Fortinet FortiBleed Credential Exposure

Key points

• Approximately 74,000 Fortinet firewall credentials exposed.
• 30,000 Fortinet firewalls detected as compromised by SOCRadar.
• CISA issued an alert on June 18, 2026, advising hardening measures.

This analysis groups the signal by industry, likely incident action and impacted security area. It helps compare this signal with other published signals without treating the labels as final determinations.

Affected organization

Fortinet

Sector: Professional, Scientific, and Technical Services

Likely country: 🇺🇸 United States, 🇨🇭 Switzerland

inferred from source domains

Estimated

Threat source

Hacking activity

Watch internet-facing systems, credential abuse and exploit activity.

• Source type: outside the affected organization

Business impact

Potential data exposure

Impact area: Confidentiality

Likely asset: User or customer data

Trend context

66 signals with similar action pattern

• 2 signals in the same sector
• 88 signals with the same likely impact area
• 1 signal linked to this organization/domain

Mentioned entities

FortinetData DisclosureFortinet FortiBleed Credential Exposure AFortiBleedFortinetVPNSOCRadarAgencyCISAApproximately

External sources

• https://www.cisa.gov/news-events/alerts/2026/06/18/cisa-urges-hardening-fortinet-devices-after-reports-credential-exposurehttps://www.cisa.gov/news-events/alerts/2026/06/18/cisa-urges-hardening-fortinet-devices-after-reports-credential-exposurePublic source from cisa.gov.
• https://arcticwolf.com/resources/security-bulletins/active-fortibleed-campaign-impacting-fortinet-devices-across-194-countries/https://arcticwolf.com/resources/security-bulletins/active-fortibleed-campaign-impacting-fortinet-devices-across-194-countries/Public source from arcticwolf.com.
• https://www.hudsonrock.com/blog/fortibleed-75000-fortinet-firewalls-compromised-global-enterprises-exposed-claim-your-ethical-disclosurehttps://www.hudsonrock.com/blog/fortibleed-75000-fortinet-firewalls-compromised-global-enterprises-exposed-claim-your-ethical-disclosurePublic source from hudsonrock.com.
• https://www.csoonline.com/article/2142272/fortibleed-campaign-exposes-75000-fortinet-firewalls-worldwide.htmlhttps://www.csoonline.com/article/2142272/fortibleed-campaign-exposes-75000-fortinet-firewalls-worldwide.htmlPublic source from csoonline.com.
• https://www.bleepingcomputer.com/news/security/cisa-warns-fortinet-users-to-secure-devices-after-fortibleed-leak/https://www.bleepingcomputer.com/news/security/cisa-warns-fortinet-users-to-secure-devices-after-fortibleed-leak/Public source from bleepingcomputer.com.
• https://www.bankinfosecurity.com/crime-gang-sells-access-to-74000-fortinet-firewall-devices-a-25087https://www.bankinfosecurity.com/crime-gang-sells-access-to-74000-fortinet-firewall-devices-a-25087Public source from bankinfosecurity.com.
• https://www.thehackernews.com/2026/06/attackers-exploit-three-fortinet.htmlhttps://www.thehackernews.com/2026/06/attackers-exploit-three-fortinet.htmlPublic source from thehackernews.com.
• FortiBleed Campaign Exposing Credentials for 73,932 FortiGate Systems - Recorded Futurehttps://www.recordedfuture.com/blog/critical-fortibleed-campaignPublic source from recordedfuture.com.
• Technical Advisory: FortiBleed Credential Exposure Campaign Targeting Internet-Facing Fortinet Devices - Bitdefenderhttps://www.bitdefender.com/en-us/blog/businessinsights/technical-advisory-fortibleed-credential-exposure-campaign-targeting-internet-facing-fortinet-devicesPublic source from bitdefender.com.
• Cybersecurity News Roundup: Mid-April to Mid-June 2026 - Peterson Technology Partnershttps://www.ptechpartners.com/2026/06/25/cybersecurity-news-roundup-mid-april-to-mid-june-2026/Public source from ptechpartners.com.
• FortiBleed Security Alert: Fortinet VPN Credentials Exposed - Bitsighthttps://www.bitsight.com/blog/security-alert-fortibleed-fortinet-vpn-credentials-firewall-exposedPublic source from bitsight.com.
• Fuites de données : les 15 incidents majeurs au 25 juin 2026 - DCOD | Cybersécuritéhttps://dcod.ch/2026/06/25/fuites-de-donnees-les-15-incidents-majeurs-au-25-juin-2026/Public source from dcod.ch.
• Analysis of Reported Credential Compromise of FortiGate Devices | Fortinet Bloghttps://www.fortinet.com/blog/psirt-blogs/analysis-of-reported-credential-compromise-of-fortigate-devicesPublic source from fortinet.com.
• Cybersecurity News Roundup: Mid-April to Mid-June 2026 - Peterson Technology Partnershttps://www.petersontech.com/blog/cybersecurity-news-roundup-mid-april-to-mid-june-2026/Public source from petersontech.com.
• Cybersecurity Threats Weekly · Report · June 22, 2026https://originbrief.com/cybersecurity-threats-weekly-report-june-22-2026/Public source from originbrief.com.
• NEWS ROUNDUP - 22nd June 2026https://digitalforensicsmagazine.com/news-roundup-22nd-june-2026/Public source from digitalforensicsmagazine.com.

