Fortra researchers identified an active phishing campaign that delivers a Remote Access Trojan by abusing Datto’s legitimate RMM platform as its command-and-control channel, giving attackers persistent, full remote access while blending into normal enterprise traffic. The campaign relies on social engineering rather than exploits and is difficult to detect because malicious activity is tunneled through trusted Datto RMM infrastructure over HTTPS.

March 2026 BEC threat intelligence from Fortra shows a 53% drop in attack volume, top cash‑out methods, gift card trends, crypto scams, and average wire fraud amounts.

Deciding whether to build an in-house security operations center (SOC) or outsource Security Operations (SecOps) in whole or in part is one of the most important decisions a security leader makes. The question might seem as simple as internal or external, but there are a huge number of factors at play. As a SOC leader, you must make sure the model you choose matches your organization. That means...

GitLab is a powerful, open-source DevOps platform — albeit one that’s prone to data security vulnerabilities. Here’s how you can secure your instance.

What Is AI Fools? AI Fools Week (also referred to as AI Fools: Stay Sharp!) is an annual cybersecurity awareness campaign created by the National Cybersecurity Alliance. Inspired by the spirit of April Fool’s Day, the campaign highlights how AI-powered pranks and deceptions can go beyond harmless jokes. AI Fools Week’s goal is to educate individuals and organizations on how to spot and avoid AI...

Minimize data security risk in Egnyte by securing integrations, controlling access, and gaining full visibility across AI workflows and distributed data environments.

Salesforce and Slack can introduce significant data security risks and vulnerabilities. Find out how Fortra DSPM can address these challenges.

What Is World Leaks?World Leaks is a cyber extortion operation that steals sensitive data from organizations and threatens to leak it via the dark web if a ransom is not paid.Hang on - Isn't That Just Ransomware by Another Name?Well, you can think of it like that if you want - but traditional ransomware attacks involve two things: stealing and encrypting your data, followed by demands for payments...

What Is a Zero-Day Threat? A zero-day attack leverages a previously unknown vulnerability — one that hasn’t been detected by developers or security experts. Because the vulnerability is unknown, there is typically no existing patch or fix, leaving systems temporarily vulnerable until a solution can be developed and deployed. The term "zero-day" refers to the fact that defenders have "zero days" of...

LeakNet is a ransomware operation that has been active since late 2024, encrypting, exfiltrating, and - if a ransom is not paid - leaking the data of compromised organisations.

Michael Oberlaender is an eight-time global CISO and currently provides CISO consulting services for organizations worldwide. His thirty-five-year career in IT and security have centered around the development of strategic, enterprise-grade security programs that empower business growth.We recently had the chance to speak to Michael about his thoughts on the industry, his start in cybersecurity,...

Discover February 2026 BEC attack trends, including cash‑out methods, wire transfer increases, crypto scams, and key insights from Fortra’s FIRE team.

A warning from the FBI's Internet Crime Complaint Center (IC3) has alerted the public about an emerging phishing scheme.