Fortinet Unveils 2026 Global Threat Landscape Report Highlighting Rising Cybercrime Trends and AI-Enhanced Attacks

Fortinet released its 2026 Global Threat Landscape Report, highlighting trends in cybercrime, AI use, and increased ransomware incidents.

Quiver AI Summary

Fortinet has released its 2026 Global Threat Landscape Report, based on data from FortiGuard Labs, which highlights the evolving nature of cybercrime. The report indicates that cyberattacks now operate more as interconnected systems, with malicious actors increasingly utilizing AI to enhance the sophistication and speed of their operations. Key findings reveal a dramatic rise in ransomware victims, with over 7,800 confirmed cases, significantly up from the previous year. The report also notes that stolen credentials are a primary source of cloud incidents, and outlines the importance of adapting cybersecurity measures to counter the growing use of AI by cybercriminals. Fortinet emphasizes its commitment to fighting cybercrime through cooperation with global initiatives, including the Cybercrime Atlas and various law enforcement operations, and urges organizations to enhance their defenses with AI-enabled tools.

Potential Positives

Fortinet's release of the 2026 Global Threat Landscape Report highlights its leadership in cybersecurity by providing exclusive insights derived from its FortiGuard Labs telemetry, reinforcing its position as a trusted authority in the industry.
The report indicates a significant increase in ransomware victims, with a 389% year-over-year rise, underscoring the growing need for robust cybersecurity solutions offered by Fortinet.
Fortinet's commitment to global cybersecurity collaboration is exemplified by its involvement in successful operations like Operation Red Card 2.0, demonstrating its proactive approach to disrupting cybercriminal networks.
The launch of the Cybercrime Bounty program signals Fortinet's dedication to empowering individuals and ethical hackers in the fight against cybercrime, enhancing community engagement and trust in its brand.

Potential Negatives

Ransomware victims skyrocketing from approximately 1,600 to 7,831 indicates a significant increase in the threat level and effectiveness of cybercriminal activity, potentially reflecting vulnerabilities in Fortinet's cybersecurity measures.
The reported time-to-exploit (TTE) shrinking from 4.76 days to 24-48 hours suggests that threats are evolving at a pace that may outstrip current cybersecurity defenses, raising concerns about the effectiveness of existing solutions.
The emergence of sophisticated AI-enabled cybercriminal tools and tactics may imply that Fortinet faces challenges in keeping up with the evolving landscape of cyber threats, potentially jeopardizing their market position.

FAQ

What is the 2026 Global Threat Landscape Report?

The report from FortiGuard Labs analyzes cyber threat trends and tactics used in cyberattacks during 2025.

How has AI impacted cybercrime tactics?

AI enables cybercriminals to execute more sophisticated attacks, compressing the time-to-exploit and enhancing overall efficiency.

What sectors are most targeted by cybercriminals?

Key targeted sectors include manufacturing, business services, and retail, with significant incidents reported in the U.S., Canada, and Germany.

What is the significance of stolen datasets?

Stolen datasets, especially from infostealer malware, are increasingly used by cybercriminals, reducing their effort and increasing success rates.

How is Fortinet combating cybercrime?

Fortinet disrupts cybercrime through threat intelligence sharing, initiatives like the Cybercrime Bounty program, and collaborative operations with law enforcement.

Disclaimer: This is an AI-generated summary of a press release distributed by GlobeNewswire. The model used to summarize this release may make mistakes. See the full release here.

$FTNT Insider Trading Activity

$FTNT insiders have traded $FTNT stock on the open market 14 times in the past 6 months. Of those trades, 0 have been purchases and 14 have been sales.

Here’s a breakdown of recent trading of $FTNT stock by insiders over the last 6 months:

MICHAEL XIE (VP, ENGINEERING & CTO) has made 0 purchases and 6 sales selling 346,652 shares for an estimated $28,242,157.
KEN XIE (PRESIDENT & CEO) has made 0 purchases and 6 sales selling 334,222 shares for an estimated $28,018,828.
CHRISTIANE OHLGART (Chief Financial Officer) has made 0 purchases and 2 sales selling 617 shares for an estimated $50,445.

To track insider transactions, check out Quiver Quantitative's insider trading dashboard. You can access data on insider stock transactions through the Quiver Quantitative API.

$FTNT Revenue

$FTNT had revenues of $1.9B in Q4 2025. This is an increase of 14.75% from the same period in the prior year.

You can track FTNT financials on Quiver Quantitative's FTNT stock page.

$FTNT Congressional Stock Trading

Members of Congress have traded $FTNT stock 4 times in the past 6 months. Of those trades, 2 have been purchases and 2 have been sales.

