Chinese threat actors use a custom post-exploitation toolkit named 'DeepData' to exploit a zero-day vulnerability in Fortinet's FortiClient Windows VPN client that steal credentials. The zero-day ...

And then they send victims to the legit VPN download to hide their tracks A group of cybercriminals tracked as Storm-2561 is ...

Cybersecurity researchers has revealed that for months now, Fortinet’s Windows VPN client has been vulnerable to a flaw which allows threat actors to steal user credentials - and Chinese hackers have ...

Storm-2561 uses SEO poisoning to push fake VPN downloads that install signed trojans and steal VPN credentials. Active since 2025, Storm-2561 mimics trusted brands and abuses legitimate services. This ...

Update 6/12/23 added below: Fortinet released a new advisory warning that the vulnerability may have been exploited in attacks. Fortinet has released new Fortigate firmware updates that fix an ...

Researchers spot Chinese threat actor stealing login credentials from Fortinet VPN Thefts carried out with the help of a vulnerability discovered in 2023 The bug is yet to be addressed, or even ...