All Topics
All Topics
Technology
Technology
AI
AI
Business
Business
Entertainment
Entertainment
News
News
Programming
Programming
Security
Security
Science
Science
Design
Design
Environment
Environment
Finance
Finance
Crypto
Crypto
Politics
Politics
Sports
Sports
Education
Education
Gaming
Gaming
Art
Art
Music
Music
Health
Health
Books
Books
Food
Food
Travel
Travel
Personal
Personal
Bluesky
Twitter

FortiBleed campaign targets 430,000+ FortiGate firewalls with custom credential-stealing sniffer

By

BleepingComputer

2h ago· 1 min readenNews

Summary

SOCRadar reports the FortiBleed campaign targeted over 430,000 FortiGate firewalls globally. Attackers used a custom tool called FortigateSniffer to capture authentication traffic and steal credentials from compromised devices. The operation abused FortiOS diagnostics, processed captured traffic with SNIFTRAN and a PCAP analysis toolkit, and used Hashcat on GPU clusters to crack hashes and extract secrets.

Source

bskyFortiBleed campaign targets 430,000+ FortiGate firewalls with custom credential-stealing snifferhendryadrian.com

Key quotes

· 2 pulled
SOCRadar says the FortiBleed campaign targeted more than 430,000 FortiGate firewalls and used a custom tool called FortigateSniffer to capture authentication traffic and steal credentials from compromised devices.
The attackers allegedly abused FortiOS diagnostics, processed captured traffic with SNIFTRAN and a PCAP analysis toolkit, and used Hashcat on GPU clusters to crack hashes and extract secrets.
Snippet from the RSS feed
SOCRadar says the FortiBleed campaign targeted more than 430,000 FortiGate firewalls and used a custom tool called FortigateSniffer to capture authentication traffic and steal credentials from compromised devices. The attackers allegedly ab...

You might also wanna read

Early Exploitation of React2Shell Vulnerability (CVE-2025-55182) Targets Critical Infrastructure

The article details early exploitation activity following the public disclosure of the critical React2Shell vulnerability (CVE-2025-55182).

blog.cloudflare.com·6mo ago

Analysis of CVE-2026-4020: Coordinated Google Cloud Fleet Exploiting Gravity SMTP WordPress Vulnerability

A detailed technical analysis of CVE-2026-4020, a critical vulnerability in the Gravity SMTP WordPress plugin that exposed sensitive credent

honeylabs.net·5d ago

Technical Analysis of CVE-2025-10035: A CVSS 10.0 Vulnerability in Fortra GoAnywhere MFT

watchTowr Labs analyzes CVE-2025-10035, a critical CVSS 10.0 vulnerability in Fortra's GoAnywhere MFT (managed file transfer) solution. The

labs.watchtowr.com·9mo ago

Understanding Cloudflare Zero Trust Tunnels: A Practical Guide for Personal Networking

The article is a personal technical guide explaining the author's journey from frustration with Tailscale to becoming a convert to Cloudflar

david.coffee·7mo ago

Bitwarden CLI 2026.4.0 Compromised in Checkmarx Supply Chain Attack via GitHub Action

Socket researchers discovered that Bitwarden CLI version 2026.4.0 was compromised as part of the ongoing Checkmarx supply chain campaign. Th

socket.dev·2mo ago

Security Researcher Finds 16 Vulnerabilities in Lovable-Hosted App Exposing 18,000 Users' Data

A security researcher discovered 16 vulnerabilities, including 6 critical ones, in a Lovable-hosted application that exposed data of over 18

theregister.com·3mo ago

Comments

Sign in to join the conversation.

No comments yet. Be the first.