[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$frrr_fGr4vQw1MOfOcQB1P6GvVGue_XOaM0lxwPO515s":3},{"article":4,"iocs":52},{"id":5,"title":6,"slug":7,"summary":8,"ai_summary":9,"brief":10,"full_text":11,"url":12,"image_url":13,"published_at":14,"ingested_at":15,"relevance_score":16,"entities":17,"category_id":29,"category":30,"article_tags":34},"4fdb81a2-b8de-4b4b-afb4-f208396cec97","FortiBleed Attack Exposes Fortinet Firewall Credentials in 194 Countries","fortibleed-attack-exposes-fortinet-firewall-credentials-in-194-countries-5b38ec","Researchers say FortiBleed used stolen and tested credentials to access exposed Fortinet firewalls, putting major organizations and public agencies at risk now.","A campaign dubbed 'FortiBleed' has exposed credentials for tens of thousands of Fortinet FortiGate firewalls across 194 countries. Attackers used stolen and tested credentials, along with infostealer logs, to gain access to major organizations and public agencies, potentially enabling traffic monitoring and further credential theft.","FortiBleed campaign exposes Fortinet firewall credentials in 194 countries.","Security Data BreachesFortiBleed Attack Exposes Fortinet Firewall Credentials in 194 Countries Researchers say FortiBleed used stolen and tested credentials to access exposed Fortinet firewalls, putting major organizations and public agencies at risk now. byWaqasJune 17, 20262 minute read A newly reported campaign targeting Fortinet FortiGate firewalls has put exposed VPN and administrator access back in focus, after researchers linked the activity to tens of thousands of verified firewall logins affecting major companies and public sector organizations. Cybersecurity firm Hudson Rock says the dataset, first identified by researcher Volodymyr “Bob” Diachenko, includes 73,932 unique Fortinet firewall URLs in 194 countries, connected to 21,632 affected domains. The company has branded the activity “FortiBleed” and launched a free lookup portal for organizations to check whether their domains appear in the dataset. The names listed in the exposed data include high-profile organizations such as Samsung, Oracle, Foxconn, Comcast, Siemens, Lenovo, Spotify, Sony, and others, according to Hudson Rock and screenshots shared with the research. The data also appears to include government, telecom, manufacturing, retail, logistics, and critical infrastructure targets. Image credit: Hudson Rock The campaign does not appear to be a simple password dump. Diachenko’s investigation describes a Russian-speaking, multi-operator group using exposed FortiGate systems, historical credential leaks, and infostealer logs to test access at high volume. Hudson Rock says the operators ran about 1.16 billion credential attempts against more than 320,000 FortiGate targets, along with 2.1 billion brute-force attempts against more than 160,000 MSSQL servers. Once a login worked, the attackers recorded it in a verified database. From there, the operation could feed itself, including compromised firewall access, which may allow attackers to monitor VPN or gateway traffic, collect more credentials, and reuse them in later attacks. Diachenko also reported deeper compromises in Japan, Taiwan, Vietnam, Iraq, and Turkey, including a Turkish NATO defense contractor where classified defense documents were allegedly stolen. Those claims have not yet been independently confirmed by Fortinet in the public material reviewed for this article. Redacted screenshot showing alleged Fortinet firewall login entries, affected domains, FortiGuard IDs, industries, and country codes. (Credit: Bob Diachenko) The technical concern here is not only weak passwords. Hudson Rock’s analysis says many of the successful credentials were complex passwords that had already been stolen through prior breaches, infostealer infections, or recovered firewall data. In that situation, Password complexity offers little protection in that situation because the attacker is not guessing; they are trying passwords that were already stolen. Fortinet has previously warned customers that internet-facing FortiGate administration and VPN services require tight access controls, patching, and careful configuration. Its own FortiOS hardening guidance advises administrators to review default passwords, certificates, exposed management ports, and SSL VPN access when deploying or maintaining FortiGate systems. Organizations using Fortinet devices should treat the report as a reason to move fast, but not panic. The first steps are clear: rotate FortiGate admin and VPN credentials, enforce MFA on all external access, restrict management interfaces to trusted IP ranges, review gateway logs for suspicious logins, remove unused accounts, and verify that FortiOS devices are fully patched. Hudson Rock’s FortiBleed portal allows organizations to search for affected domains and request disclosure details. Companies that find a match should assume exposed credentials are already in criminal hands and begin containment, password rotation, and log review immediately. Waqas I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cybersecurity and tech world. I am also into gaming, reading and investigative journalism. View Posts Bob DiachenkoCyber AttackCybersecurityfirewallFortiBleedFortiGateFortinetVPN Leave a Reply Cancel reply View Comments (0) Related Posts Security Surveillance North Korea’s Linux (Red Star OS) is a nut hard to crack North Korea is known as an authoritarian state but researchers have found their technological systems to be following… byUzair Amir Security Apple News iPhone Bugs allowed hackers to hijack & activate Mac, iPhone cameras There are two main types of hackers, Black Hat Hackers are the bad guys who perform hacking with malicious objectives, and White Hat Hackers are the good guys. byDeeba Ahmed News Leaks Privacy Security Gumtree exposed users’ personal and GPS location via source code Gumtree.com or Gumtree is a London, England-based online classified advertisement website with millions of registered users. byWaqas Read More Security Cyber Crime Dark Web BreachForums Resurfaces on Original Dark Web (.onion) Address BreachForums resurfaces on its original .onion domain amid law enforcement crackdowns, raising questions about its admin, safety and future. byWaqas","https:\u002F\u002Fhackread.com\u002Ffortibleed-attack-fortinet-firewalls-credentials\u002F","https:\u002F\u002Fhackread.com\u002Fwp-content\u002Fuploads\u002F2026\u002F06\u002Ffortibleed-attack-fortinet-firewalls-credentials.png","2026-06-17T16:34:22+00:00","2026-06-17T18:00:23.626859+00:00",8,[18,21,24,27],{"name":19,"type":20},"FortiGate","product",{"name":22,"type":23},"Fortinet","vendor",{"name":25,"type":26},"FortiBleed","threat_actor",{"name":28,"type":20},"FortiOS","2e06f76c-d5b9-4f54-9eef-4d3447b10730",{"id":29,"icon":31,"name":32,"slug":33},null,"Breaches","breaches",[35,40,42,47],{"category":36},{"id":37,"icon":31,"name":38,"slug":39},"26b0b636-0e31-4db1-bffb-61bdf9f20a58","Supply Chain","supply-chain",{"category":41},{"id":29,"icon":31,"name":32,"slug":33},{"category":43},{"id":44,"icon":31,"name":45,"slug":46},"80544778-fabb-4dcd-aa35-17492e5dcf4f","Vulnerabilities","vulnerabilities",{"category":48},{"id":49,"icon":31,"name":50,"slug":51},"e7b231c8-5f79-4465-8d38-1ef13aea5a14","Threat Intelligence","threat-intelligence",[]]