Fortra® Security & Trust Center

Blog

Fortra Discovers Datto Living Off the Land Binary

By Aranzazu Casillas on Thu, 04/09/2026
Fortra researchers identified an active phishing campaign that delivers a Remote Access Trojan by abusing Datto’s legitimate RMM platform as its command-and-control channel, giving attackers persistent, full remote access while blending into normal enterprise traffic. The campaign relies on social engineering rather than exploits and is difficult to detect because malicious activity is tunneled through trusted Datto RMM infrastructure over HTTPS.
From Icons to Backdoors Browser Extension Safety
Guide

The Browser Extension Threat Guide

This guide provides an overview of the browser extension threat landscape, including detection and threat hunting guidance with recommendations on specific response actions and general mitigation strategies.
Patch Tuesday Analysis
Blog

March 2026 Patch Tuesday Analysis

By Tyler Reguly on Tue, 03/10/2026
Today’s Patch Tuesday Alert addresses Microsoft’s March 2026 Security Updates. The FIRE team is actively working on coverage for these vulnerabilities and expect to ship that coverage as soon as it is completed.
Vulnerability Management
Blog

Threat Actors Abuse GitHub Notifications to Deliver Vishing Attacks

By Israel Cerda on Mon, 03/09/2026
Executive SummaryGitHub email notifications are being abused to deliver vishing content, according to findings from the Fortra Intelligence and Research Experts (FIRE) team. Vishing, or voice phishing, is a type of social engineering attack in which threat actors attempt to trick their victim into revealing personal information over a phone call or voice message, often beginning with an initial...
Security Advisory

Denial of Service in CLFS.sys

Wed, 02/25/2026
This vulnerability is caused by CWE‑159: Improper Handling of Invalid Use of Special Elements, which leads to an unrecoverable inconsistency in the CLFS.sys driver. This condition forces a call to the KeBugCheckEx function, allowing an unprivileged user to trigger a system crash. Microsoft silently fixed this vulnerability in the September 2025 cumulative update for Windows 11 2024 LTSC and...
FR-2026-001
Medium
CVE-2026-2636
Blog

BEC Global Insight Report: January 2026

By JT Newby on Fri, 02/13/2026
Executive SummaryThe findings in this report come from the results of active defense engagements with BEC threat actors. Every month, Fortra Intelligence & Research Experts (FIRE) conducts hundreds of these engagements to collect comprehensive intelligence about BEC tactics and trends to help better understand how the BEC threat landscape is evolving. The primary findings for January 2026...
Blog

What Can the AI Work Caricature Trend Teach Us About the Risks of Shadow AI?

By Josh Davies on Wed, 02/11/2026
The viral AI work caricature trend on Instagram is prompting users to generate job‑based AI images, unintentionally exposing sensitive personal and professional information. This activity highlights how easily threat actors can identify potential targets, exploit publicly shared details, and attempt LLM account takeovers or prompt‑based data extraction. The trend underscores broader risks of shadow AI, including the leakage of proprietary or sensitive data when employees use public LLMs. Organizations are encouraged to strengthen AI governance, monitor for compromised credentials, and deploy data‑security tools to prevent unauthorized access and disclosure.