All Topics
All Topics
Technology
Technology
AI
AI
Business
Business
Entertainment
Entertainment
News
News
Programming
Programming
Security
Security
Science
Science
Design
Design
Environment
Environment
Finance
Finance
Crypto
Crypto
Politics
Politics
Sports
Sports
Education
Education
Gaming
Gaming
Art
Art
Music
Music
Health
Health
Books
Books
Food
Food
Travel
Travel
Personal
Personal
Bluesky
Twitter

Fortinet Issues Security Advisory for FortiBleed Credential-Harvesting Campaign Affecting 86,000+ Devices

12d ago· 1 min readenNews

Summary

Fortinet has responded to the FortiBleed campaign, a large-scale credential-harvesting operation targeting Fortinet firewalls and VPNs. The campaign has amassed over 86,000 confirmed working credentials across 194 countries, leveraging credential reuse from prior incidents and brute-force attacks against devices with weak passwords and no multi-factor authentication. The prior incidents include FortiCloud SSO authentication bypass vulnerabilities (CVE-2026-24858, CVE-2025-59718, CVE-2025-59719). Fortinet advises customers to terminate sessions, rotate credentials, enable MFA, upgrade to PBKDF2 hashing, review configurations for unauthorized changes, check logs, and restrict external management.

Source

bskyFortinet Issues Security Advisory for FortiBleed Credential-Harvesting Campaign Affecting 86,000+ Devicesbriefly.co

Key quotes

· 4 pulled
FortiBleed is a large-scale credential-harvesting campaign targeting Fortinet customers' firewalls and VPNs without exploiting new vulnerabilities.
The campaign has produced a database of over 86,000 confirmed working credentials for Fortinet devices across 194 countries.
Initial analysis indicates credential reuse from prior incidents combined with brute-force against devices with weak password hygiene and no multi-factor authentication.
Fortinet advises customers to confirm remediation, terminate admin and VPN sessions, rotate credentials, enable MFA for all administrator and VPN accounts, and upgrade to releases supporting PBKDF2 hashing for administrator credentials.
Snippet from the RSS feed
FortiBleed is a large-scale credential-harvesting campaign targeting Fortinet customers’ firewalls and VPNs without exploiting new vulnerabilities. The campaign has produced a database of over 86,000 confirmed working credentials for Fortinet devices acro

You might also wanna read

Comments

Sign in to join the conversation.

No comments yet. Be the first.