惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

B
Blog RSS Feed
C
CERT Recently Published Vulnerability Notes
P
Proofpoint News Feed
Y
Y Combinator Blog
T
The Blog of Author Tim Ferriss
云风的 BLOG
云风的 BLOG
H
Help Net Security
Recorded Future
Recorded Future
The Register - Security
The Register - Security
F
Full Disclosure
N
Netflix TechBlog - Medium
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
酷 壳 – CoolShell
酷 壳 – CoolShell
H
Hackread – Cybersecurity News, Data Breaches, AI and More
爱范儿
爱范儿
Security Archives - TechRepublic
Security Archives - TechRepublic
Simon Willison's Weblog
Simon Willison's Weblog
Cisco Talos Blog
Cisco Talos Blog
I
InfoQ
T
Tenable Blog
T
Tor Project blog
人人都是产品经理
人人都是产品经理
D
DataBreaches.Net
NISL@THU
NISL@THU
Google DeepMind News
Google DeepMind News
博客园 - 叶小钗
B
Blog
V
V2EX
Jina AI
Jina AI
L
LangChain Blog
月光博客
月光博客
W
WeLiveSecurity
U
Unit 42
AWS News Blog
AWS News Blog
C
Cyber Attacks, Cyber Crime and Cyber Security
博客园 - 聂微东
V
Visual Studio Blog
A
Arctic Wolf
T
Tailwind CSS Blog
The Cloudflare Blog
SecWiki News
SecWiki News
S
SegmentFault 最新的问题
Hacker News - Newest:
Hacker News - Newest: "LLM"
宝玉的分享
宝玉的分享
MyScale Blog
MyScale Blog
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
S
Securelist
www.infosecurity-magazine.com
www.infosecurity-magazine.com
腾讯CDC
雷峰网
雷峰网

Fortinet All Blogs

Helping Law Enforcement Keep Pace with the Future of Cybercrime | Fortinet Blog FortiEndpoint Expands Security for the AI Era | Fortinet Blog Cyber Attacks Leveraging AI Require Behavior-First Security Training, Not Simply Better Awareness | Fortinet Blog The AI Era Needs a New SASE. Here’s What That Actually Looks Like. | Fortinet Blog Analysis of Ongoing Ousaban Attacks Targeting the Iberian Peninsula | FortiGuard Labs Update on Fortinet Use of Frontier AI | CISO Collective Fortinet Supports INTERPOL Operation CyberProtect III Targeting Online Exploitation From CI/CD to Cloud Data: How Shai Hulud Persistence Leads to Redshift Breach | FortiGuard Labs Fortinet Launches Its Product Carbon Footprint Calculator FortiSASE Training Builds Skills for Secure Access Success | Fortinet Blog Teaching Cybersecurity the Way It’s Actually Used | Fortinet Blog Introducing FortiSOC: One Platform, Total Control | Fortinet Blog Public-Private Cooperation Is Critical to AI-Driven Cyber Defense | Fortinet Advancing Threat-Informed Defense through Fortinet’s Collaboration with MITRE CTID | Fortinet Threat Actors Weaponize AI Hype to Deliver AsyncRAT | FortiGuard Labs Fortinet Achieves 1 Million People Trained in Cybersecurity Goal Ahead of Schedule | Fortinet Blog While OT Security Is Maturing, Risk Is Not Slowing Down | Fortinet Blog AI Policy Meets Operational Reality: White House AI Cybersecurity Order Calls for Public-Private Coordination | Fortinet Blog Executive Q&A: Strong Q1 Momentum Driven by Differentiated Innovation and Customer Demand | Fortinet Fortinet Earns AV-Comparatives Certification for EDR Detection Visibility | Fortinet Blog Cybercriminals Are Targeting the FIFA World Cup 2026 | FortiGuard Labs Fortinet Achieves AV-Comparatives Certification for Process Injection Protection | Fortinet Blog Inside the Cross-Platform Propagation of a New Gafgyt Variant C0XMO | FortiGuard Labs Battling AI-Based Threats with FortiNDR | Fortinet Blog Phishing Campaign Deploys JavaScript-Driven PureLogs Variant to Steal Sensitive Data Defending Critical Infrastructure: Why OT Security Demands a Threat-Informed Approach | CISO Collective Misconfigured, Enrolled and Dormant: Anatomy of a P2Pinfect Kubernetes Compromise | FortiGuard Labs Fortinet Expands Cybersecurity Investment in the United Arab Emirates | Fortinet Blog PureLogs: Delivery via PawsRunner Steganography | FortiGuard Labs The Future of Connectivity | Fortinet Blog Fortinet at the World Economic Forum: Frontier AI models, AI-Driven Threats, Deepfakes, and the Future of Cyber Defense | Fortinet Blog The Fortinet 2025 Sustainability Report | Fortinet Blog Supercharged Security: Security in the Time of Mythos | CISO Collective Tracking Mirai Variant Nexcorium: A Vulnerability-Driven IoT Botnet Campaign | FortiGuard Labs AI Security Is an Architectural Decision | Fortinet Blog Fortinet Training Institute Wins Industry Accolades | Fortinet Blog Shadow AI: The Invisible Risk Growing Inside Your Organization | Fortinet Blog Leading by Example in Sustainability: Fortinet Expands Global EPD Certification | Fortinet Blog When Cybercrime Becomes an Industry | Fortinet Blog FortiOS 8.0: Redefining Secure Networking in the AI and Quantum Era | Fortinet Blog Securing the Physical World as It Comes Online | Fortinet Blog Why the 2026 AI Cybersecurity Summit Matters | Fortinet Blog DPRK-Related Campaigns with LNK and GitHub C2 | FortiGuard Labs AI Is Changing Application Threats Faster Than Teams Can Adapt | Fortinet Blog Announcing the Fortinet Training Institute’s 2026 ATC Award Winners | Fortinet Blog Disrupting Cybercrime Networks at Scale Requires Sustained Global Collaboration | Fortinet Blog
Analysis of Reported Credential Compromise of FortiGate Devices | Fortinet Blog
Carl Windsor · 2026-06-20 · via Fortinet All Blogs

