🔴 Critical  | Source: The Hacker News
A financially motivated Russian-speaking threat actor has been running a large-scale attack campaign dubbed FortiBleed since February 2026, targeting over 430,000 FortiGate firewalls worldwide and harvesting more than 110 million credentials. The operation combines scanning for exposed services, brute-force attacks, and custom tooling to gain initial access at scale. The sheer volume of compromised credentials and affected devices makes this a significant supply-chain risk for any organisation relying on Fortinet perimeter security.
Security Architect’s Take: Audit all FortiGate management interfaces immediately — ensure they are not exposed to the public internet, rotate all credentials associated with affected devices, and review VPN and firewall logs from February 2026 onwards for signs of unauthorised access or lateral movement.
Original advisory: FortiBleed Targeted FortiGate Firewalls in 110 Million-Credential Harvesting Operation