbreak Alert
Cisco ASA and FTD Firewall RCE
Dec 18, 2025Critical zero-day vulnerabilities affecting Cisco Secure Firewall Adaptive Security Appliance (ASA) and Cisco Secure Firewall Threat Defense (FTD) software have been actively exploited in the...
Threat Signal Report
Cisco AsyncOS Zero-day
Dec 18, 2025Cisco has confirmed the active exploitation of a critical zero-day vulnerability in AsyncOS, tracked as CVE-2025-20393, affecting Cisco Secure Email Gateway (SEG) and Secure Email and Web Manager...
Threat Signal Report
Gladinet CentreStack & Triofox Insecure Cryptography Vulnerability
Dec 16, 2025CVE-2025-14611 is a high-severity insecure cryptography vulnerability affecting Gladinet CentreStack and Triofox products prior to version 16.12.10420.56791. The flaw stems from hardcoded AES...
Threat Research Blog
Uncovering Hidden Forensic Evidence in Windows: The Mystery of AutoLogger-Diagtrack-Listener.etl
Dec 09, 2025FortiGuard IR uncovers forensic insights in Windows AutoLogger-Diagtrack-Listener.etl, a telemetry artefact with untapped investigative value.
Outbreak Alert
React2Shell Remote Code Execution
Dec 05, 2025React2Shell is a critical unauthenticated remote code execution (RCE) vulnerability affecting React Server Components (RSC) and frameworks that implement the Flight protocol, including specific...
Threat Research Blog
UDPGangster Campaigns Target Multiple Countries
Dec 04, 2025FortiGuard Labs uncovers UDPGangster campaigns linked to MuddyWater, using macro-laden phishing lures, evasion techniques, and UDP backdoors to target multiple countries
Threat Research Blog
New eBPF Filters for Symbiote and BPFdoor Malware
Dec 02, 2025FortiGuard Labs discovered new Symbiote and BPFDoor variants exploiting eBPF filters to enhance stealth through IPv6 support, UDP traffic, and dynamic port hopping for covert C2 communication.
Outbreak Alert
UNC1549 Critical Infrastructure Espionage Attack
Dec 02, 2025A suspected Iran-linked espionage group tracked as UNC1549 is actively targeting aerospace, defense, and telecommunications organizations across Europe and other regions. The threat actor employs...
Threat Research Blog
ShadowV2 Casts a Shadow Over IoT Devices | FortiGuard Lab
Nov 26, 2025ShadowV2, a new Mirai-based botnet targeting IoT devices, surfaced during the recent AWS outage. FortiGuard Labs examines its propagation, DDoS capabilities, and global footprint.
Threat Research Blog
Cyberthreats Targeting the 2025 Holiday Season: What CISOs Need to Know
Nov 25, 2025Cybercriminal activity is surging ahead of the 2025 holiday season. Deceptive domains, stolen accounts, and e-commerce attacks are accelerating. Here’s what leaders need to know.
Threat Signal Report
Oracle Identity Manager Pre-Auth RCE
Nov 25, 2025CVE-2025-61757 is a critical pre-authentication remote code execution vulnerability in Oracle Identity Manager’s REST WebServices. This vulnerability allows an unauthenticated attacker to exploit...
Threat Signal Report
npm (Shai-Hulud) Supply Chain Attack
Nov 25, 2025On November 24, 2025, Shai Hulud launches a second supply-chain attack, compromising Zapier, ENS, AsyncAPI, PostHog, and Postman, along with over 25,000 affected repositories across ~350 unique...
Outbreak Alert
Akira Ransomware
Nov 13, 2025FortiGuard Labs continue to observe detections in the wild related to the Akira ransomware group. According to the new report by CISA it has targeted over 250 organizations since the past year,...
Threat Signal Report
EDR-Freeze Bypass Technique
Nov 12, 2025EDR‑Freeze is a proof‑of‑concept technique that leverages legitimate Windows Error Reporting (WER) components to suspend (place into a ‘frozen’ state) endpoint protection processes from user mode....
Threat Signal Report
runC Container Escape Vulnerabilities
Nov 06, 2025High-severity vulnerabilities in runc (CVE-2025-31133, CVE-2025-52565, CVE-2025-52881) were disclosed in early November 2025. A malicious or compromised container image can abuse how runc handles...
Threat Signal Report
WatchGuard Fireware OS IKEv2 Out-of-Bounds Vulnerability
Nov 05, 2025A critical Out-of-Bounds Write vulnerability (CVE-2025-9242) exists in the WatchGuard Fireware OS iked process, which handles IKEv2 VPN connections. The flaw allows a remote, unauthenticated...
Threat Signal Report
n8n Unauthenticated Remote Code Execution
Jan 08, 2026CVE-2026-21858 arises from a Content-Type confusion flaw in n8n’s webhook and form handling logic. Specifically, certain form-based workflows do not adequately validate or enforce multipart form...
Threat Signal Report
MongoBleed Unauthenticated Memory Leak
Dec 29, 2025A critical vulnerability in MongoDB Server’s handling of zlib-compressed network traffic allows a fully unauthenticated remote attacker to read uninitialized heap memory and leak sensitive data...
