VulnHub

Real-time Cybersecurity News

FortiBleed Targeted FortiGate Firewalls in 110 Million-Credential Harvesting Operation

The Hacker News
Actively Exploited
Vulnerability

Overview

A significant cyber operation called FortiBleed has been uncovered, targeting over 430,000 FortiGate firewalls worldwide. This operation, attributed to a Russian-speaking group known as an initial access broker, has been active since February 2026 and focuses on harvesting user credentials. The attackers are employing various tactics, including probing for exposed services and brute-forcing systems to gain unauthorized access. With the scale of this operation, organizations using FortiGate firewalls should be particularly vigilant about their security practices. Failure to address these vulnerabilities could lead to compromised systems and sensitive data breaches.

Key Takeaways

  • Active Exploitation: This vulnerability is being actively exploited by attackers. Immediate action is recommended.
  • Affected Systems: FortiGate firewalls
  • Action Required: Organizations should enhance their firewall security configurations, implement strong password policies, and regularly update their systems to the latest versions to mitigate risks.
  • Timeline: Ongoing since February 2026

Original Article Summary

A Russian-speaking initial access broker (IAB) driven by financial gain is assessed to be behind a large-scale credential-harvesting operation known as FortiBleed that has targeted over 430,000 FortiGate firewalls globally. The campaign, active since February 2026, involves collecting credential lists, searching for exposed services, brute-forcing accessible systems, and deploying bespoke

Impact

FortiGate firewalls

Exploitation Status

This vulnerability is confirmed to be actively exploited by attackers in real-world attacks. Organizations should prioritize patching or implementing workarounds immediately.

Timeline

Ongoing since February 2026

Remediation

Organizations should enhance their firewall security configurations, implement strong password policies, and regularly update their systems to the latest versions to mitigate risks.

Additional Information

This threat intelligence is aggregated from trusted cybersecurity sources. For the most up-to-date information, technical details, and official vendor guidance, please refer to the original article linked below.

Related Topics: This incident relates to Vulnerability.

Read Original Article

Related Coverage

Cisco Unified CM flaw CVE-2026-20230 now exploited in attacks

BleepingComputer

A serious vulnerability, identified as CVE-2026-20230, has been discovered in Cisco's Unified Communications Manager Server. This Server-Side Request Forgery (SSRF) flaw is currently being exploited by attackers, raising concerns for organizations using this software. The vulnerability could allow malicious actors to manipulate requests sent from the server, potentially leading to unauthorized access to sensitive systems. Companies that rely on Cisco's Unified Communications infrastructure need to prioritize patching their systems to protect against these active exploits. As the situation evolves, it is crucial for affected users to stay informed and take immediate action to mitigate risks.

Jun 23, 2026

Healthtech firm Xolis suffers data breach impacting 1.4 million people

BleepingComputer

Xsolis, a healthcare technology firm, reported a data breach affecting approximately 1.4 million individuals. The breach occurred due to a phishing attack, which allowed attackers to gain unauthorized access to the company's network. The compromised data includes sensitive personal information, raising serious concerns about privacy and security for those affected. This incident underscores the vulnerability of healthcare organizations to cyberattacks, especially as they increasingly rely on digital systems. Individuals whose data was exposed may face risks such as identity theft and fraud, prompting a need for vigilance and protective measures.

Jun 23, 2026

Your AI agent can't be authenticated by a password reset email

SCM feed for Latest

A recent discussion has emerged regarding the security of AI agents, particularly concerning how these machine accounts can be authenticated. Researchers are finding that the current methods for managing identity and access for AI agents are lagging behind their rapid deployment. This gap exposes vulnerabilities that could leave systems open to unauthorized access. Organizations that rely on AI technologies need to reassess their security protocols to ensure that these agents cannot be easily exploited. The implications are significant, as poor governance of AI accounts could lead to data breaches or compromised systems.

Jun 23, 2026

DifyTap: Four Bugs Put over 1 million AI Apps at Risk

Security Affairs

Researchers from Zafran Labs have uncovered four vulnerabilities in Dify, an open-source AI platform widely used by companies like Volvo and Maersk. These flaws put over one million AI applications at risk, exposing sensitive cross-tenant data, documents, and conversations. Notably, two of the vulnerabilities are critical, allowing unauthenticated users to gain access to and potentially steal data. This situation raises serious concerns for organizations that rely on Dify for their AI operations, as sensitive information could be compromised. Companies using this platform should take immediate action to assess their exposure and implement security measures to protect their data.

Jun 23, 2026

Lookalike npm Package Hides a Multi-Stage Windows RAT

Infosecurity Magazine

Researchers at JFrog discovered an npm package that mimics the popular postcss-selector-parser library, which is used in web development. This malicious package is designed to deliver a multi-stage Remote Access Trojan (RAT) on Windows systems. Users who unwittingly install this lookalike package could find their systems compromised, allowing attackers to gain control and potentially access sensitive information. The incident raises concerns about software supply chain security and the need for developers to verify the authenticity of packages before installation. This situation serves as a reminder for developers and organizations to exercise caution and implement security measures to protect against such deceptive tactics.

Jun 23, 2026

Algerian man charged with running two cybercrime marketplaces

CyberScoop

Abdellah Belmili, an Algerian man, has been charged by federal prosecutors for allegedly operating two online marketplaces that specialize in cybercrime. These websites reportedly sold stolen financial credentials and custom-designed phishing kits specifically aimed at major American banks. This situation raises significant concerns as it highlights the ongoing issue of cybercrime and the ease with which sensitive information can be bought and sold on the dark web. The impact of such marketplaces can be far-reaching, potentially affecting countless individuals and businesses as attackers exploit the stolen data. Law enforcement's action against Belmili underscores the need for continued vigilance in the fight against cybercrime and the protection of financial systems.

Jun 23, 2026