First reported by BleepingComputer
FortiBleed credential-theft campaign linked to Lynx ransomware
FortiBleed Campaign Harvests 110M+ Credentials, Fuels Ransomware Operations
By
Devonte Grant
5d agoen
Source
Orca SecurityFortiBleed Campaign Harvests 110M+ Credentials, Fuels Ransomware Operationsorca.securityA critical credential-harvesting campaign dubbed “FortiBleed” has been exposed, systematically targeting over 430,000 FortiGate firewalls worldwide and exploiting CVE-2026-35616 (CVSS 9.1) in FortiClient EMS, enabling attackers to gain admin access, deploy packet sniffers, and fuel ransomware operations at scale. Due to the massive scope and active exploitation, immediate patching and credential rotation are required. Users […] The post FortiBleed Campaign Harvests 110M+ Credentials, Fuels Ransomware Operations appeared first on Orca Security .
You might also wanna read
FortiBleed Campaign Harvests 80,000 Fortinet Credentials Without Zero-Day Exploit
The FortiBleed campaign involved threat actors harvesting and selling working credentials for approximately 80,000 Fortinet firewalls and SS

FortiBleed Campaign: Reverse Engineering the CyberStrike Harvester Behind Global FortiGate Credential Theft
FortiBleed is a large-scale credential compromise campaign targeting internet-facing Fortinet FortiGate firewalls and SSL VPN gateways. Unli
FortiBleed Campaign Compromises 30,000+ Fortinet Devices in Global Credential Harvesting Operation
A large-scale credential harvesting campaign dubbed "FortiBleed" is actively targeting Fortinet firewalls and VPN gateways, compromising ove
bit.ly·20d ago
Fortinet Issues Security Advisory for FortiBleed Credential-Harvesting Campaign Affecting 86,000+ Devices
Fortinet has responded to the FortiBleed campaign, a large-scale credential-harvesting operation targeting Fortinet firewalls and VPNs. The
FortiBleed campaign targets 430,000+ FortiGate firewalls with custom credential-stealing sniffer
SOCRadar reports the FortiBleed campaign targeted over 430,000 FortiGate firewalls globally. Attackers used a custom tool called FortigateSn
hendryadrian.com·15d agoFortiBleed Credential Theft Linked to INC and Lynx Ransomware Operations
thehackernews.com·6d ago

Comments
Sign in to join the conversation.
No comments yet. Be the first.