Related signals

Grouped by why the signal is relevant.

Tweakers·Jun 19, 2026

Same sectorSame action patternSame impact area

Paywall Bypass Vulnerability

Tweakers.net has identified a vulnerability that allows for the bypass of its paywall. This issue is listed as a 'Known issue' within their bug bounty program, indicating that the company is aware of the flaw and is seeking ethical hackers to report findings related to it. A successful bypass could allow unauthorized access to premium content.

Aflac·Jun 30, 2026

Same action patternSame impact area

Aflac Life Insurance Japan Suffers Cybersecurity Breach Exposing Policyholder Data

Aflac Life Insurance Japan disclosed unauthorized access to its systems between June 15 and June 25, 2026. The breach affected files containing policy details, personal information, and bank account information of approximately 4.38 million customers. The company has suspended affected systems and is investigating the incident with third-party cybersecurity experts.

Naic·Jun 29, 2026

Same action patternSame impact area

National Association of Insurance Commissioners (NAIC) Confirms Data Breach via Oracle PeopleSoft Zero-Day

The National Association of Insurance Commissioners (NAIC), a US insurance regulatory standards body, confirmed a cyberattack after the ShinyHunters group claimed theft of 3.1TB of data. The breach was reportedly achieved through an Oracle PeopleSoft zero-day vulnerability. ShinyHunters claimed access to regulatory filings, production logs, cloud configuration files, and other internal records.

Polymarket·Jun 29, 2026

Same action patternSame impact area

Polymarket Confirms Supply Chain Attack, $3 Million Stolen

Polymarket, a cryptocurrency-based prediction market, confirmed a supply chain attack. A breach of a third-party frontend vendor led to malicious JavaScript being injected into its website. Attackers tricked users into approving fraudulent transactions, resulting in approximately $3 million being stolen from fewer than 15 accounts. The backend systems remained unaffected.

Biglobe·Jun 28, 2026

Same action patternSame impact area

BIGLOBE Inc. Affected by KDDI Corporation Data Breach

BIGLOBE Inc., a Japanese internet service provider, was impacted by a data breach originating from an email system provided by KDDI Corporation. Threat actors gained unauthorized access to this shared system by exploiting a vulnerability in third-party software. This led to the potential exposure of up to 14.2 million email addresses and passwords across all affected ISPs. BIGLOBE Inc. customers' email addresses and passwords may have been compromised.

Kddi Web·Jun 28, 2026

Same action patternSame impact area

KDDI Web Communications Customer Data Affected by KDDI Email System Breach

KDDI Web Communications, a subsidiary of KDDI, was impacted by the data breach in KDDI Corporation's email system, disclosed on June 28, 2026. The incident, caused by a third-party software vulnerability, led to the potential exposure of up to 14.2 million email addresses and passwords belonging to customers across six Japanese ISPs, including KDDI Web Communications.