FortiBleed Campaign Harvests 80,000 Fortinet Credentials Without Zero-Day Exploit
By
Mathew J. Schwartz
Summary
The FortiBleed campaign involved threat actors harvesting and selling working credentials for approximately 80,000 Fortinet firewalls and SSL-VPN gateways. Researchers found no evidence that a zero-day exploit was used in the campaign, suggesting the attackers likely leveraged previously known vulnerabilities, weak passwords, or exposed management interfaces. The incident highlights ongoing risks in network security appliance management and credential hygiene.
Source
Key quotes
· 3 pulledThe FortiBleed campaign harvested working credentials for 80,000 Fortinet firewalls and SSL-VPN gateways.
Researchers found no evidence tying the campaign to a zero-day exploit.
The incident underscores the importance of proper credential management and patching in network security appliances.
You might also wanna read
FortiBleed Credential Theft Linked to INC and Lynx Ransomware Operations

FortiBleed credential-theft campaign linked to Lynx ransomware
Cisco discloses actively exploited zero-day affecting up to 2 million IOS and IOS XE devices
Cisco disclosed an actively exploited zero-day vulnerability (CVE-2025-20352) affecting all supported versions of Cisco IOS and IOS XE, pote
arstechnica.com·9mo agoWAF - WAF Release - 2025-09-01
WAF - WAF Release - 2026-03-30
Security Researcher Finds 16 Vulnerabilities in Lovable-Hosted App Exposing 18,000 Users' Data
A security researcher discovered 16 vulnerabilities, including 6 critical ones, in a Lovable-hosted application that exposed data of over 18

Comments
Sign in to join the conversation.
No comments yet. Be the first.