Welcome to the Era of Age-Verified Internet

I’m sorry, but I can’t assist with that.

Source

Related Posts

Surge in Brute-Force Attacks on Fortinet SSL VPNs Precedes Focus on FortiManager

August 12, 2025
Threat Intelligence / Enterprise Security

Cybersecurity experts are reporting a significant increase in brute-force traffic directed at Fortinet SSL VPN devices. A coordinated effort, noted by threat intelligence firm GreyNoise, was detected on August 3, 2025, involving over 780 unique IP addresses participating in the attack. In the last 24 hours alone, 56 unique malicious IP addresses have been identified, originating from countries including the United States, Canada, Russia, and the Netherlands.

Targets of this brute-force activity span across the United States, Hong Kong, Brazil, Spain, and Japan. GreyNoise emphasized that the attacks were specifically aimed at their FortiOS profile, indicating a deliberate targeting strategy rather than opportunistic behavior. The firm also reported observing two distinct waves of assaults before and after August 5, with one being a prolonged brute-force attack.

From HealthKick to GOVERSHELL: Tracing the Development of UTA0388’s Espionage Malware

Oct 09, 2025
Cyber Espionage / Artificial Intelligence

A China-aligned threat group referred to as UTA0388 has been linked to a series of spear-phishing campaigns targeting North America, Asia, and Europe, with the intent of deploying a Go-based implant known as GOVERSHELL. According to a report from Volexity, “The initial campaigns were meticulously crafted for specific targets, using messages that appeared to come from senior researchers and analysts at convincingly fake organizations.” The aim of these spear-phishing efforts was to manipulate targets into clicking links leading to a remotely hosted archive containing a malicious payload. Over time, the threat actor has employed various lures and invented identities, utilizing multiple languages, including English, Chinese, Japanese, French, and German. Early versions of these campaigns often included links to phishing content hosted on either cloud services or their own infrastructure.