IngressNightmare: Understanding CVE‑2025‑1974 in Kubernetes Ingress-NGINX Kubernetes Ingress-NGINX控制器发现严重漏洞IngressNightmare（CVE-2025-1974等），允许攻击者通过网络访问admission webhook实现远程代码执行。受影响版本包括v1.11.0-4、v1.12.0及以下。修复建议包括升级至v1.12.1+或v1.11.5+、限制webhook访问、禁用未使用功能及强化服务账户权限。检测方法涉及监控异常行为和使用安全工具如Lacework FortiCNAPP及Fortinet产品。... 2025-4-23 15:0:0 | 阅读: 21 | 收藏 | Fortinet Threat Research Blog - feeds.fortinet.com ingress network kubernetes malicious

Infostealer Malware FormBook Spread via Phishing Campaign – Part I Fortinet发现一起网络钓鱼活动，通过伪装成销售订单的恶意Word文档传播Formbook恶意软件。该文档利用CVE-2017-11882漏洞执行恶意代码，并通过进程空洞技术将Formbook注入目标进程运行。... 2025-4-22 15:0:0 | 阅读: 7 | 收藏 | Fortinet Threat Research Blog - feeds.fortinet.com formbook rtf phishing decrypted equation

New Rust Botnet "RustoBot" is Routed via Routers FortiGuard Labs发现新的僵尸网络RustoBot通过TOTOLINK和DrayTek设备传播，利用CGI脚本漏洞远程控制设备并发起DDoS攻击，影响多个行业的技术领域。... 2025-4-21 15:0:0 | 阅读: 15 | 收藏 | Fortinet Threat Research Blog - feeds.fortinet.com totolink hxxp rustobot injection fortiguard

Malicious NPM Packages Targeting PayPal Users FortiGuard Labs发现一系列恶意NPM包利用PayPal相关名称窃取敏感信息，并通过预安装脚本收集系统数据发送至攻击者服务器。... 2025-4-11 13:0:0 | 阅读: 6 | 收藏 | Fortinet Threat Research Blog - feeds.fortinet.com tommyboy oauth2 malicious

RolandSkimmer: Silent Credit Card Thief Uncovered 文章描述了一种名为“RolandSkimmer”的高级信用卡网络钓鱼攻击活动。该活动通过恶意LNK文件传播，在Windows系统中运行并利用Chrome、Edge和Firefox浏览器扩展收集用户的敏感财务信息。攻击者使用混淆技术隐藏其恶意行为，并通过持续的数据收集和隐蔽的数据传输机制实现长期控制和数据窃取。... 2025-4-2 16:30:0 | 阅读: 4 | 收藏 | Fortinet Threat Research Blog - feeds.fortinet.com malicious victim attacker fortiguard site1

Real-Time Anti-Phishing: Essential Defense Against Evolving Cyber Threats 文章指出网络钓鱼仍是全球主要网络安全威胁之一，涉及财务损失、数据泄露等风险。随着AI技术的应用，钓鱼攻击更具欺骗性且目标广泛。实时反钓鱼解决方案结合AI和机器学习可有效识别未知威胁。加强员工安全意识也是防御关键。... 2025-3-20 13:0:0 | 阅读: 27 | 收藏 | Fortinet Threat Research Blog - feeds.fortinet.com phishing fortiguard rtap machine threats

Fortinet Identifies Malicious Packages in the Wild: Insights and Trends from November 2024 Onward FortiGuard Labs分析了2024年11月以来的恶意软件包，发现攻击者利用低文件数、可疑安装脚本、无仓库URL等多种技术来规避检测并利用系统漏洞。报告指出这些威胁可能引发数据窃取、远程控制等风险，并提供了防御建议及检测工具支持。... 2025-3-10 13:0:0 | 阅读: 8 | 收藏 | Fortinet Threat Research Blog - feeds.fortinet.com malicious python amzn seller attacker

Havoc: SharePoint with Microsoft Graph API turns into FUD C2 文章描述了一起利用钓鱼邮件和多阶段恶意软件传播的网络攻击活动，攻击者通过伪装错误提示诱导用户执行恶意PowerShell命令，最终部署修改后的Havoc框架以控制目标系统。攻击者利用微软Graph API隐藏C2通信，并结合SharePoint网站进行恶意活动。FortiGuard实验室提供了相关检测和防护措施。... 2025-3-3 14:0:0 | 阅读: 16 | 收藏 | Fortinet Threat Research Blog - feeds.fortinet.com havoc c2 powershell demon python

