New Threat Alert: FormBook is back — and it’s stealthier than ever.
@FortiGuardLabs has uncovered a new phishing campaign that spreads FormBook, a potent #infostealer malware targeting your credentials, screenshots, and more.
Lures victims with spoofed job applications
Designed to evade detection
Highly active in the wild
Don’t get caught off guard.
Dive into the full technical breakdown and see how to defend your org
https://www.fortinet.com/blog/threat-research/infostealer-malware-formbook-spread-via-phishing-campaign
shout-out to @xpzhang for their great research!
Connected to the WiFi at Work
- kolektiva.social: Accessible!
- kolektiva.media: Blocked!
Once again, the centralized machinery of “FortiGuard Intrusion Prevention” acts as the cyber-police, deciding which spaces of collective communication are permitted and which are suppressed, all in the name of “security.”
The means of digital communication, like the means of production, remain under the control of bureaucratic authorities, not the workers who actually use them.
It’s a reminder that even in the digital realm, access and association are mediated by top-down structures, not by free federation or mutual aid.
But collective action and solidarity, online and off, will always find cracks in the firewall.
Firewall Fortigate: Malas prácticas y cómo mitigarlas #fortinet #firewall #fortigate #redes
https://nosololinux.es/firewall-fortigate-malas-practicas-y-como-mitigarlas/
Researchers have released PoC for CVE-2025-32756, a severe security flaw, that is actively being exploited in Fortinet products like FortiMail and FortiCamera.
Read: https://hackread.com/researchers-poc-fortinet-cve-2025-32756-quick-patch/
Firewall FortiGate: Seguridad en túneles IPsec, VPN y LDAP #fortinet #auditorias #firewall #fortigate #redes
https://nosololinux.es/firewall-fortigate-seguridad-en-tuneles-ipsec-vpn-y-ldap/
Auditoría de Firewalls Fortigate – Parte 2: Revisión de Políticas y Objetos #fortinet #auditorias #firewall #fortigate #redes
https://nosololinux.es/auditoria-de-firewalls-fortigate-parte-2-revision-de-politicas-y-objetos/
Auditoría de Firewalls Fortigate – Parte 1: Revisión de Configuración a Nivel de Sistema #fortinet #auditorias #firewall #fortigate #redes
https://nosololinux.es/auditoria-de-firewalls-fortigate-parte-1-revision-de-configuracion-a-nivel-de-sistema/
CISA Adds One Known Exploited Vulnerability to Catalog https://www.cisa.gov/news-events/alerts/2025/05/14/cisa-adds-one-known-exploited-vulnerability-catalog
#Fortinet fixes critical zero-day exploited in #FortiVoice attacks
New Phishing Threat Alert: Horabot is Back — and Smarter Than Ever
FortiGuard Labs just uncovered a stealthy new variant of Horabot, a phishing campaign that's targeting businesses across the Americas with banking trojans, remote access tools, and email hijacking tactics.
Key Takeaways:
https://www.fortinet.com/blog/threat-research/horabot-unleashed-a-stealthy-phishing-threat
Firewall Fortigate: fundamentos y comandos CLI útiles #fortinet #uncategorized #comandos #firewall #fortigate #redes
https://nosololinux.es/firewall-fortigate-fundamentos-y-comandos-cli-utiles/
Reglas de bloqueo a servicios expuestos no autorizados en Fortigate #fortinet #firewall #fortigate #redes #seguridad_perimetral
https://nosololinux.es/reglas-de-bloqueo-a-servicios-expuestos-no-autorizados-en-fortigate/
While digging into some #Fortinet vulnerabilities, I discovered a set of CVEs that were rejected for being unused.
I'm wondering how this is actually helping vulnerability management. Does this mean those will be never used? or something else?
New Threat Alert: Rustobot Botnet
A new Rust-based botnet is making waves — and it's hijacking routers to do it. @FortiGuardLabs latest research dives into Rustobot, a stealthy, modular botnet that’s fast, evasive, and ready to wreak havoc.
Learn how it works, what makes it different, and how to protect your network:
https://www.fortinet.com/blog/threat-research/new-rust-botnet-rustobot-is-routed-via-routers
IOCs
URLs
hxxp://66[.]63[.]187[.]69/w.sh
hxxp://66[.]63[.]187[.]69/wget.sh
hxxp://66[.]63[.]187[.]69/t
hxxp://66[.]63[.]187[.]69/tftp.sh
hxxp://66[.]63[.]187[.]69/arm5
hxxp://66[.]63[.]187[.]69/arm6
hxxp://66[.]63[.]187[.]69/arm7
hxxp://66[.]63[.]187[.]69/mips
hxxp://66[.]63[.]187[.]69/mpsl
hxxp://66[.]63[.]187[.]69/x86
Hosts
dvrhelper[.]anondns[.]net
techsupport[.]anondns[.]net
rustbot[.]anondns[.]net
miraisucks[.]anondns[.]net
5[.]255[.]125[.]150
Edit: Shout-out to the author behind this research, @7olzu
LOL Fortinet
BleepingComputer: Over 16,000 Fortinet devices compromised with symlink backdoor
Hackers exploit Fortinet flaws to plant stealth backdoors on FortiGate devices, maintaining access even after patches.
Read: https://hackread.com/fortinet-fixe-attackers-bypass-patches-maintain-access/
#Fortinet: Hackers retain access to patched #FortiGate VPNs using symlinks