FortiBleed Campaign Exposes 80K Targets Worldwide

A massive cybersecurity threat, dubbed FortiBleed, has exposed over 80,000 Fortinet FortiGate devices worldwide, with alarming ease, by exploiting weak passwords and reused credentials. The US Cybersecurity agency is urging affected customers to secure their appliances immediately to prevent a potential breach.

https://osintsights.com/fortibleed-campaign-exposes-80k-targets-worldwide?utm_source=mastodon&utm_medium=social

#Fortibleed #CredentialReuse #BruteForce #Russia #Cve202624858

Inside the FortiBleed Open Directory: A Technical Analysis of What the Attacker Left Behind

An exposed attacker server has unveiled FortiBleed, a large-scale credential-compromise campaign targeting internet-facing Fortinet FortiGate firewalls and SSL VPN gateways globally. This operation involved credential harvesting through reuse, brute force, and hash cracking using a distributed GPU infrastructure with approximately 36 rented GPUs via Hashtopolis. The exposed directory contained 319 files revealing scanning tools, cracking infrastructure, credential databases, post-exploitation toolkits, and active VPN configurations. While initially reported as affecting 21,632 domains, analysis of the attacker's own tooling reveals only 918 organizations showed evidence of internal network compromise, with merely 148 confirmed cases where credentials were fully cracked. The operation ultimately aimed to sell initial access to compromised networks, with victims spanning 194 countries, predominantly India, United States, and Taiwan.

Pulse ID: 6a358eb86925d602f0cf5600
Pulse Link: https://otx.alienvault.com/pulse/6a358eb86925d602f0cf5600
Pulse Author: AlienVault
Created: 2026-06-19 18:47:20

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#BruteForce #CredentialHarvesting #CyberSecurity #India #InfoSec #OTX #OpenThreatExchange #RAT #RCE #SSL #UnitedStates #VPN #bot #AlienVault

Dashlane potwierdza atak brute force, jednak dane użytkowników nie są zagrożone

31 maja 2026 do Dashlane wpłynęły zgłoszenia kilku użytkowników, którzy otrzymali e-mail informujący, że ich konto zostało zawieszone. Użytkownicy zgłaszali również problemy z logowaniem do usługi po zresetowaniu hasła (Master Password). TLDR: Zespół Dashlane ustalił, że przyczyną był atak brute force na wybrane konta użytkowników usługi. Celem ataku było pokonanie...

#WBiegu #2Fa #Atak #Awareness #Bezpieczeństwo #BruteForce #Dashlane #Hasła

https://sekurak.pl/dashlane-potwierdza-atak-brute-force-jednak-dane-uzytkownikow-nie-sa-zagrozone/

The Ferengi 14th Rule of Acquisition states "Anything stolen is pure profit"

#honeypot #bruteforce #startrek #hooman

Haze: A decentralized, open-source P2P group chat with E2EE routing entirely through Tor. Maximum privacy, zero trace.
https://haze.berkkucukk.com

#kalilinuxtools #informationsecurity #ethicalhacker #pentesting #ubantu #bugbounty #github #githubuniverse #hacking #hacking_or_secutiy #WebPentest #webpentest #decryption #ddosattak #networkattacktool #networkattack #WhatWeb #metasploit #nmap #burpsuite #bruteforce #informationgathering #hackingtools #vulnerability #kalilinux

Latest PyPi Compromise

A supply chain attack targeting the Microsoft DurableTask Python client compromised versions 1.4.1, 1.4.2, and 1.4.3 on PyPi. The threat actor gained access through a compromised GitHub account previously linked to attacks, using stolen credentials to dump GitHub secrets containing PyPi tokens. The evolved payload targets Linux systems, stealing credentials from AWS, Azure, GCP, Kubernetes, Vault, and password managers like Bitwarden and 1Password. It propagates via AWS SSM and Kubernetes lateral movement, limited to 5 targets per infected host. The payload scrapes shell history, bruteforces password managers, and establishes persistence through infection markers. Compromised packages were quarantined following analysis.

Pulse ID: 6a0ce3b0ad791179648c47b0
Pulse Link: https://otx.alienvault.com/pulse/6a0ce3b0ad791179648c47b0
Pulse Author: AlienVault
Created: 2026-05-19 22:26:56

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#AWS #Azure #BruteForce #CyberSecurity #GitHub #InfoSec #Linux #Microsoft #OTX #OpenThreatExchange #Password #PyPI #Python #RCE #SupplyChain #Word #bot #AlienVault

Korben: #Bruteforce de #cartes #bancaires

Un #chercheur en #sécurité a démontré qu'il est possible de reconstituer les chiffres manquants d'une carte bancaire par bruteforce en testant des numéros auprès de la banque, à raison d'environ 6 tentatives par seconde.

https://korben.info/carte-bancaire-brute-force.html