News • Insights • Analysis
FortiGuard Labs recently uncovered an active delivery site that hosts a weaponized HTA script and silently drops the infostealer “NordDragonScan” into victims’ environments. Once installed, NordDragonScan examines the host and copies documents, harvests entire Chrome and Firefox profiles, and takes Read More …
Attackers are increasingly exploiting Windows shortcut (LNK) files for malware delivery. Palo Alto Unit 42 telemetry revealed 21,098 malicious LNK samples in 2023, which surged to 68,392 in 2024. In this article, Unit 42 researchers present an in-depth investigation of Read More …
A new version of popular social engineering tool ClickFix has been developed, potentially putting Windows users at risk. A cybersecurity researcher who goes by the name mr. dox has developed a new version of ClickFix, a browser-based attack often disguised Read More …
This article provides a comprehensive analysis of two new variants of the KimJongRAT stealer. Palo Alto Unit 42 combine new research findings with existing knowledge to provide a comprehensive resource for understanding and combating these new KimJongRAT variants. The KimJongRAT Read More …
The first quarter of 2025, like previous ones, demonstrates a significant number of newly documented vulnerabilities. The trend largely mirrors previous years, so we will focus on new data that can be collected for the most popular platforms. This report Read More …
Broadcom has released a security advisory addressing a high severity vulnerability in VMware Tools for Windows. VMware Tools is a suite of utilities that enhances the performance of VMware virtual machines and provides extra functionality. CVE-2025-22230 is an authentication bypass Read More …
Microsoft is addressing 57 vulnerabilities this March 2025 Patch Tuesday, which is a similar volume to last month. However, Microsoft has evidence of in-the-wild exploitation for as many as six of the vulnerabilities published today, and CISA KEV already lists Read More …
Cisco has released a security advisory to address a vulnerability in its Secure Client for Windows. Secure Client is Cisco’s endpoint virtual private network (VPN) solution. CVE-2025-20206 has a CVSSv3 score of 7.1 and if exploited could allow an authenticated, Read More …
In January 2025, FortiGuard Labs observed an attack that used Winos4.0, an advanced malware framework actively used in recent threat campaigns, to target companies in Taiwan. According to a report released in November 2024, Winos4.0 was distributed through gaming-related applications, Read More …
Windows group policies are a powerful management tool that allows administrators to define and control user and computer settings within a domain environment in a centralized manner. While group policies offer functionality and utility, they are unfortunately a prime target Read More …