Here’s a breakdown of recent trading of $FTNT stock by members of Congress over the last 6 months:

REPRESENTATIVE GILBERT RAY CISNEROS, JR. purchased up to $15,000 on 03/13.
REPRESENTATIVE LISA C. MCCLAIN has traded it 3 times. They made 1 purchase worth up to $15,000 on 10/30 and 2 sales worth up to $30,000 on 10/31, 10/30.

To track congressional stock trading, check out Quiver Quantitative's congressional trading dashboard. You can access data on congressional stock trades through the Quiver Quantitative API.

$FTNT Hedge Fund Activity

We have seen 633 institutional investors add shares of $FTNT stock to their portfolio, and 615 decrease their positions in their most recent quarter.

Here are some of the largest recent moves:

UBS AM, A DISTINCT BUSINESS UNIT OF UBS ASSET MANAGEMENT AMERICAS LLC removed 18,840,533 shares (-74.0%) from their portfolio in Q4 2025, for an estimated $1,496,126,725
MORGAN STANLEY removed 2,446,221 shares (-22.7%) from their portfolio in Q4 2025, for an estimated $194,254,409
VAN ECK ASSOCIATES CORP added 2,166,396 shares (+38.9%) to their portfolio in Q4 2025, for an estimated $172,033,506
PRICE T ROWE ASSOCIATES INC /MD/ removed 2,060,109 shares (-33.2%) from their portfolio in Q4 2025, for an estimated $163,593,255
FUNDSMITH LLP removed 1,904,081 shares (-22.6%) from their portfolio in Q4 2025, for an estimated $151,203,072
VANGUARD GROUP INC removed 1,835,714 shares (-2.4%) from their portfolio in Q4 2025, for an estimated $145,774,048
AQR CAPITAL MANAGEMENT LLC added 1,777,115 shares (+76.2%) to their portfolio in Q4 2025, for an estimated $141,120,702

To track hedge funds' stock portfolios, check out Quiver Quantitative's institutional holdings dashboard. You can access data on hedge funds moves and 13F filings through the Quiver Quantitative API.

$FTNT Analyst Ratings

Wall Street analysts have issued reports on $FTNT in the last several months. We have seen 0 firms issue buy ratings on the stock, and 3 firms issue sell ratings.

Here are some recent analyst ratings:

JP Morgan issued a "Underweight" rating on 01/30/2026
Morgan Stanley issued a "Underweight" rating on 12/18/2025
Mizuho issued a "Underperform" rating on 11/06/2025

To track analyst ratings and price targets for $FTNT, check out Quiver Quantitative's $FTNT forecast page.

$FTNT Price Targets

Multiple analysts have issued price targets for $FTNT recently. We have seen 17 analysts offer price targets for $FTNT in the last 6 months, with a median target of $87.0.

Here are some recent targets:

Jonathan Ruykhaver from Cantor Fitzgerald set a target price of $87.0 on 04/21/2026
Gregg Moskowitz from Mizuho set a target price of $70.0 on 04/14/2026
Richard Poland from Wells Fargo set a target price of $64.0 on 03/03/2026
Fatima Boolani from Citigroup set a target price of $90.0 on 02/09/2026
Keith Bachman from BMO Capital set a target price of $95.0 on 02/09/2026
Brian Essex from JP Morgan set a target price of $73.0 on 02/06/2026
Dan Bergstrom from RBC Capital set a target price of $90.0 on 02/06/2026

Full Release

SUNNYVALE, Calif., April 30, 2026 (GLOBE NEWSWIRE) --

Fortinet ^® (NASDAQ: FTNT), the global cybersecurity leader driving the convergence of networking and security, today released the 2026 Global Threat Landscape Report from FortiGuard Labs. Derived exclusively from FortiGuard Labs telemetry, the latest annual report is a snapshot of the active threat landscape and trends from 2025, including a comprehensive analysis across all tactics used in cyberattacks, as outlined in the MITRE ATT&CK framework. The data reveals that cybercrime no longer functions as a series of isolated campaigns—it operates as a system, with malicious hackers operating across an end-to-end life cycle and compressing the attack life cycle with shadow agents.

“Cybercrime is one of the world’s most pervasive and costly threats, and our latest Global Threat Landscape Report reveals how malicious actors are beginning to leverage agentic AI to execute more sophisticated attacks,” said Derek Manky, Chief Security Strategist and Global VP of Threat Intelligence, Fortinet FortiGuard Labs. “As cybercriminals increasingly use AI to bolster their tactics, cyber defenders must evolve cybersecurity operations into an industrialized defense and adopt AI-enabled tools that respond at the same velocity as modern threats.”

