Brief #144: FortiGate AI Attack Hits 55 Countries, Password Manager Vaults Exposed, Zscaler Acquires SquareX

Happy Sunday!

In this week's brief:

• AI-powered FortiGate campaign hits 600+ devices in 55 countries - No zero-days required; commercial AI services automated lateral movement and attack planning at industrial scale
• WEF report exposes CEO-CISO risk priority gap - CEOs worry about fraud, CISOs worry about ransomware, and 87% of leaders flag AI vulnerabilities as the fastest-growing risk
• Claroty raises $150M at $3B valuation, eyes 2027 IPO - OT security gets a massive vote of confidence as the company enters final IPO preparation stages

AI-Assisted Hacker Breaches 600+ FortiGate Firewalls Across 55 Countries in 5 Weeks

• Amazon Threat Intelligence revealed a Russian-speaking threat actor used commercial AI services including DeepSeek and Claude to compromise over 600 FortiGate devices between January 11 and February 18, exploiting exposed management interfaces and weak credentials rather than zero-day vulnerabilities.
• The attacker fed stolen network topologies directly into LLMs for step-by-step lateral movement guidance, deployed Mimikatz for DCSync attacks against domain controllers, and used an automated system called ARXON to generate structured attack plans, turning AI into what Amazon called an "assembly line for cybercrime."
• Security teams should immediately audit FortiGate management interface exposure, enforce MFA on all VPN and admin access, rotate SSL-VPN credentials, and monitor for anomalous Active Directory replication events (Event ID 4662) as indicators of DCSync activity.

---

Starkiller Phishing-as-a-Service Proxies Real Login Pages and Bypasses MFA in Real Time

• A new phishing platform called Starkiller, sold as a SaaS subscription by threat group Jinkusu, spins up Docker containers with headless Chrome instances that load real login pages from brands like Google, Microsoft, Apple, and PayPal, then act as reverse proxies to relay credentials and MFA tokens in real time.
• Unlike traditional phishing kits that use static page clones, Starkiller leaves no template files for security tools to fingerprint or blocklist, while offering operators a full dashboard with session monitoring, keystroke logging, cookie theft, geo-tracking, and conversion analytics identical to legitimate SaaS platforms.
• Static page analysis and URL reputation filtering are ineffective against this approach; detection needs to shift toward behavioral signals like anomalous login patterns, session token reuse from unexpected locations, and impossible travel indicators, even when MFA was technically completed.

---

Single Threat Actor Dominates Ivanti RCE Attacks With 83% of Activity

• A single threat actor operating from IP 193.24.123.42 on bulletproof infrastructure accounts for 83% of exploitation attempts targeting critical Ivanti EPMM vulnerabilities CVE-2026-21962 and CVE-2026-24061.
• GreyNoise observed 417 exploitation sessions between February 1-9, with a massive spike of 269 sessions on February 8 alone, indicating automated attacks using DNS callbacks to verify command execution capabilities.
• The same actor simultaneously exploits multiple products including Oracle WebLogic, GNU Inetutils Telnetd, and GLPI, suggesting initial access broker activity targeting various enterprise systems for potential resale.

ETH Zurich Study Uncovers 25 Attacks in Major Cloud Password Managers

• Researchers from ETH Zurich found 25 distinct attack vectors in Bitwarden (12), LastPass (7), and Dashlane (6) that can bypass "zero-knowledge encryption" claims, ranging from integrity violations to complete vault compromise across organizations serving over 60 million users and 125,000 businesses.
• Attacks exploit flawed key escrow recovery mechanisms, unauthenticated public keys, item-level encryption weaknesses, and legacy AES-CBC support that enables KDF downgrade attacks accelerating brute-force by up to 300,000x.
• Security leaders should audit enterprise password manager deployments against the four recommended mitigations (authenticated encryption, full key separation, public key authentication, ciphertext signing), ensure clients are updated, and evaluate whether vendor "zero-knowledge" promises hold up under a malicious server threat model.

---

Radware Report: DDoS Attacks Jump 168% With Peak Volumes Reaching 30 Tbps

• Radware's 2026 Global Threat Analysis Report reveals network-layer DDoS attacks increased 168% year-over-year in 2025, with peak volumes reaching nearly 30 Tbps and the average customer facing 25,351 attacks (139 per day), while web application DDoS attacks climbed 101%.
• The most impactful web DDoS attacks now last less than 60 seconds, making manual mitigation and human-in-the-loop defenses ineffective; the technology sector alone represented 45% of all network-layer attacks, up from under 9% in 2024.
• Hacktivist group NoName057(16) claimed a record 4,693 attacks, with Europe absorbing 48% of all claimed activity; security leaders need to shift from reactive to proactive DDoS defense with automated, AI-aware detection that can respond before sub-minute attacks complete.

---

WEF Global Cybersecurity Outlook 2026: CEO and CISO Risk Priorities Diverge as AI Threats Rise

• CEO priorities shifted significantly in 2026, with cyber-enabled fraud and phishing replacing ransomware as the top concern, while AI vulnerabilities emerged second; CISOs maintained focus on ransomware (#1) and supply chain disruption (#2), revealing a growing perception gap between business leaders and security teams.
• Among highly resilient organizations, CEOs rank AI vulnerabilities as their top risk, while CEOs of insufficiently resilient organizations remain focused on fraud, suggesting that security maturity directly shapes how leadership perceives emerging threats.
• The report highlights a widening cyber equity gap between organizations that are resilient and those that are not, with 87% of respondents identifying AI-related vulnerabilities as the fastest-growing risk category across the global threat landscape.

