Active FortiBleed Campaign Impacting Fortinet Devices Across 194 Countries (opens in new tab)

Summary In mid-June 2026, security researchers identified an active, large-scale credential compromise campaign affecting Fortinet FortiGate firewalls, dubbed FortiBleed. Threat actors have been systematically extracting configuration files from internet-facing FortiGate devices and cracking the stored credential hashes, resulting in verified working administrator credentials for between 30,000 and 75,000 devices across 194 countries. SOCRadar‘s research identified … Active FortiBleed Campaig...