Attack Techniques and Targeted Sectors in Today’s Threat Landscape

Modern cybercrime crosses borders and sectors, and even traditional definitions of crime itself. As attacks grow more sophisticated and interconnected, key findings from the latest FortiGuard Labs Global Threat Landscape Report reveal:

Velocity defines risk as time-to-exploit (TTE) shrinks: As AI accelerates reconnaissance, weaponization, and execution, FortiGuard Intelligence shows that TTE as 24–48 hours for critical outbreaks, a sharp increase from earlier reports that revealed a TTE of 4.76 days. Real-world incidents reflect how minutes can define outcomes: Active exploitation attempts were made within hours of the React2Shell vulnerability public disclosure.
Ransomware victims skyrocket: FortiRecon adversary intelligence identified 7,831 confirmed ransomware victims globally, skyrocketing from approximately 1,600 identified victims in the Fortinet 2025 Global Threat Landscape Report . Availability of crime service kits like WormGPT, FraudGPT, and BruteForceAI contributed to this 389% increase year-over-year (YoY). The top three targeted sectors include manufacturing (1,284), business services (824), and retail (682). Geographic concentration includes the U.S. (3,381), Canada (374), and Germany (291).
Identity sprawl defines cloud exposure: FortiCNAPP intelligence confirms that throughout 2025, most confirmed cloud incidents originated from stolen, exposed, or misused credentials rather than from infrastructure exploitation. Sector analysis shows hospitals/physician clinics and retail establishments as the #1 target. Large identity populations, federated access models, and complex cloud integrations make these prime targets for malicious hackers.

Inside the Habits of Modern, AI-Enabled Cybercriminals

As FortiGuard Labs Cyberthreat Predictions for 2026 projected, the most capable threat groups function as semi-autonomous enterprises, supported by shadow agents, access brokers, and botnet operators who provide services on demand. Key findings from the 2026 Global Threat Landscape Report show:

Shadow agents reduce operator skill requirements while increasing workflow speed. FortiRecon dark web signals captured AI-enabled offensive tooling advertised as services and products, including enhanced versions of WormGPT and FraudGPT, and novel services like HexStrike AI, an offensive AI tool with automated reconnaissance attack path generation; and BruteForceAI, a penetration testing tool that integrates large language models (LLMs) for intelligent form analysis and can execute sophisticated multi-threaded attacks.
With AI, criminals work smarter, not harder. FortiGate IPS telemetry recorded a 22% decrease in brute force attempts YoY, pointing to efficiency gains: With optimized, intelligent brute force techniques, threat actors are making fewer attempts against better-selected targets, increasing success probability per credential tested. This activity translates into about 67.65 billion brute force events globally, with approximately 185 million attempts per day; 1.3 billion attempts per week; and 5.6 billion attempts per month. At the same time, intelligence revealed a 25.49% increase in global exploitation attempts YoY.
Stolen datasets are more popular than leaked credentials. In the 2025 Global Threat Landscape Report , FortiGuard Labs observed a 500% increase in logs available from systems compromised by infostealer malware. In 2026, FortiRecon intelligence found an additional 79% increase and revealed a shift toward theft of more comprehensive data sets, enabled by agentic AI. Within dark web “database” activity, stealer logs dominated advertised and shared datasets (67.12%), exceeding combolists (16.47%) and leaked credentials (5.96%). Stealer logs reduce attacker effort by bundling identity material with contextual artifacts, including browser-resident data, enabling immediate replay and faster conversion than brute force or password spraying.
Credential-stealer malware persists. Credential-stealer malware remains a lucrative industry and primary upstream engine for exposure generation. FortiRecon telemetry shows stealer activity dominated by RedLine: 911,968 infections (50.80%); Lumma: 499,784 (27.84%); and Vidar: 236,778 (13.19%).

Putting Awareness into Action: Disrupting Cybercriminal Ecosystems
Fortinet is committed to disrupting cybercrime by collecting and sharing threat intel and actively working to combat cyberthreats on a global scale.

A recent collaborative effort spearheaded by INTERPOL and supported by Fortinet through the World Economic Forum Cybercrime Atlas resulted in the takedown of a cybercriminal network. Operation Red Card 2.0 took down infrastructure and operators behind online scams, mobile money fraud, and fraudulent loan applications in Africa. Fortinet is a founding member of the Cybercrime Atlas, a global public-private collaboration effort hosted by the World Economic Forum that uses open-source intelligence to map cybercriminal networks, identify infrastructure vulnerabilities, and support joint disruption operations with law enforcement, such as the recent Operation Red Card 2.0 and Operation Serengeti 2.0 .

The 2026 Global Threat Landscape Report reveals that incentivizing the disruption of cybercrime has never been more important. To empower defenders to stay ahead of cybercriminals, Fortinet and Crime Stoppers International launched the Cybercrime Bounty program to provide a secure, anonymous channel for citizens and ethical hackers to submit information about cyberthreats.

