惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

量子位
L
LINUX DO - 最新话题
TaoSecurity Blog
TaoSecurity Blog
S
Security Affairs
H
Hacker News: Front Page
Recent Commits to openclaw:main
Recent Commits to openclaw:main
Hacker News: Ask HN
Hacker News: Ask HN
T
The Exploit Database - CXSecurity.com
P
Proofpoint News Feed
Google DeepMind News
Google DeepMind News
Schneier on Security
Schneier on Security
云风的 BLOG
云风的 BLOG
I
InfoQ
The Register - Security
The Register - Security
T
Tor Project blog
T
Threat Research - Cisco Blogs
Spread Privacy
Spread Privacy
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
The GitHub Blog
The GitHub Blog
MongoDB | Blog
MongoDB | Blog
Webroot Blog
Webroot Blog
Recent Announcements
Recent Announcements
Vercel News
Vercel News
F
Fortinet All Blogs
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
SecWiki News
SecWiki News
G
Google Developers Blog
N
Netflix TechBlog - Medium
U
Unit 42
Martin Fowler
Martin Fowler
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
O
OpenAI News
博客园 - 叶小钗
T
Tailwind CSS Blog
爱范儿
爱范儿
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
Help Net Security
Help Net Security
A
About on SuperTechFans
Recorded Future
Recorded Future
Last Week in AI
Last Week in AI
Hugging Face - Blog
Hugging Face - Blog
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
D
DataBreaches.Net
D
Darknet – Hacking Tools, Hacker News & Cyber Security
T
The Blog of Author Tim Ferriss
PCI Perspectives
PCI Perspectives
F
Full Disclosure
美团技术团队
L
Lohrmann on Cybersecurity
H
Hackread – Cybersecurity News, Data Breaches, AI and More