AI Agents Solve 9 of 10 Web Hacking Challenges but Struggle with Broad Scope Testing

• Claude Sonnet 4.5, GPT-5, and Gemini 2.5 Pro successfully exploited vulnerabilities including authentication bypass, SSRF, stored XSS, and S3 bucket takeovers with costs under $10 per successful attack when given specific targets.
• The AI models failed to solve challenges requiring enumeration tools or creative pivoting, such as finding exposed secrets in GitHub repositories, demonstrating limitations in strategic thinking compared to human testers.
• Performance degraded significantly in broad scope scenarios where agents had to independently prioritize targets, with costs increasing 2-2.5 times and fewer challenges solved due to inefficient resource allocation across multiple attack surfaces.

---

175,000 Ollama Hosts Form Unmanaged AI Network Exposing Tool-Calling Capabilities

• SentinelLABS and Censys discovered 175,000 publicly accessible Ollama hosts across 130 countries operating outside traditional AI governance frameworks, with nearly half configured for tool-calling capabilities that enable code execution and API access.
• The infrastructure spans residential networks (56% of hosts) and cloud environments, creating attribution challenges where 16-19% of hosts resist clean identification, while a persistent backbone of 23,000 hosts generates 76% of all activity using identical quantized models.
• Security risks include resource hijacking for malicious workloads, prompt injection attacks against tool-enabled systems with retrieval capabilities, and systemic vulnerability due to ecosystem-wide convergence on the same model families and compression formats.

---

Group-IB Report: Weaponized AI Fuels Fifth Wave of Cybercrime

• The fifth wave of cybercrime is driven by weaponized AI that transforms once human-driven skills like persuasion and coding into scalable services accessible for as little as $30 per month, enabling even novice threat actors to launch sophisticated attacks.
• Dark web discussions about AI abuse increased by 371% between 2019 and 2025, with underground marketplaces now offering subscription-based services including DarkLLMs, deepfake-as-a-service, and AI-powered phishing automation tools that mimic legitimate SaaS business models.
• Criminal ecosystems have evolved to include AI-enhanced malware, synthetic identity creation, and autonomous attack workflows that compress the entire attack lifecycle from reconnaissance to persistence, making cybercrime cheaper, faster, and harder to trace than ever before.

Claroty Raises $150 Million in Series F Funding at $3 Billion Valuation

• The cyber-physical systems security company secured $150 million in Series F funding led by Golub Growth, bringing total funding to approximately $900 million with an estimated valuation of $3 billion.
• Claroty provides comprehensive security for xIoT systems including operational technology, ICS, IoT, and IIoT with capabilities spanning asset visibility, exposure management, network protection, and threat detection.
• The company is positioning for a potential IPO as early as 2027, with CEO Yaniv Vardi indicating they have entered final preparation stages with recent leadership hires and projected path to profitability.

---

Zscaler Acquires SquareX to Advance Zero Trust Browser Security

• Zscaler acquired SquareX to extend zero trust capabilities into standard browsers like Chrome and Edge through lightweight extensions, eliminating the need for third-party enterprise browsers or full agents on unmanaged devices.
• The acquisition addresses the security gaps left by legacy VPN and VDI solutions by enabling organizations to secure SaaS and private applications across any device without compromising productivity or requiring expensive infrastructure changes.
• SquareX's technology will integrate with Zscaler's Zero Trust Exchange Platform to provide precise zero trust policies that protect data and AI interactions based on each organization's specific risk profile, particularly for BYOD environments.

---

Proofpoint Acquires Acuvity to Deliver AI Security and Governance Across the Agentic Workspace

• Proofpoint acquired Acuvity, a pioneer in AI enterprise security and governance, to strengthen its platform with AI-native visibility, governance, and runtime protection for AI and agent-driven workflows.
• The acquisition positions Proofpoint as the first cybersecurity platform to comprehensively address agentic workspace protection at the intersections of humans, data, and AI agents working collaboratively.
• Acuvity brings new control points and detection models purpose-built for the AI era, delivering comprehensive visibility and enforcement across AI usage from endpoints and web browsers to emerging AI infrastructure such as Model Context Protocol servers.

Whiteswan Platform

Identity-first security platform that consolidates PAM, ZTNA, and ITDR under Zero Trust principles with just-in-time access controls. Also secures AI agents and non-human identities through an MCP gateway, bridging traditional IAM with the emerging agentic AI access challenge highlighted by this week's Proofpoint-Acuvity and Check Point-Cyata acquisitions.

Saidot AI Governance Platform

SaaS governance platform for managing AI system risk, compliance, and EU AI Act requirements using a knowledge graph that connects risks, policies, models, and evaluations. Features an Agent Catalogue for governing AI agents deployed across organizations, directly relevant as the WEF report flags 87% of leaders identifying AI vulnerabilities as the fastest-growing risk.

MCP Gateway

NeuralTrust's security layer between AI agents and the tools they access, enforcing role-based access controls, tracking which LLMs invoke which tools, and preventing unauthorized tool use at sub-10ms latency. Relevant as Model Context Protocol adoption accelerates and organizations scramble to govern agentic AI infrastructure.

---

Thank you for reading this week's brief.

Whenever you're ready, there are three ways I can help you:

Get your cybersecurity product in front of 15,000 cybersecurity professionals on CybersecTools.

Position your product to sell to CISOs correctly. Positioning Advisory.

Get deep market intelligence on your company, competitors and the whole industry. Sign Up for Waitlist.

Talk to you in the next one.

Nikoloz