FortiBleed: How 75,000 Fortinet Firewalls Were Silently Compromised in 2026 (thecybersecguru.com)

submitted 5 days ago by WPSteam@lemmy.world to c/cybersecurity@infosec.pub

2 comments fedilink hide all child comments

FortiBleed exposed how a Russian-speaking threat group quietly compromised around 75,000 Fortinet firewalls worldwide by abusing old credential leaks, infostealer logs, automated login testing, offline cracking, and compromised FortiGate devices. The campaign turned exposed firewalls into credential-harvesting nodes, creating a self-feeding access pipeline for future attacks and possible ransomware operations.

top 2 comments

sorted by: hot top new old

[-] SamuelEllis@lemmy.world 3 points 3 days ago

The shift from initial access via credential reuse to repurposing firewalls as persistent credential-harvesting nodes creates a compounding risk where compromised perimeter devices actively expand the attack surface. This self-feeding pipeline suggests defenders must treat any anomalous authentication success on a firewall not just as a breach, but as a potential indicator of an automated botnet expanding its foothold.

[-] Jiggs@lemmy.dbzer0.com 6 points 4 days ago

Internet accessible management interface of firewall. There sure is a bleed to this. Eyes of every security engineer bleeding at the absolute stupidity of such a decision.

this post was submitted on 17 Jun 2026

19 points (100.0% liked)

cybersecurity

6248 readers

7 users here now

An umbrella community for all things cybersecurity / infosec. News, research, questions, are all welcome!

Community Rules

Be kind
Limit promotional activities
Non-cybersecurity posts should be redirected to other communities within infosec.pub.

Enjoy!

founded 3 years ago

MODERATORS

shellsharks@infosec.pub

tweedge@infosec.pub