Security

Scope Systems confirms cyber incident, says no data loss occurred Instructure breach: ShinyHunters says ‘matter has been resolved’ Rapid7 launches Cyber GRC program to connect compliance with live risk data Australian federal budget 2026: The industry perspective Op-Ed: Microsoft May Patch Tuesday reveals 137 vulnerabilities Federal Budget 2026: The state of cyber security spending for the coming year OpenAI offers EU early access to its cyber security model Exclusive: Aussie firm Earth Systems listed by INC Ransom hacking group Op-Ed: Why Middle East tensions demand immediate action on OT security Aussie schools breach: Instructure boss “reaches agreement” with ShinyHunters to not release data Institute of Public Accountants members hit by data breach Union demands answers on Qantas AI plans 1 in 3 small businesses don't think they're a cyber target, new research finds Exclusive: Aussie toy distributor listed by M3rx ransomware Exclusive: Australian Computer Society investigating possible breach after ShinyHunters hack claims The industry speaks – part 2: World Password Day 2026 Aussie schools breach: The Instructure hack “transcends an isolated IT incident” Exclusive: Aussie car part importer Strategic Imports allegedly breached by threat actors New South Wales, other states, investigating Instructure/Canvas data breach Australian Cyber Security Centre warns of ClickFix campaign leveraging Australian infrastructure Queensland Department of Education confirms students & staff impacted by ShinyHunters data breach ACMA takes action against SpinTel & Yomojo over mobile number fraud violations The Industry Speaks, Part 1: World Password Day 2026 Qualys and Converge tie cyber insurance pricing to real-time security posture Fakeout: Iranian APT caught hiding behind Chaos ransomware activity Exclusive: Australian energy management firm allegedly breached by SafePay Real estate giant Cushman & Wakefield confirms cyber incident, Qilin and ShinyHunters claim attack CrowdStrike expands Project QuiltWorks as more partners join AI security coalition Hacked: ALS discloses cyber incident, unauthorised access to IT systems Microsoft the main target of AI phishing attacks, report uncovers Attackers increasingly turning to trusted security tools to compromise Aussie victims Exclusive: Champion Homes confirms customer data compromised in “cyber event” Australia, Japan commit to partnership to meet cyber security challenges & strengthen cyber defences NSW Treasury cyber incident contained, impact no longer ‘significant’ WA rental scam surge: Tenants targeted with fake $500 discount trap Aussie Information Commissioner launches Privacy Awareness Week 2026 Unregistered branded text messages to be labelled ‘Unverified’ from 1 July Exclusive: Major Australian jewellery brand confirms cyber incident Watch this! Komari server monitor tool abused by hackers Act Now! ACSC warns of active exploitation of cPanel & WHM critical vulnerability Exclusive: Kiwi electrical contractor confirms cyber attack Exclusive: Prime Properties listed as breach victim by M3rx ransomware DigiCert launches AI Trust architecture to secure agents, models, and content Winners of the 2026 Australian Cyber Awards unveiled Op-Ed: Redefining performance in the AI-powered SOC NZ council cyber attack leads to ID and financial data being exposed Alert! Wave of fake toll, parking scams impacting countries worldwide, including Australia and New Zealand Vect unveiled: Inside an emerging ransomware group’s affiliate network Exclusive: Gelatissimo confirms unauthorised access, investigates DragonForce hack claims Aussie ice-cream franchise Gelatissimo suffers alleged hack by DragonForce Anthropic Mythos: The model, the myth and the mundane​ Report: Aussie small businesses doing it tough as job scams double, losses rise Cyber attacks on medical devices pose ‘significant’ impact on real-life patient care Twisted Firestarter! Aussie, US, and UK cyber agencies warn of Cisco malware campaign Generation Life informs customers of “cyber incident” as owner shares incident with ASX CBA launches new scam-finding AI agent Sri Lankan government hack sees $3.7m destined for Australia stolen CrowdStrike extends cloud threat detection to Google Cloud Hey big spender! Microsoft to invest $25bn in Australian AI infrastructure Genetec marks Sydney milestone with visit by high commissioner of Canada to Australia Rental platform under fire for collecting excessive personal data Exclusive: SA genealogical research firm confirms cyber incident following SafePay ransom claims PentenAmio announces acquisition of Armour Communications Exclusive: Aussie passports compromised in alleged Favelle Favco data breach Cutting edge: Anthropic’s Claude Mythos preview is a ‘double-edged sword’, expert says Treasury staffer charged for NSW government data breach Op-Ed: AI won’t patch the holes in your SOC Game on! More than a third of FIFA World Cup 2026 partners expose Aussies to email fraud risk Dark web markets: A complete Aussie identity costs as little as $200 Exclusive: NSW-based Strata Republic allegedly breached by Kairos ransomware group Mortgage fraud now harder to detect thanks to AI McGraw Hill confirms ShinyHunters breach, won’t confirm if any Aussie customers impacted Update now: Active exploitation of Nginx UI vulnerability CVE-2026-33032 underway National Defence Strategy 2026: Spending on military cyber capability to reach at least $15bn Exclusive: Qld pharmacy chain allegedly breached by Kairos ransomware Op-Ed: ASIO has broken its silence on cyber crime, and you should listen Too-hard basket: NIST to scale back CVE updates as vulnerabilities soar OpenAI launches GPT 5.4-Cyber in response to Anthropic Glasswing NZ racehorse auction stalled by cyber attack Op-Ed: Microsoft April Patch Tuesday reveals 167 vulnerabilities ADF joins international military exercise focused on cyber resilience and multi-domain operations OpenAI CEO’s home targeted in attempted drive-by just days after Molotov attack Exclusive: Aussie communications company Mastercom ‘aware’ of INC Ransom claims Booking.com confirms cyber incident, customer reservation data potentially compromised Report: Majority of CISOs not ready for the next big cyber attack Exclusive: Aboriginal community organisation confirms cyber incident following INC Ransom claims The industry speaks: World Identity Management Day 2026 WASTED! GTA developer Rockstar Games confirms hack as ShinyHunters demands ‘pay or leak’ Exclusive: Gunra ransomware lists Eric Davis Dental as breach victim Op-Ed: Why zero trust for OT should start at the boundary, not the boiler room Exclusive: NSW pharmacy management firm allegedly breached by INC Ransom US Treasury launches intelligence-sharing initiative with crypto companies Citigroup says AI speeds up new account openings Cyber war: Pro-Iranian hackers vow to fight on despite a fragile ceasefire with the US Exclusive: Victorian resort hotel allegedly breached by Space Bears ransomware Game on! Nationwide student competition aims to tackle Australia’s cyber skills gap Exclusive: Anubis ransomware gang claims hack of WA-based Shine Aviation Ransomware group claims hack of legal giant Jones Day Anthropic, partners announce Project Glasswing cyber security initiative Exclusive: Aussie tech firm Seeing Machines confirms potential cyber security incident
No time to FortiBleed! Russian hackers compromise more than 30k Fortinet firewalls in almost 200 countries, including Australia
David Hollingworth · 2026-06-18 · via Security

