This week’s cybersecurity bulletin sheds light on persistent and emerging threats impacting networks worldwide. Highlighted by FortiGate exploits, these threats include sophisticated phishing campaigns and vulnerabilities in well-known platforms.
Ransomware-as-a-Service Targets FortiGate
A ransomware-as-a-service operation known as The Gentlemen is exploiting vulnerabilities in FortiGate systems, according to Group-IB. This group, comprising around 20 members, leverages a critical authentication bypass identified as CVE-2024-55591 to gain unauthorized access. With a database of over 14,700 compromised devices, they possess 969 brute-forced VPN credentials ready for attack. Since its inception in mid-2025, The Gentlemen has targeted 94 organizations globally, employing advanced tactics to evade detection and cripple security processes.
Citrix Vulnerabilities Under Active Exploitation
Citrix NetScaler systems have become targets in a new campaign exploiting vulnerabilities CVE-2025-5777 and CVE-2023-4966. Defused Cyber reports over 500 exploit attempts on March 16, 2026, indicating a potential precursor to further vulnerabilities. Such heightened activity underscores the importance of vigilance and timely patching of systems to thwart potential breaches.
Phishing Campaigns Exploit Microsoft Teams
Phishing attacks via Microsoft Teams are on the rise, with attackers impersonating IT departments to gain unauthorized access. Rapid7 highlights the use of Quick Assist to deploy malware and exfiltrate data. This trend exposes a significant vulnerability in how external communications are managed within organizations, equating to operating without a secure email gateway.
In another phishing development, a campaign utilizing LiveChat software has been uncovered. This method engages victims in real-time chat, masquerading as reputable brands to harvest sensitive data including account credentials and credit card information. Such tactics illustrate the evolving nature of phishing strategies designed to bypass traditional security measures.
Broader Cyber Threat Landscape
Beyond these targeted attacks, the cybersecurity landscape continues to evolve. Hijack Loader is distributing an updated ACRStealer, while the SnappyClient framework targets cryptocurrency theft. These developments reflect a growing trend of modular and adaptable malware capable of evading detection and maximizing impact.
Concurrently, the European Parliament’s extension of CSAM detection regulations until 2027 highlights ongoing efforts to balance privacy and security. As cyber threats persist, organizations must remain proactive in implementing robust security measures and staying informed on emerging vulnerabilities.
As cyber threats evolve, staying informed and prepared is crucial. The highlighted exploits and campaigns serve as a reminder of the ever-present risks and the need for comprehensive security strategies to protect sensitive data and maintain network integrity.
