Fortinet Issues Security Advisory for FortiBleed Credential-Harvesting Campaign Affecting 86,000+ Devices
12d ago· 1 min readenNews
Summary
Fortinet has responded to the FortiBleed campaign, a large-scale credential-harvesting operation targeting Fortinet firewalls and VPNs. The campaign has amassed over 86,000 confirmed working credentials across 194 countries, leveraging credential reuse from prior incidents and brute-force attacks against devices with weak passwords and no multi-factor authentication. The prior incidents include FortiCloud SSO authentication bypass vulnerabilities (CVE-2026-24858, CVE-2025-59718, CVE-2025-59719). Fortinet advises customers to terminate sessions, rotate credentials, enable MFA, upgrade to PBKDF2 hashing, review configurations for unauthorized changes, check logs, and restrict external management.
Source
Key quotes
· 4 pulledFortiBleed is a large-scale credential-harvesting campaign targeting Fortinet customers' firewalls and VPNs without exploiting new vulnerabilities.
The campaign has produced a database of over 86,000 confirmed working credentials for Fortinet devices across 194 countries.
Initial analysis indicates credential reuse from prior incidents combined with brute-force against devices with weak password hygiene and no multi-factor authentication.
Fortinet advises customers to confirm remediation, terminate admin and VPN sessions, rotate credentials, enable MFA for all administrator and VPN accounts, and upgrade to releases supporting PBKDF2 hashing for administrator credentials.
FortiBleed is a large-scale credential-harvesting campaign targeting Fortinet customers’ firewalls and VPNs without exploiting new vulnerabilities. The campaign has produced a database of over 86,000 confirmed working credentials for Fortinet devices acro
You might also wanna read

FortiBleed credential-theft campaign linked to Lynx ransomware
BleepingComputer·3d ago
FortiBleed Credential Theft Linked to INC and Lynx Ransomware Operations
thehackernews.com·2d ago
WAF - WAF Release - 2026-03-30
Cloudflare·3mo ago

WAF - WAF Release - 2025-09-01
Cloudflare·10mo ago
WAF - WAF Release - 2026-07-01
Cloudflare·4d ago

WAF - WAF Release - 2025-07-07
Cloudflare·1y ago

Comments
Sign in to join the conversation.
No comments yet. Be the first.