Security analysts uncover large-scale compromise of Fortinet firewalls and VPN gateways, and it’s already impacted more than 73,000 credentials.

No time to FortiBleed! Russian hackers compromise more than 30k Fortinet firewalls in almost 200 countries, including Australia

Security researchers at SOCRadar have outlined the details of a massive and ongoing campaign targeting Fortinet firewalls and VPN devices, which analysts have already dubbed FortiBleed.

Alarmingly, the operation – which SOCRadar attributes to a Russian-speaking adversary – appears to be fully automated, and is based upon a curated list of known passwords.

You’re out of free articles for this month

To continue reading the rest of this article, please log in.

The attackers scan for Fortinet devices, and methodically test each one, recording the passwords that gain access to each device.

“Once a device is compromised, they use it as a listening post, monitoring traffic passing through and collecting any additional credentials that flow by. Those freshly collected passwords are then fed back into the scanner to compromise even more devices. The system feeds itself,” SOCRadar said in a June 16 blog post.

“The password list is not random. It is a carefully assembled collection of credentials leaked from Fortinet devices in earlier incidents, meaning many targets may have never changed their passwords after a prior breach. The attackers know this, and they are counting on it.”

So far, SOCRadar has found 30,791 compromised devices, running across 8,316 unique domains, and based in 194 countries around the world.

Most of the victims tend to be from NATO countries, and while SOCRadar is still investigating, it says “the operational fingerprints are clear”.

However, two Australian entities appear in SOCRadar’s list of the top 50 targeted organisations.

Perhaps the most disappointing aspect of this mass compromise is that the most commonly compromised passwords remain some of the most commonly used.

“This points directly to a widespread failure to rename default accounts or rotate factory credentials, giving the attacker a highly reliable target list before any brute force was even needed,” SOCRadar said.

Targets in government and the education sector feature prominently, but telecommunications firms make up the bulk of the compromised credentials.

Benjamin Harris, CEO and founder of cyber security firm watchTowr, observed that “73,000+ Fortinet VPN credentials don't just appear overnight”.

“Attackers are moving faster than defenders, exploiting internet-facing appliances within hours, extracting credentials and sensitive data, and returning later, even after the device has been patched. A vulnerability may exist only for a short time, but stolen credentials can provide access for months or years,” Harris told Cyber Daily.

“This serves as yet another reminder that ‘patch faster’ is no longer sufficient advice. If this incident resulted from the rapid exploitation of earlier Fortinet CVEs, the real issue isn’t the bug itself; it’s the access attackers gain before organisations can even respond.”

Harris noted that while the source of the data remains unknown, it’s most likely that the credentials were harvested over a long period, exploiting numerous vulnerabilities in internet-facing Fortinet applications.

“The uncomfortable reality is that modern exploitation isn't always about immediate impact. It's about harvesting data that retains value long after the underlying vulnerability has been patched,” Harris said.

“And the pattern repeats. A vulnerability is exploited, credentials and configuration data are collected, and the incident fades from view.

“Months later, the vulnerability is patched, and defenders believe the risk has passed. The bug was temporary. The access wasn't.”

You can read SOCRadar’s full analysis, and a tool to check for compromise, here. For now, however, here is SOCRadars’ advice.

“SOCRadar rates this campaign Critical. The single most important step: change every password on every Fortinet device your organisation operates, including VPN accounts and admin accounts,” SOCRadar said.

“Do it today.

“Then enable two-factor authentication, review your login history, and restrict admin access so it cannot be reached from the open internet.”

Cyber DailyWant to see more stories from trusted news sources?
Make Cyber Daily a preferred news source on Google.

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.