CISA Warns Fortinet Customers as FortiBleed Hits 86,644 FortiGate Devices

Russian-speaking threat actors have compromised over 86,000 FortiGate devices via FortiBleed using default credentials, breached accounts, and brute force. Telecom, government, and education sectors are primary targets, with heavy exposure in India, US, Mexico, Colombia, and Thailand. Compromised devices can be weaponized for lateral movement, data exfiltration, and persistent network access.

CRITICALAdvisoryJun 20, 2026

Action required

Immediately audit all FortiGate devices for non-default credentials and disable default accounts. Cross-reference your FortiGate inventory against the 86,644 exposed device list. Monitor for anomalous FortiGate admin logins and VPN access patterns.

Affected products

FortinetFortiGateSSL VPNVPN gateways

Linked articles

CISA Warns Fortinet Customers as FortiBleed Hits 86,644 FortiGate Devices

Source links

https://thehackernews.com/2026/06/cisa-warns-fortinet-customers-as.html