All Topics
All Topics
Technology
Technology
Design
Design
Programming
Programming
Science
Science
News
News
Gaming
Gaming
Entertainment
Entertainment
Business
Business
Finance
Finance
Sports
Sports
Health
Health
Food
Food
Travel
Travel
Art
Art
Music
Music
Books
Books
Education
Education
Politics
Politics
Personal
Personal
Bluesky
Twitter
No algorithm. No AI slop. No ads. Just RSS. Pro-human. Indie writers. Real journalism. Open web. Chronological. Hand toasted.

FortiBleed Campaign Compromises 30,000+ Fortinet Devices in Global Credential Harvesting Operation

By

Elizabeth Montalbano

11h ago· 6 min readenNews
Bagel score 100 of 100
100/100
Golden Brown
Bagelometer

A five-star bake. Worth schmearing, sharing, saving.

Score100TypenewsSentimentvery negative

Summary

A large-scale credential harvesting campaign dubbed "FortiBleed" is actively targeting Fortinet firewalls and VPN gateways, compromising over 30,000 devices across nearly 200 countries. Security consultant Volodymyr Diachenko first spotted evidence of the operation, and researchers from SOCRadar uncovered the campaign after finding an exposed operational server belonging to suspected Russian-speaking threat actors. The attackers have compiled working credentials for tens of thousands of devices, targeting various sectors globally.

Key quotes

· 3 pulled
Evidence of the credential harvesting was first spotted by security consultant Volodymyr Diachenko.
Researchers from SOCRadar uncovered the campaign, which they dubbed 'FortiBleed,' when they found an exposed operational server belonging to attackers, which are suspected Russian-speaking threat actors.
This gave them visibility into the group's tooling
Snippet from the RSS feed
Attackers are targeting various sectors across nearly 200 countries and have compiled working credentials for tends of thousands of devices.

You might also wanna read

Security Researcher Finds 16 Vulnerabilities in Lovable-Hosted App Exposing 18,000 Users' Data

A security researcher discovered 16 vulnerabilities, including 6 critical ones, in a Lovable-hosted application that exposed data of over 18

theregister.com·3mo ago

Early Exploitation of React2Shell Vulnerability (CVE-2025-55182) Targets Critical Infrastructure

The article details early exploitation activity following the public disclosure of the critical React2Shell vulnerability (CVE-2025-55182).

blog.cloudflare.com·6mo ago

Cisco discloses actively exploited zero-day affecting up to 2 million IOS and IOS XE devices

Cisco disclosed an actively exploited zero-day vulnerability (CVE-2025-20352) affecting all supported versions of Cisco IOS and IOS XE, pote

arstechnica.com·8mo ago

OpenClaw Security Exposure Watchboard: 605,904 Publicly Accessible Instances Identified

The article presents a security exposure watchboard that lists publicly accessible OpenClaw instances for defensive security awareness. It s

openclaw.allegro.earth·3mo ago

Unsecured Database Exposes 149 Million Login Credentials Without Protection

Security researcher Jeremiah Fowler discovered an unsecured database containing 149 million unique login credentials including emails, usern

techrepublic.com·4mo ago

Massive Data Breach Compilation: Nearly 2 Billion Email Addresses and 1.3 Billion Passwords Exposed

The article discusses a massive data breach compilation containing nearly 2 billion unique email addresses and 1.3 billion unique passwords,

troyhunt.com·7mo ago