- Services
- Products
- Compliance
- Markets
- Insights
- About
Threat Intel Update
Cyber threats are increasingly targeting core trust layers, from firewalls like FortiGate to widely used SaaS and collaboration tools. Attackers are scaling access through credential theft, OAuth abuse, and malware-as-a-service, while phishing hides inside legitimate workflows like M365 Groups and calendar invites.
Non-traditional devices, like smart TVs, are also being co-opted as infrastructure. Despite law enforcement disruptions, the threat landscape remains resilient and adaptive.
Cybersecurity News
- FortiBleed Campaign Harvests 110M Credentials from FortiGate Devices – A large-scale campaign dubbed FortiBleed has hit over 430,000 FortiGate firewalls, harvesting 110M+ credentials in an operation tied to a financially motivated Russian-speaking access broker. It shows how perimeter devices can become high-value collection points, with SMBs and service providers offering attackers a path to scale downstream compromise across enterprise, cloud, and MSP environments. The Hacker News
- Attackers Weaponize M365 Calendar Invites and Groups for Phishing – Researchers report attackers are abusing Outlook Groups, shared files, and calendar invites to embed phishing into normal workplace workflows instead of traditional emails. Repeated exposure through trusted collaboration channels boosts success rates and makes detection harder, raising the risk of credential theft, malware delivery, and data exposure. Help Net Security
- Smart TV Apps Secretly Turn Home Networks Into Proxy Infrastructure – Spur Intelligence found residential proxy SDKs in 2,058 apps (about a third of 6,038 scanned) on LG webOS and Samsung Tizen, including games, screensavers, and utility apps that route third-party traffic through users’ home connections. Since TVs are rarely monitored like computers, this creates privacy, security, and attribution risks for the same network hosting routers, cameras, NAS devices, and work machines. Help Net Security
- Global Takedown Dismantles Amadey and StealC Malware Networks – A coordinated law enforcement and industry operation seized 326 servers and 142 domains tied to Amadey and StealC malware, identifying $47M in illicit crypto and 27M stolen credentials. By targeting the loaders and stealers behind malware-as-a-service, the takedown disrupts the pipelines feeding ransomware, credential theft, and fraud at their source. The Hacker News
- Stolen OAuth Tokens Expose LastPass Customer Data via Salesforce – LastPass confirmed a breach linked to the Klue supply chain incident, in which attackers used stolen OAuth tokens to access customer data in its Salesforce environment. Core services weren’t affected, but the exposed CRM data highlights a growing risk of SaaS integration and could fuel targeted phishing. Hack Read
Sign Up
To receive Threat Briefings by email.