FortiBleed

Pierluigi Paganini July 02, 2026
430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link

FortiBleed exposed 430,000 FortiGate firewalls, linked to INC Ransom and Lynx, enabling domain compromise and at least 12 ransomware attacks. SOCRadar’s Threat Research Unit has connected FortiBleed, a large-scale campaign that harvested credentials from over 430,000 FortiGate firewalls worldwide, directly to two active ransomware operations: INC Ransom and Lynx. The link isn’t circumstantial. An operator […]

Pierluigi Paganini June 24, 2026
FortiBleed: The Broker Who Turned 73,000 Firewalls Into a Product Catalog

FortiBleed exposed valid credentials for 73,000+ Fortinet firewalls, revealing a large-scale access-brokering operation targeting organizations worldwide. In mid-June 2026, researcher Volodymyr “Bob” Diachenko found a live, exposed server containing working login credentials for tens of thousands of Fortinet firewalls, a data leak code-named FortiBleed. The headline number, valid remote-access logins for 73,932 devices across 21,632 […]

Pierluigi Paganini June 22, 2026
FortiBleed: The Most Detailed Breakdown Yet of an Active Russian Credential-Harvesting Operation

FortiBleed targeted 430,000+ FortiGate devices, harvesting 110M credentials and enabling breaches through large-scale credential theft. A new threat intelligence report from SOCRadar’s Threat Research Unit (STRU), the team that first identified and named the FortiBleed campaign, goes deeper than anything published so far on what is shaping up to be one of the most significant […]

Pierluigi Paganini June 20, 2026
FortiBleed Exposes Global Credential-Spraying Operation

FortiBleed exposed a massive campaign that made billions of login attempts against Fortinet VPNs, compromising organizations worldwide. FortiBleed wasn’t a targeted hack. It was a factory. A multi-operator crew ran an industrial-scale attack against Fortinet FortiGate SSL VPN devices worldwide, and security researcher Volodymyr “Bob” Diachenko of SecurityDiscovery.com caught them only because they left their […]

Pierluigi Paganini June 20, 2026
CISA Warns of Active Exploitation Following FortiBleed Leak

FortiBleed exposed credentials for 74,000 Fortinet devices, with attackers actively exploiting the leak to target systems worldwide. On June 18, CISA issued an emergency alert after reports surfaced that credentials for approximately 74,000 Fortinet firewalls and VPN gateways had been leaked in what researchers are calling FortiBleed. The agency confirmed that threat actors were actively […]

Pierluigi Paganini June 18, 2026
FortiBleed Exposes Admin Passwords for 75,000 Fortinet Firewalls

FortiBleed: Admin Passwords for 75,000 Fortinet Firewalls Are Out in the Wild. Half the Internet-Facing Fortinets on the Planet. Security researcher Bob Diachenko found a server sitting open on the internet containing what appeared to be valid Fortinet VPN credentials, including usernames, email addresses, and plaintext passwords for tens of thousands of organizations. He posted […]