FortiBleed: How 75,000 Fortinet Firewalls Were Silently Compromised in 2026
(thecybersecguru.com)
from WPSteam@lemmy.world to cybersecurity@infosec.pub on 17 Jun 18:11
https://lemmy.world/post/48286815
from WPSteam@lemmy.world to cybersecurity@infosec.pub on 17 Jun 18:11
https://lemmy.world/post/48286815
FortiBleed exposed how a Russian-speaking threat group quietly compromised around 75,000 Fortinet firewalls worldwide by abusing old credential leaks, infostealer logs, automated login testing, offline cracking, and compromised FortiGate devices. The campaign turned exposed firewalls into credential-harvesting nodes, creating a self-feeding access pipeline for future attacks and possible ransomware operations.
threaded - newest
Internet accessible management interface of firewall. There sure is a bleed to this. Eyes of every security engineer bleeding at the absolute stupidity of such a decision.
The shift from initial access via credential reuse to repurposing firewalls as persistent credential-harvesting nodes creates a compounding risk where compromised perimeter devices actively expand the attack surface. This self-feeding pipeline suggests defenders must treat any anomalous authentication success on a firewall not just as a breach, but as a potential indicator of an automated botnet expanding its foothold.