Russian-speaking initial-access brokers have attacked at least 430,000 FortiGate firewalls with FortiBleed and harvested login credentials to gain access to corporate networks.
DriveSurge compromises thousands of legitimate websites to silently infect visitors with FakeUpdates or ClickFix manipulations via zTDS traffic steering and sells system access to other cybercriminals.