Cybersecurity Alert Issued For Fortinet Users
Cybersecurity Alert Issued For Fortinet Users
https://bernews.com/2026/06/cybersecurity-alert-issued-fortinet-users/
Publish Date: 2026-06-29 07:41:00
Source Domain: bernews.com
The Ministry of National Security, acting on advice from the National Cybersecurity Unit [NCU], issued an “alert to all organisations and individuals in Bermuda that operate Fortinet firewall or VPN devices.”
A Government spokesperson said, “A global credential compromise campaign, widely referred to as ‘FortiBleed’, is actively targeting these devices. Organisations that have not taken protective action are at risk of unauthorised access to their networks.”
Acting Minister of National Security Jaché Adams said: “The security of Bermuda’s digital infrastructure is a matter of national importance.
“This campaign is not a theoretical risk. It is an active threat that has already compromised tens of thousands of devices globally. I urge every organisation in Bermuda operating Fortinet equipment to treat this as a priority and act on the guidance provided today without delay.”
The spokesperson said, “FortiBleed is a large-scale credential harvesting campaign targeting Fortinet FortiGate firewalls and SSL VPN gateways exposed to the internet. Security researchers estimate that between 74,000 and 86,000 devices have been affected globally.
“Attackers are exploiting previously compromised credentials, password reuse, and automated brute-force tools to gain unauthorised access.
“Fortinet has confirmed that this is not a new software vulnerability. The activity stems from weak password practices, absent multi-factor authentication, and legacy password storage methods that persist on some devices even after firmware updates.
“Once inside a device, attackers can intercept network traffic, create backdoor accounts, modify configurations, and move laterally into connected systems, including Active Directory environments.
“The U.S. Cybersecurity and Infrastructure Security Agency and Fortinet’s own Product Security Incident Response Team have both issued formal guidance urging immediate action.
“Any…
