🕵️‍♂️ 📁 New infostealer alert: NordDragonScan. We uncovered an active campaign using a weaponized HTA script to silently drop NordDragonScan into victim environments that copies and harvests sensitive documents and browser profiles. 🔎 Read our full threat analysis:

⚠️ A new botnet threat is on the rise. Our researchers have uncovered #RondoDox, a stealthy #malware campaign that mimics gaming and VPN traffic to evade detection—while maintaining persistent access to compromised systems. 📖 Read the full analysis and protection guidance:

🎣 📧 Our #FortiMail IR team uncovered a new #phishing campaign targeting organizations in Colombia—disguised as official government communication. The attack leverages DCRAT, a Remote Access Trojan, using:. 🎭 Government impersonation.🧬 Steganography & obfuscation.📁

🥷 This stealthy #Havoc variant shows how far attackers will go to stay hidden inside critical infrastructure. Our researchers analyzed a malicious Havoc sample used in a long-term intrusion targeting Middle East CNI—injecting into cmd.exe via a disguised conhost.exe, and

🎣 📩 This new #phishing campaign will make you think twice before opening that tax email…. Our team uncovered evolving malware activity targeting Microsoft Windows users in Taiwan—including Winos 4.0—disguised as tax-related emails. The goal? Steal data for future attacks.

📂 One outdated Office app. One click. Full device compromise. Our team just uncovered a phishing campaign exploiting CVE-2017-0199 to drop FormBook #malware via Excel files—stealing credentials, keystrokes, and more. Details + IOCs: ←

🛑 📩 New #ransomware threat: VanHelsing. This #RansomwareRoundup highlights a high-severity variant targeting Microsoft Windows systems with file encryption, ransom demands, and public data leaks. 🔗 Read the full breakdown: ←

🎣 📩 #Phishing, persistence, and payloads—Horabot hits hard across Latin America. We recently observed a surge in Horabot malware campaigns, delivered via fake Spanish-language invoice emails targeting Spanish-speaking users. Full breakdown: 🔍

🚨 Just in: Our #FortiMail IR team uncovered a sophisticated RATty #malware campaign targeting Spain, Italy, and Portugal—bypassing filters with SPF evasion, geofencing, and abused file-sharing platforms. Read the full breakdown and defense steps: 👈

Cybercrime is evolving—your security needs to keep up the pace. 🔐 . ICYMI: Our 2025 Threat Landscape Report reveals how automation, #AI, and Crime-as-a-Service are accelerating attacks and shrinking the response window. Get the key insights:

RT @Fortinet: Derek Manky, VP, Global Threat Intelligence, joined us at #RSAC today to discuss our 2025 Global Threat Landscape Report, rev….

RT @happygeek: It's just another manic #Tuesday, oh wait. By me @Forbes: The rise and rise of infostealer malware. #kudos @FortiGuardLabs….

Experts are calling it 'IngressNightmare' for a reason. ⚠️. Researchers discovered "IngressNightmare" (including CVE-2025-1974) in Ingress-NGINX, potentially allowing attackers to gain full control of your systems. This blog from FG Labs breaks down the vulnerabilities, shows our

It's that time again! Our 2025 Global Threat Landscape Report is here, revealing a new reality—cybercrime has industrialized into a fast, automated, and scalable machine that exploits vulnerabilities before defenders can respond, demanding a shift to proactive exposure

🚨 A newly disclosed RCE vulnerability in Kubernetes Ingress-NGINX, "IngressNightmare" is putting containerized environments at serious risk of exploit—making tools like #FortiCNAPP essential for robust security. 🔗 Full breakdown and mitigation steps:

Deep dive into a new Formbook campaign! 🕵️‍♂️. We're tracking a sophisticated attack where malicious Word docs exploit CVE-2017-11882 to drop a fileless Formbook variant. Our first round of analysis covers the initial email, the exploit, the DLL downloader, and the process hollowing

⚠️ Our #FortiGuardLabs' researchers have discovered #RustoBot—a Rust-based #malware targeting TOTOLINK devices via known command injection flaws. This variant marks a shift in tactics, exploiting CVEs for remote code execution. Learn more: 👈

🔎 Our Annual 2024 Outbreak Alerts Report is here, and it's packed with critical insights!. Learn how #FortiGuardLabs processed and blocked trillions of attack attempts and billions of #malware deliveries across its global footprint. 📊

🚨 Our #FortiGuardLabs team has uncovered a wave of malicious NPM packages. 👉 Published under the names tommyboy_h1 and tommyboy_h2, these packages use PayPal-themed names to appear legitimate while secretly exfiltrating sensitive system data.