CYBER — The Cybersecurity and Infrastructure Security Agency issued an alert on June 18 directing organizations to immediately terminate active sessions, reset administrative and Virtual Private Network passwords, and harden FortiGate appliances and Secure Sockets Layer gateways targeted in the FortiBleed credential exposure campaign.

Share

Directed Energy Device Tested in Norway Sparks CIA, Pentagon Havana Syndrome Inquiry

Defcon Level

·

Feb 14

Read full story

Poland's Energy Sector Faced Coordinated Cyberattacks Targeting Renewable Facilities and Deploying Wiper Malware

Defcon Level and Donald Standeford

·

Feb 10

Read full story

PRC State-Sponsored Cyber Actors Deploy BRICKSTORM Malware Targeting Public Sector and Information Technology Systems

Defcon Level and Donald Standeford

·

December 8, 2025

Read full story

More Cyber/Tech Alerts

The alert addresses cyber activity by threat actors involving leaked credentials for approximately 74,000 internet-accessible Fortinet devices, including firewalls and Virtual Private Network gateways used by government and private sector organizations worldwide, per the agency alert.

Independent researchers estimate affected devices ranging from 73,932 to 75,000 across 194 countries.

Fortinet and FortiGate Overview

Fortinet is a major cybersecurity company headquartered in Sunnyvale, California. It develops and sells a broad portfolio of network security products, with its flagship FortiGate line of next-generation firewalls and Secure Sockets Layer Virtual Private Network gateways forming the core of many enterprise, government, and critical-infrastructure networks worldwide.

FortiGate appliances combine firewall, intrusion prevention, application control, and VPN capabilities in a single platform. Organizations deploy them to protect internet-facing connections, segment internal networks, and enforce remote-access policies.

Because FortiGate devices often sit at the perimeter and handle both inbound traffic and encrypted tunnels, they are high-value targets for credential-based attacks.

The widespread adoption of Fortinet products means that credential exposure on these devices carries outsized consequences.

A successful compromise can give attackers initial access into environments that control sensitive data flows, remote workforce connectivity, and operational technology segments.

In the FortiBleed campaign, threat actors leveraged leaked administrative credentials to target precisely this class of widely deployed appliances, underscoring why rapid credential rotation and interface hardening remain priorities for any organization running FortiGate or related Fortinet VPN solutions.

FortiBleed Campaign Scope and Methods