Show threadKevin Beaumont3h ago

Fortinet appear to be telling press the #Fortibleed breach is made up of prior breaches and brute forcing.. but I’ve seen the breach data and it includes many passwords not in prior dumps, and I’ve worked with impacted orgs and they report no brute forcing of impacted accounts.

I think there may be some confusion about this one - the brute forcing is the cracking of the passwords by the threat actor, which is done locally.

Watch this space on this one anyhoo.

DIESEC4h ago

FortiBleed: 74,000 Fortinet firewalls, admin creds cracked. No CVE. Patched devices still at risk — PBKDF2 only activates on re-login post-update. Rotate creds, force re-auth, restrict mgmt interface, MFA. 

ACSC critical alert today.

#Fortinet #FortiBleed #CyberSecurity

(in)sicurezza digitale9h ago

FortiBleed: 73.000 firewall Fortinet violati in 194 paesi, un gruppo russo con 1,16 miliardi di tentativi svela i limiti della complessità delle password

Una campagna di spionaggio informatico senza precedenti ha compromesso 73.932 URL univoci di firewall e gateway VPN Fortinet in 194 paesi. Il gruppo, russo, ha usato un cluster da 45 GPU per craccare gli hash SSL VPN, colpendo Foxconn, Samsung, Siemens e un contractor NATO turco. L'Italia figura al 15° posto con 1.259 dispositivi compromessi.

https://insicurezzadigitale.com/fortibleed-73-000-firewall-fortinet-violati-in-194-paesi-un-gruppo-russo-con-116-miliardi-di-tentativi-svela-i-limiti-della-complessita-delle-password/

Show threadSebastian Büttrich @ ITU12h ago

#fortibleed #fortinet

https://www.theregister.com/cyber-crime/2026/06/17/massive-password-stealing-attack-hits-75k-fortinet-firewalls/5257877

Massive password-stealing attack hits 75k Fortinet firewalls

Why are you even reading this?! Rotate your passwords!!

theregister
Sebastian Büttrich @ ITU12h ago

#Denmark #police listed as compromised by #fortibleed vulnerability

by #HudsonRock

#security #fortinet #forti #politi #danmark

https://www.hudsonrock.com/search/domain/politi.dk

Show threadKevin Beaumont12h ago
#GAYINT list of impacted #FortiBleed IPs. Not all as I couldn't write the parser properly. http://owned.lab6.com/~gossi/research/public/fortibleed/some-fortibleed-ips.txt
Show threadKevin Beaumont12h ago
#GAYINT list of impacted #FortiBleed domains (this is basically email addresses of admin accounts on the device btw) https://blog.gayint.org/intel/fortibleed.txt
G0rb 13h ago

Shodan-Query of the day:

"186.188.155.138"

#FortiGape #HeartBleed #fortibleed

G0rb 13h ago

RE: https://infosec.exchange/@gayint/116767147349150909

LoL

fortinet.com
fortinet.com.cn
fortinetfederal.com

is also in the list :D

#FortiGape #Fortishit #Fortibleed

Günter Born13h ago

#FortiBleed - Administrator passwords from (currently just under 74,000) Fortigate firewalls have been stolen and are circulating on the dark web—a number of companies have been compromised. There are fixes.

https://borncity.com/win/2026/06/18/fortibleed-administrator-passwords-compromised-on-74000-fortinet-firewalls/

FortiBleed: Administrator Passwords Compromised on 74,000 Fortinet Firewalls

[German]Operators of Fortinet products are at risk of having their instances compromised by attackers. This is because the passwords for administrator access to these instances have been cracked.

Born's Tech and Windows World