Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

CyberStrikeAI observed on attacker infrastructure supporting FortiGate attack automation

Security Tool/Service
First reported
Last updated
Happening score
H score 10
2 unique sources, 2 articles

Summary

Hide ▲

CyberStrikeAI was observed on attacker infrastructure supporting a live Fortinet FortiGate attack campaign, showing the platform can be repurposed for offensive automation. The service banner appeared on port 8080 at 212.11.64[.]250, and traffic linked that host to targeted FortiGate devices. The sighting matters because the tool's AI-native orchestration could lower the skill needed to run complex edge-device attacks.

Related Happenings

Fortinet security patch release for CVE-2026-44277

Security Patch Release
First: 12.05.2026 21:23 Last: 12.05.2026 21:23 Sources 1

About this happening: Fortinet released **security updates** for **FortiSandbox** and **FortiAuthenticator** to fix **two critical vulnerabilities** that could let an **unauthenticated attacker** execu...

Open Happening

Widespread exposure and misconfiguration in self-hosted AI infrastructure

Target Trend
First: 05.05.2026 13:30 Last: 05.05.2026 13:30 Sources 1

About this happening: A large-scale measurement found **self-hosted AI infrastructure** was being deployed with **widespread exposure and no authentication**, creating a broad risk of data theft, workf...

Open Happening

Sharp rise in brute-force attempts against SonicWall and Fortinet edge devices

Target Trend
First: 15.04.2026 12:30 Last: 15.04.2026 12:30 Sources 1

About this happening: A **sharp rise** in brute-force attempts against **SonicWall** and **Fortinet** edge devices is increasing risk of perimeter-device compromise across organizations that rely on VP...

Open Happening

FortiGate NGFW abuse campaign targeting healthcare, government, and managed service providers

Campaign
First: 10.03.2026 18:21 Last: 10.03.2026 18:21 Sources 1

About this happening: A **new FortiGate abuse campaign** is using **FortiGate NGFW appliances** as entry points to breach victim networks, creating immediate risk for **healthcare**, **government**, an...

Open Happening

Hikvision and Dahua camera exploitation wave (active targeting)

Exploitation Wave
First: 06.03.2026 16:01 Last: 06.03.2026 16:01 Sources 1

About this happening: An **active exploitation wave** is targeting **Hikvision** and **Dahua IP cameras**, using multiple authentication and command-related flaws to compromise exposed devices. The wav...

Open Happening

Timeline

  1. 03.03.2026 02:06 1 articles · 2mo ago

    CyberStrikeAI developer profile mentions CNNVD award

    Attribution Update

    The developer behind CyberStrikeAI, using the alias Ed1s0nZ, mentioned receiving a "CNNVD 2024 Vulnerability Reward Program – Level 2 Contribution Award" on a GitHub profile.

    Show sources
    Open in new tab
  2. 03.03.2026 02:06 2 articles · 2mo ago

    CyberStrikeAI service banner tied to FortiGate-targeting infrastructure

    Detection Ioc Update

    Team Cymru identified a CyberStrikeAI service banner on port 8080 at 212.11.64[.]250 and saw communications between that host and Fortinet FortiGate devices targeted by the campaign; the infrastructure was last seen running CyberStrikeAI on January 30, 2026.

    Show sources
    Open in new tab
  3. 03.03.2026 02:06 1 articles · 2mo ago

    Team Cymru discloses CyberStrikeAI use in FortiGate campaign

    Initial Disclosure

    Team Cymru reported that the same threat actor behind an AI-assisted campaign that breached more than 500 FortiGate devices was observed using CyberStrikeAI on 212.11.64[.]250, with NetFlow showing a CyberStrikeAI service banner and traffic to targeted Fortinet FortiGate devices.

    Show sources
    Open in new tab