Discover how FortiGuard Labs Advisory Services combine cutting-edge technology and expert services to help organizations strengthen their security posture before threats emerge. FortiGuard Outbreak Alerts provide key information about ongoing cybersecurity attacks with significant ramifications affecting companies, organizations and industries. In the event of an incident, FortiGuard Labs offers swift, effective response and in-depth forensic analysis to minimize impact and prevent future intrusions, delivering comprehensive protection in today’s increasingly volatile digital landscape.

Register for the FortiGuard Labs webinar to hear experts break down the threats defining 2026 and what they mean for your organization.

Additional Resources

Download a copy of the 2026 Global Threat Landscape Report from FortiGuard Labs.
Learn more about FortiGuard Labs threat intelligence and research and outbreak alerts, which provide timely steps to mitigate breaking cybersecurity attacks.
Learn more about Fortinet’s roles as a founding member of the Cybercrime Atlas .
Read about the Fortinet Security Fabric .
Visit fortinet.com/trust to learn about Fortinet innovation, collaboration partners, product security processes, and enterprise-grade products.
Read about how Fortinet customers are securing their organizations.
Learn about Fortinet’s commitment to product security and integrity , including its responsible product development and vulnerability disclosure approach and policies.
Follow Fortinet on X , LinkedIn, Facebook , and Instagram . Subscribe to Fortinet on our blog or YouTube .

About Fortinet
Fortinet (NASDAQ: FTNT) is a driving force in the evolution of cybersecurity and the convergence of networking and security. Our mission is to secure people, devices, and data everywhere, and today we deliver cybersecurity everywhere you need it with the largest integrated portfolio of over 50 enterprise-grade products. Well over half a million customers trust Fortinet's solutions, which are among the most deployed, most patented, and most validated in the industry. The Fortinet Training Institute , one of the largest and broadest training programs in the industry, is dedicated to making cybersecurity training and new career opportunities available to everyone. Collaboration with esteemed organizations from both the public and private sectors, including CERTs, government entities, and academia, is a fundamental aspect of Fortinet’s commitment to enhance cyber resilience globally. FortiGuard Labs , Fortinet’s elite threat intelligence and research organization, develops and utilizes leading-edge machine learning and AI technologies to provide customers with timely and consistently top-rated protection and actionable threat intelligence. Learn more at https://www.fortinet.com , the Fortinet Blog , and FortiGuard Labs .

Copyright © 2026 Fortinet, Inc. All rights reserved. The symbols ® and ™ denote respectively federally registered trademarks and common law trademarks of Fortinet, Inc., its subsidiaries and affiliates. Fortinet’s trademarks include, but are not limited to, the following: Fortinet, the Fortinet logo, FortiGate, FortiOS, FortiGuard, FortiCare, FortiAnalyzer, FortiManager, FortiASIC, FortiClient, FortiCloud, FortiMail, FortiSandbox, FortiADC, FortiAI, FortiAIOps, FortiAgent, FortiAntenna, FortiAP, FortiAPCam, FortiAuthenticator, FortiCache, FortiCall, FortiCam, FortiCamera, FortiCarrier, FortiCASB, FortiCentral, FortiCNP, FortiConnect, FortiController, FortiConverter, FortiCSPM, FortiCWP, FortiDAST, FortiDB, FortiDDoS, FortiDeceptor, FortiDeploy, FortiDevSec, FortiDLP, FortiEdge, FortiEDR, FortiExplorer, FortiExtender, FortiFirewall, FortiFlex FortiFone, FortiGSLB, FortiGuest, FortiHypervisor, FortiInsight, FortiIsolator, FortiLAN, FortiLink, FortiMonitor, FortiNAC, FortiNDR, FortiPAM, FortiPenTest, FortiPhish, FortiPoint, FortiPolicy, FortiPortal, FortiPresence, FortiProxy, FortiRecon, FortiRecorder, FortiSASE, FortiScanner, FortiSDNConnector, FortiSIEM, FortiSMS, FortiSOAR, FortiSRA, FortiStack, FortiSwitch, FortiTester, FortiToken, FortiTrust, FortiVoice, FortiWAN, FortiWeb, FortiWiFi, FortiWLC, FortiWLM, FortiXDR and Lacework FortiCNAPP.

Other trademarks belong to their respective owners. Fortinet has not independently verified statements or certifications herein attributed to third parties and Fortinet does not independently endorse such statements. Notwithstanding anything to the contrary herein, nothing herein constitutes a warranty, guarantee, contract, binding specification or other binding commitment by Fortinet or any indication of intent related to a binding commitment, and performance and other specification information herein may be unique to certain environments.