CISA Warns Fortinet Customers as FortiBleed Hits 86,644 FortiGate Devices

Staff Editor 2026-06-19
CISA Warns Fortinet Customers as FortiBleed Hits 86,644 FortiGate Devices

CISA Warns Fortinet Customers as FortiBleed Hits 86,644 FortiGate Devices

https://thehackernews.com/2026/06/cisa-warns-fortinet-customers-as.html

Publish Date: 2026-06-19 10:00:00

Source Domain: thehackernews.com

Ravie LakshmananJun 19, 2026Threat Intelligence / Firewall Security

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday urged Fortinet customers with FortiGate appliances to take steps to secure against ongoing malicious activity aimed at thousands of internet-accessible devices.

The sweeping campaign, believed to be the work of Russian-speaking threat actors, has been codenamed FortiBleed. The number of compromised devices stands at 86,644 as of June 19, 2026.

According to data from SOCRadar, generic admin accounts (35%) and built-in Fortinet system accounts (28.3%) together make up the majority of compromised credentials. Organization-specific accounts account for 36.7% of the remaining breached credentials.

“This points directly to a widespread failure to rename default accounts or rotate factory credentials, giving the attacker a highly reliable target list before any brute force was even needed,” SOCRadar said.

“Org-specific accounts topping the list is significant. It means the attacker is not just harvesting default credentials but has also successfully compromised accounts created by the organizations themselves, possibly sourced from prior breaches where passwords were never changed.”

Telecom, government, and education have emerged as the top three impacted sectors, with the most exposures located in India, the U.S., Mexico, Colombia, and Thailand.

The threat actor is said to have mass-scanned the internet for Fortinet remote login endpoints, and then employed a bespoke tool to spray those identified endpoints with known login and password combinations in an attempt to break into them.

The fully-automated attack is built around a self-sustaining, two-step approach –

  • The threat actor attempts a curated list of leaked Fortinet passwords against devices across the internet.
  • Once access is obtained, they passively monitor network traffic going through the devices to collect additional credentials, which are then…

Source

More Stories

Metro Atlanta city discloses cybersecurity incident – WSB-TV Channel 2

Metro Atlanta city discloses cybersecurity incident – WSB-TV Channel 2

Staff Editor 2026-06-20
Unfixable security flaw affects seven iPhone models

Unfixable security flaw affects seven iPhone models

Staff Editor 2026-06-20
From Cybersecurity To Energy Cooperation: The Significance Of BRICS NSAs Meeting

From Cybersecurity To Energy Cooperation: The Significance Of BRICS NSAs Meeting

Staff Editor 2026-06-20

Terms and Conditions - Privacy Policy