Feb 24, 2026

Subject: Risky Bulletin: AI-driven hacking campaign breaches 600+ Fortinet devices

Sender: risky-biz@ghost.io

Summary:

A financially motivated Russian-speaking threat actor has used commercial AI tools to hack over 600 Fortinet FortiGate firewalls beginning January 11, 2026. The attacker exploited exposed management ports with weak passwords and no MFA rather than zero-days or older vulnerabilities. AI tools like Claude and Deepseek were leveraged to automate reconnaissance, vulnerability assessment, and lateral movement within victim networks. After compromising Fortinet devices, the attacker accessed Active Directory environments, extracted credentials, and targeted backup infrastructure. The operation is notable due to integrating AI at every stage but still considered low sophistication focusing on scale rather than value. Additional breaches covered in this newsletter include Ivanti, PayPal, Advantest, and Wikipedia blacklisting ArchiveToday for DDoS attacks.

Subject: Russian-speaking hacker used multiple genAI services to breach 600+ FortiGate firewalls

Sender: info@metacurity.com

Summary:

Amazon reports a Russian-speaking hacker utilized multiple commercial generative AI services to breach over 600 FortiGate firewalls in 55 countries over five weeks (Jan-Feb 2026). The attacker used brute force against exposed FortiGate management interfaces running on ports such as 443, 8443, 10443, and 4443 with weak passwords and no MFA. AI was employed to automate reconnaissance (network size classification, port scanning, domain controller identification) and vulnerability scanning using tools like GoGo scanner and Nuclei. The attacker also used Meterpreter and Mimikatz for credential extraction and lateral movement. A server exposing 1,402 files, including stolen data and customized AI tools, was uncovered supporting this activity. Related security news highlights Spanish police arresting Anonymous members for DDoS, Wynn Resorts breach by ShinyHunters, and PayPal data breach exposing personal information.

Subject: China’s Salt Typhoon and Volt Typhoon continue to target US infrastructure | The CyberWire 2.23.26s

Sender: editor@newsletter.n2k.com

Summary:

The FBI continues to warn about active Chinese cyberespionage groups Salt Typhoon and Volt Typhoon targeting US telecom and critical infrastructure. Notable remarks from FBI deputy assistant director Machtinger emphasize basic vulnerabilities as entry points rather than new advanced ones. ICS firm Dragos confirms Volt Typhoon remains embedded in US utilities mapping and preparing for longer-term operations. Additional news covers an AI-assisted hacking campaign compromising 600+ FortiGate devices, a ransomware attack on Japanese chip tester Advantest, and a Romanian national’s guilty plea for selling access to Oregon Department of Emergency Management networks in 2021. The bulletin contains sponsored content about malware reverse engineering and upcoming RSAC 2026 conference details.

Subject: FortiGate Firewalls Hacked in AI-Powered Attacks: AWSs

Sender: news@securityweek.com

Summary:

AWS details an AI-powered attack campaign breaching FortiGate firewalls without exploiting any zero-day; the attackers targeted exposed management ports with weak credentials and no MFA, automating attack phases via AI-generated tooling. The attacker’s toolkit includes configuration parsing, credential extraction, VPN automation, scanning orchestration, and attack dashboards—all AI-assisted but developed by a small group or single operator. Other headlines include a Ukrainian sentenced for aiding North Korean cyber fraud, ransomware attacks closing clinics in Mississippi, PayPal data breach resulting in fraudulent transactions, ongoing exploitation of RoundCube webmail vulnerabilities, and a Romanian hacker pleading guilty to selling state network access. SecurityWeek also features expert insights on insecure AI-assisted software development and important upcoming webinars and events.

Stay Well!