A recent report by Amazon's Integrated Security team has revealed a disturbing trend in the world of cybersecurity. A Russian-speaking hacker, using generative AI services, breached over 600 FortiGate firewalls across 55 countries in just five weeks. This campaign, which occurred between January 11 and February 18, 2026, did not rely on any exploits to compromise the firewalls, but instead targeted exposed management interfaces and weak credentials lacking MFA protection.
The hacker used AI to automate access to other devices on the breached network, highlighting the growing concern of AI-powered attacks. According to CJ Moses, CISO of Amazon Integrated Security, the compromised firewalls were observed in various regions, including South Asia, Latin America, the Caribbean, West Africa, Northern Europe, and Southeast Asia.
This incident is not an isolated case. Microsoft's latest Patch Tuesday release addressed over 50 security holes in its Windows operating systems and other software, including six actively exploited zero-day vulnerabilities. These zero-days, which include security feature bypass flaws, allow attackers to slip past built-in protections in multiple Microsoft products.
One of the zero-days, CVE-2026-21510, is a security feature bypass vulnerability in Windows Shell, which can be triggered by a single click on a malicious link. This vulnerability affects all currently supported versions of Windows. Another zero-day, CVE-2026-21513, is a security bypass bug targeting MSHTML, the proprietary engine of the default Web browser in Windows.
The exploitation of zero-day vulnerabilities is not limited to software. A recent analysis of the ZeroDayRAT malware revealed that it is "textbook stalkerware," capable of bypassing multi-factor authentication (MFA) protections. With access to SIM, location data, and a preview of recent SMSes, attackers can use this malware for account takeover or targeted social engineering.
The increasing use of AI-powered attacks and the exploitation of zero-day vulnerabilities have significant implications for the cybersecurity landscape. As observed in the FortiGate breach, AI can be used to automate attacks and evade detection. This trend is likely to continue, as attackers become more sophisticated in their use of AI and machine learning.
In the world of operational technology (OT), the threat landscape is also evolving. The use of "living-off-the-plant" techniques, which involve attackers blending in with the normal activities of the targeted system, is becoming more prevalent. This approach makes it difficult for security systems to detect and respond to OT attacks.
The recent attacks and vulnerabilities highlight the need for a proactive approach to cybersecurity. Organizations must prioritize the implementation of robust security measures, including regular software updates, MFA protections, and network segmentation. Moreover, the use of AI-powered security tools can help detect and respond to sophisticated attacks.
As the cybersecurity landscape continues to evolve, it is essential to stay informed about the latest threats and vulnerabilities. By understanding the tactics and techniques used by attackers, organizations can better prepare themselves to defend against AI-powered attacks and zero-day exploits.
A recent report by Amazon's Integrated Security team has revealed a disturbing trend in the world of cybersecurity. A Russian-speaking hacker, using generative AI services, breached over 600 FortiGate firewalls across 55 countries in just five weeks. This campaign, which occurred between January 11 and February 18, 2026, did not rely on any exploits to compromise the firewalls, but instead targeted exposed management interfaces and weak credentials lacking MFA protection.
The hacker used AI to automate access to other devices on the breached network, highlighting the growing concern of AI-powered attacks. According to CJ Moses, CISO of Amazon Integrated Security, the compromised firewalls were observed in various regions, including South Asia, Latin America, the Caribbean, West Africa, Northern Europe, and Southeast Asia.
This incident is not an isolated case. Microsoft's latest Patch Tuesday release addressed over 50 security holes in its Windows operating systems and other software, including six actively exploited zero-day vulnerabilities. These zero-days, which include security feature bypass flaws, allow attackers to slip past built-in protections in multiple Microsoft products.
One of the zero-days, CVE-2026-21510, is a security feature bypass vulnerability in Windows Shell, which can be triggered by a single click on a malicious link. This vulnerability affects all currently supported versions of Windows. Another zero-day, CVE-2026-21513, is a security bypass bug targeting MSHTML, the proprietary engine of the default Web browser in Windows.
The exploitation of zero-day vulnerabilities is not limited to software. A recent analysis of the ZeroDayRAT malware revealed that it is "textbook stalkerware," capable of bypassing multi-factor authentication (MFA) protections. With access to SIM, location data, and a preview of recent SMSes, attackers can use this malware for account takeover or targeted social engineering.
The increasing use of AI-powered attacks and the exploitation of zero-day vulnerabilities have significant implications for the cybersecurity landscape. As observed in the FortiGate breach, AI can be used to automate attacks and evade detection. This trend is likely to continue, as attackers become more sophisticated in their use of AI and machine learning.
In the world of operational technology (OT), the threat landscape is also evolving. The use of "living-off-the-plant" techniques, which involve attackers blending in with the normal activities of the targeted system, is becoming more prevalent. This approach makes it difficult for security systems to detect and respond to OT attacks.
The recent attacks and vulnerabilities highlight the need for a proactive approach to cybersecurity. Organizations must prioritize the implementation of robust security measures, including regular software updates, MFA protections, and network segmentation. Moreover, the use of AI-powered security tools can help detect and respond to sophisticated attacks.
As the cybersecurity landscape continues to evolve, it is essential to stay informed about the latest threats and vulnerabilities. By understanding the tactics and techniques used by attackers, organizations can better prepare themselves to defend against AI-powered attacks and zero-day exploits.