Winos 4.0 Spreads via Impersonation of Official Email to Target Users in Taiwan 2025年1月，Winos4.0恶意软件通过伪装成台湾税务总局的钓鱼邮件攻击台湾公司。该软件利用多阶段加载机制，从C2服务器获取模块并执行多种恶意行为，包括持久化、绕过UAC、收集信息和键盘记录等。FortiGuard实验室已检测并提供防护措施。... 2025-2-27 14:0:0 | 阅读: 23 | 收藏 | Fortinet Threat Research Blog - feeds.fortinet.com shellcode cos guangzhou myqcloud 360sdgg

FortiSandbox 5.0 Detects Evolving Snake Keylogger Variant FortiGuard Labs检测到新的Snake Keylogger变种AutoIt/Injector.GTY!tr，该恶意软件通过钓鱼邮件传播，记录键盘输入窃取浏览器敏感信息，并通过SMTP和Telegram外传数据。已影响中国、土耳其等地区。... 2025-2-18 14:0:0 | 阅读: 18 | 收藏 | Fortinet Threat Research Blog - feeds.fortinet.com snake analysis fsav5 malicious ageless

Ransomware Roundup – Lynx 文章介绍了Lynx勒索软件的特点及其对Windows系统的威胁。该勒索软件通过加密文件并索要赎金进行攻击，并具备多种加密模式和规避策略。文章还提到其数据泄露网站及受害者分布情况，并强调Fortinet的安全解决方案可有效防御此类威胁。... 2025-2-14 14:0:0 | 阅读: 23 | 收藏 | Fortinet Threat Research Blog - feeds.fortinet.com ransomware lynx fortiguard windows phishing

Analyzing ELF/Sshdinjector.A!tr with a Human and Artificial Analyst Affected Platform: LinuxImpacted Users: Linux-ba... 2025-2-4 14:0:0 | 阅读: 9 | 收藏 | Fortinet Threat Research Blog - feeds.fortinet.com r2ai radare2 malicious reverse

Coyote Banking Trojan: A Stealthy Attack via LNK Files Affected Platforms: Microsoft WindowsImpacted Us... 2025-1-30 14:0:0 | 阅读: 15 | 收藏 | Fortinet Threat Research Blog - feeds.fortinet.com hxxps geontrigame d6 6a

Deep Dive Into a Linux Rootkit Malware Affected platforms: CentOS LinuxImpacted parties... 2025-1-13 14:0:0 | 阅读: 17 | 收藏 | Fortinet Threat Research Blog - feeds.fortinet.com sysinitd attacker abrtinfo analysis procfs

Phish-free PayPal Phishing As a CISO, I am always on high alert for phishing attempts, and this recent example immed... 2025-1-8 14:0:0 | 阅读: 5 | 收藏 | Fortinet Threat Research Blog - feeds.fortinet.com onmicrosoft phishing genuine victim

Catching "EC2 Grouper"- no indicators required! Through the years of analyzing identity compromises in the cloud, we’ve seen the same attackers p... 2024-12-30 16:0:0 | 阅读: 15 | 收藏 | Fortinet Threat Research Blog - feeds.fortinet.com cloud ec2 grouper security groupname

Botnets Continue to Target Aging D-Link Vulnerabilities Affected Platforms: D-Link DIR-645 Wired/Wireless... 2024-12-26 16:45:54 | 阅读: 27 | 收藏 | Fortinet Threat Research Blog - feeds.fortinet.com hxxp yakuza ficora capsaicin abuser

Analyzing Malicious Intent in Python Code: A Case Study Affected platforms: All platforms where PyPI pack... 2024-12-23 18:0:0 | 阅读: 21 | 收藏 | Fortinet Threat Research Blog - feeds.fortinet.com malicious security python webhook remote

Fortinet Contributes to Major Cybercrime Operation Arrests Earlier this week, the International Criminal Police Organization (INTERPOL) and the African Unio... 2024-12-3 22:0:0 | 阅读: 21 | 收藏 | Fortinet Threat Research Blog - feeds.fortinet.com atlas interpol disrupting serengeti

SmokeLoader Attack Targets Companies in Taiwan Affected Platforms: Microsoft WindowsImpacted Users: Microsoft WindowsImpact: The st... 2024-12-2 22:0:0 | 阅读: 22 | 收藏 | Fortinet Threat Research Blog - feeds.fortinet.com smokeloader c2 microsoft thunderbird injection