Outbreak Alert
Cisco ASA and FTD Firewall RCE
Dec 18, 2025Critical zero-day vulnerabilities affecting Cisco Secure Firewall Adaptive Security Appliance (ASA) and Cisco Secure Firewall Threat Defense (FTD) software have been actively exploited in the...
Threat Signal Report
Cisco AsyncOS Zero-day
Dec 18, 2025Cisco has confirmed the active exploitation of a critical zero-day vulnerability in AsyncOS, tracked as CVE-2025-20393, affecting Cisco Secure Email Gateway (SEG) and Secure Email and Web Manager...
Threat Signal Report
Gladinet CentreStack & Triofox Insecure Cryptography Vulnerability
Dec 16, 2025CVE-2025-14611 is a high-severity insecure cryptography vulnerability affecting Gladinet CentreStack and Triofox products prior to version 16.12.10420.56791. The flaw stems from hardcoded AES...
Threat Research Blog
Uncovering Hidden Forensic Evidence in Windows: The Mystery of AutoLogger-Diagtrack-Listener.etl
Dec 09, 2025FortiGuard IR uncovers forensic insights in Windows AutoLogger-Diagtrack-Listener.etl, a telemetry artefact with untapped investigative value.
Outbreak Alert
React2Shell Remote Code Execution
Dec 05, 2025React2Shell is a critical unauthenticated remote code execution (RCE) vulnerability affecting React Server Components (RSC) and frameworks that implement the Flight protocol, including specific...
Threat Research Blog
UDPGangster Campaigns Target Multiple Countries
Dec 04, 2025FortiGuard Labs uncovers UDPGangster campaigns linked to MuddyWater, using macro-laden phishing lures, evasion techniques, and UDP backdoors to target multiple countries
Threat Research Blog
New eBPF Filters for Symbiote and BPFdoor Malware
Dec 02, 2025FortiGuard Labs discovered new Symbiote and BPFDoor variants exploiting eBPF filters to enhance stealth through IPv6 support, UDP traffic, and dynamic port hopping for covert C2 communication.
Outbreak Alert
UNC1549 Critical Infrastructure Espionage Attack
Dec 02, 2025A suspected Iran-linked espionage group tracked as UNC1549 is actively targeting aerospace, defense, and telecommunications organizations across Europe and other regions. The threat actor employs...
Threat Research Blog
ShadowV2 Casts a Shadow Over IoT Devices | FortiGuard Lab
Nov 26, 2025ShadowV2, a new Mirai-based botnet targeting IoT devices, surfaced during the recent AWS outage. FortiGuard Labs examines its propagation, DDoS capabilities, and global footprint.
Threat Research Blog
Cyberthreats Targeting the 2025 Holiday Season: What CISOs Need to Know
Nov 25, 2025Cybercriminal activity is surging ahead of the 2025 holiday season. Deceptive domains, stolen accounts, and e-commerce attacks are accelerating. Here’s what leaders need to know.
Threat Signal Report
Oracle Identity Manager Pre-Auth RCE
Nov 25, 2025CVE-2025-61757 is a critical pre-authentication remote code execution vulnerability in Oracle Identity Manager’s REST WebServices. This vulnerability allows an unauthenticated attacker to exploit...
Threat Signal Report
npm (Shai-Hulud) Supply Chain Attack
Nov 25, 2025On November 24, 2025, Shai Hulud launches a second supply-chain attack, compromising Zapier, ENS, AsyncAPI, PostHog, and Postman, along with over 25,000 affected repositories across ~350 unique...
Outbreak Alert
Akira Ransomware
Nov 13, 2025FortiGuard Labs continue to observe detections in the wild related to the Akira ransomware group. According to the new report by CISA it has targeted over 250 organizations since the past year,...
Threat Signal Report
EDR-Freeze Bypass Technique
Nov 12, 2025EDR‑Freeze is a proof‑of‑concept technique that leverages legitimate Windows Error Reporting (WER) components to suspend (place into a ‘frozen’ state) endpoint protection processes from user mode....
Threat Signal Report
runC Container Escape Vulnerabilities
Nov 06, 2025High-severity vulnerabilities in runc (CVE-2025-31133, CVE-2025-52565, CVE-2025-52881) were disclosed in early November 2025. A malicious or compromised container image can abuse how runc handles...
Threat Signal Report
WatchGuard Fireware OS IKEv2 Out-of-Bounds Vulnerability
Nov 05, 2025A critical Out-of-Bounds Write vulnerability (CVE-2025-9242) exists in the WatchGuard Fireware OS iked process, which handles IKEv2 VPN connections. The flaw allows a remote, unauthenticated...
Services
-
Network -
Cloud and Web Application -
Files and Endpoint -
Security Operations
Select one for more details:
-
Anti-recon and Exploit
-
Botnet Domain Reputation DB
-
Data Loss Prevention
-
Indicators of Compromise
-
Intrusion Protection
-
IP Reputation/Anti-Botnet
-
Internet Services
-
Secure DNS
-
Application Control
-
Web Application Security (FADC)
-
Client Application Firewall
-
Web Application Security (FWB)
-
OT Threat
-
IoT Device Detection
-
Web Filtering
-
Cloud Access Security
