{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/network-scanning/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["medium"],"_cs_tags":["network-scanning","vulnerability-exploitation","fortigate","coldfusion","cve-2023-27997"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eOn March 13, 2026, KRVTZ-NET IDS systems generated a series of alerts indicative of network scanning and attempted exploitation. The alerts highlight suspicious activity originating from a range of IP addresses, suggesting a widespread campaign rather than a targeted attack from a single actor. Specific alerts include repeated GET requests to \u003ccode\u003e/remote/logincheck\u003c/code\u003e, potentially targeting the Fortigate VPN vulnerability CVE-2023-27997, as well as requests for hidden environment files and attempts…\u003c/p\u003e\n","date_modified":"2026-03-13T20:52:20Z","date_published":"2026-03-13T20:52:20Z","id":"/briefs/2026-03-krvtz-net-ids-alerts/","summary":"Multiple IDS alerts indicate potential network reconnaissance, vulnerability exploitation attempts targeting Fortigate VPN (CVE-2023-27997), and ColdFusion servers originating from various IP addresses on March 13, 2026.","title":"KRVTZ-NET IDS Alerts Analysis: Network Scanning and Exploitation Attempts","url":"https://feed.craftedsignal.io/briefs/2026-03-krvtz-net-ids-alerts/"}],"language":"en","title":"CraftedSignal Threat Feed — Network-Scanning","version":"https://jsonfeed.org/version/1.1"}