Find notable cyber news and cases, enriched with sources, timelines, and signals.

Russian-speaking hacker AI-assisted FortiGate breach campaign

Campaign
First reported
Last updated
Happening score
H score 52
3 unique sources, 3 articles

Summary

Hide ▲

The Russian-speaking threat actor ran an AI-assisted FortiGate breach campaign from January 11 to February 18, 2026, compromising over 600 FortiGate devices across more than 55 countries. The operation focused on internet-exposed management interfaces and reused credentials without MFA rather than known FortiGate vulnerability exploitation. Once inside, the actor used GenAI tools to automate reconnaissance and build scripts for configuration parsing, credential handling, and target prioritization. The same campaign also targeted Veeam Backup & Replication infrastructure and referenced attempts against CVE-2019-7192, CVE-2023-27532, and CVE-2024-40711.

Related Happenings

Russian-speaking FortiGate and Microsoft SQL Server bruteforce campaign

Campaign
H score82 First: 17.06.2026 18:12 Last: 17.06.2026 18:12 Sources 1

About this happening: A Russian-speaking multi-operator threat group ran a **FortiGate** and **Microsoft SQL Server** bruteforce campaign that generated **billions of credential attempts**, raising the...

OceanLotus SPECTRALVIPER campaigns targeting Vietnam

Campaign
H score33 First: 11.06.2026 12:45 Last: 11.06.2026 12:45 Sources 1

About this happening: **OceanLotus** expanded its **Vietnam-focused espionage operations** with two attributed campaigns using **SPECTRALVIPER**, broadening risk to a **Vietnamese infrastructure and tr...

FortiClient EMS CVE-2026-35616 exploitation wave

Exploitation Wave
H score56 First: 28.05.2026 18:26 Last: 28.05.2026 18:26 Sources 1

About this happening: **CVE-2026-35616** exploitation in **FortiClient Enterprise Management Server (EMS)** is being used to deliver the undocumented credential stealer **EKZ**. Attackers are abusing u...

Fortinet security patch release for CVE-2026-44277

Security Patch Release
H score39 First: 12.05.2026 21:23 Last: 12.05.2026 21:23 Sources 1

About this happening: Fortinet released **security updates** for **FortiSandbox** and **FortiAuthenticator** to fix **two critical vulnerabilities** that could let an **unauthenticated attacker** execu...

OpenAI launches Daybreak cybersecurity initiative for AI-powered vulnerability detection and patch validation

Security Tool/Service
H score25 First: 12.05.2026 09:55 Last: 12.05.2026 09:55 Sources 1

About this happening: OpenAI's **Daybreak** launch adds an **AI-powered cybersecurity service** for **vulnerability detection** and **patch validation**, helping organizations fix flaws before attacker...

Timeline

  1. 21.02.2026 15:50 3 articles · 4mo ago

    Amazon warns of AI-assisted FortiGate breach campaign

    Initial Disclosure

    Amazon warned that a Russian-speaking hacker used multiple generative AI services in a five-week campaign against FortiGate firewalls across 55 countries, targeting internet-exposed management interfaces on ports 443, 8443, 10443, and 4443, abusing weak credentials without MFA, and then using AI-assisted Go and Python tooling to automate reconnaissance and extend access inside breached networks. The same activity also targeted Veeam Backup & Replication servers and referenced attempts to exploit CVE-2019-7192, CVE-2023-27532, and CVE-2024-40711.

    Show sources