Skip to content
  • Home
  • Cyber Map
  • About Us – Contact
  • Disclaimer
  • Terms and Rules
  • Privacy Policy
Cyber Web Spider Blog – News

Cyber Web Spider Blog – News

Globe Threat Map provides a real-time, interactive 3D visualization of global cyber threats. Monitor DDoS attacks, malware, and hacking attempts with geo-located arcs on a rotating globe. Stay informed with live logs and archive stats.

  • Home
  • Cyber Map
  • Cyber Security News
  • Security Week News
  • The Hacker News
  • How To?
  • Toggle search form
AI-Powered Cyber Attacks Target Global FortiGate Devices

AI-Powered Cyber Attacks Target Global FortiGate Devices

Posted on February 24, 2026 By CWS

In February 2026, cybersecurity experts discovered a new wave of threats as hackers deployed advanced AI tools in their campaigns. These Large Language Models (LLMs) have been integrated into attack strategies, showcasing a significant shift in how cybercrime operations are conducted globally.

Integration of AI in Cyber Attacks

Security analysts found that misconfigured servers revealed a complex software pipeline used by attackers. This pipeline incorporated AI models, DeepSeek and Claude, into the attackers’ processes. The incorporation of these technologies signifies a dangerous trend where artificial intelligence is not only used for generating text but is also embedded into cyber-attack frameworks, automating complex tasks against worldwide targets.

The primary focus of these attacks has been on FortiGate SSL VPN appliances. By exploiting stolen configuration data, attackers could breach networks, effectively mapping internal systems and identifying key assets. The operation relied on custom-built tools to automate these intrusions, allowing them to target thousands of devices concurrently without manual input at every stage.

Global Impact and Automation

Investigations reveal that over 2,500 devices in 106 countries were attacked in parallel. Analysts from Cyber and Ramen noted the use of a dual-model strategy: DeepSeek for developing strategic attack plans and Claude for executing vulnerability assessments. This level of automation enabled even less skilled operators to manage a high volume of intrusions efficiently.

The operation’s core utilized two main components: ARXON and CHECKER2. CHECKER2, a Docker-based orchestrator, managed parallel VPN scanning, while ARXON served as a Model Context Protocol (MCP) server, bridging network data with the AI models to produce actionable steps for exploitation. The intrusion chain demonstrates how the system progresses from initial infiltration to active exploitation.

Recommendations for Mitigation

Upon network entry, the system autonomously deployed offensive tools like Impacket and Metasploit using Claude. The vulnerability assessment reports found on the server highlighted the AI’s ability to document findings and suggest prioritized actions, such as privilege escalation. Logs confirm the system’s active targeting of various sectors, including telecommunications.

To counter these AI-driven threats, immediate action is crucial. Organizations should prioritize updating their edge devices to mitigate vulnerabilities quickly. Regular audits of VPN user accounts for unauthorized activity and monitoring for unexpected SSH sessions are recommended. Verifying network configurations against known baselines can also help in detecting subtle changes typical of this campaign.

Stay updated by following us on Google News, LinkedIn, and X, and set CSN as your preferred news source on Google for more instant updates.

Cyber Security News Tags:AI, ARXON, Automation, CHECKER2, Claude, cyber attacks, Cybersecurity, DeepSeek, Fortigate, Hacking, Intrusion, LLMs, network security, Threat Actors, VPN

Post navigation

Previous Post: Chinese AI Firms Accused of Copying Claude Using 16 Million Queries
Next Post: Cyber Group Claims Massive Data Breach at Odido

Related Posts

Hackers Mimic as OpenAI and Sora Services to Steal Login Credentials Hackers Mimic as OpenAI and Sora Services to Steal Login Credentials Cyber Security News
New Polymorphic Python Malware Repeatedly Mutate its Appearance at Every Execution Time New Polymorphic Python Malware Repeatedly Mutate its Appearance at Every Execution Time Cyber Security News
Threat Actors With Stealer Malwares Processing Millions of Credentials a Day Threat Actors With Stealer Malwares Processing Millions of Credentials a Day Cyber Security News
5,000+ Fake Online Pharmacies Websites Selling Counterfeit Medicines 5,000+ Fake Online Pharmacies Websites Selling Counterfeit Medicines Cyber Security News
Threat Actors Compromise 270+ Legitimate Websites With Malicious JavaScript Using JSFireTruck Obfuscation Threat Actors Compromise 270+ Legitimate Websites With Malicious JavaScript Using JSFireTruck Obfuscation Cyber Security News
Critical SharePoint Flaw Exploited in Cyber Attacks Critical SharePoint Flaw Exploited in Cyber Attacks Cyber Security News

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Recent Posts

  • WhatsApp Exploit Turns OpenClaw into Hacker Tool
  • Critical U-Boot Vulnerabilities Discovered in Firmware Security
  • Critical Security Alert for ShareFile Admins: Server Shutdown Advised
  • ShareFile Users Advised to Shut Down Controllers Amid Security Alert
  • New Windows Attack Method Evades Leading Security Tools

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Archives

  • July 2026
  • June 2026
  • May 2026
  • April 2026
  • March 2026
  • February 2026
  • January 2026
  • December 2025
  • November 2025
  • October 2025
  • September 2025
  • August 2025
  • July 2025
  • June 2025
  • May 2025

Recent Posts

  • WhatsApp Exploit Turns OpenClaw into Hacker Tool
  • Critical U-Boot Vulnerabilities Discovered in Firmware Security
  • Critical Security Alert for ShareFile Admins: Server Shutdown Advised
  • ShareFile Users Advised to Shut Down Controllers Amid Security Alert
  • New Windows Attack Method Evades Leading Security Tools

Pages

  • About Us – Contact
  • Disclaimer
  • Privacy Policy
  • Terms and Rules

Categories

  • Cyber Security News
  • How To?
  • Security Week News
  • The Hacker News

Copyright © 2026 Cyber Web Spider Blog – News.

Powered by PressBook Masonry Dark