Situational Analysis

Fortinet is aware of reports of malicious cyber actors targeting Fortinet devices in a credential-harvesting campaign referred to as FortiBleed. Based on our initial analysis, we believe the activity involves threat actors reusing credentials from previous incidents (FG-IR-26-060, FG-IR-25-647) and employing brute-force techniques (as described in a March blog, “Attacks at the Speed of AI”) against devices with weak password hygiene and no multi-factor authentication (MFA). This is not a new Fortinet vulnerability, and this activity is not related to any recent incident or advisory.

Upon identifying the incident, we immediately began an investigation, including collaborating with relevant government agencies.

Was My Organization Affected?

Fortinet’s culture of proactive, transparent, and responsible product security disclosure is one of the many ways we show up as a responsible member of a larger cybersecurity ecosystem and demonstrate our commitment to helping customers make informed, risk-based decisions.

Fortinet has identified the potentially compromised systems, and we are proactively contacting impacted customers. To defend against this malicious cyber activity, Fortinet recommends that customers with impacted FortiGate appliances to immediately:

  1. Terminate all admin and VPN sessions and reset credentials. Terminate all active administrative sessions. Reset all Fortinet VPN and administrative passwords, especially on internet-facing systems, and enforce strong password policies.
  2. Implement MFA on all administrator and VPN user accounts.
  3. Upgrade to latest versions of 7.4, 7.6, or 8.0.  These versions support PBKDF2 hashing of administrator credentials. Follow the guidance to remove older legacy password settings via set login-lockout-upon-weaker-encryption.
  4. Validate configuration. Review firewall and VPN users and other configuration for unauthorized changes.  Preferably compare to a known good configuration.  Pay particular attention to the addition of unrecognized accounts, such as “forticloud, fortiuser, fortinet-support, fortinet-tech-support,” etc.
  5. Check your logs. Look for unexpected administrator access from an unknown IP and domain controller logs for lateral movement, unusual access, suspicious accounts, or unauthorized configuration changes.
  6. Reduce your attack surface and lock down management access. Restrict external management of your devices via trusted hosts (good), a local-in policy (better), or remove internet administration altogether (best).

Additional security best practices for administrator access and general hardening can be found in the Best Practices Guides.

If there is any evidence of unapproved modification of the configuration or other IoCs:

  • Treat the devices as compromised and follow the guidance here to recover.
  • Check for the creation of VPN users, unexpected password resets, or VPN from unexpected locations, which may indicate the actor has attempted lateral movement into the internal network.
  • If AD/LDAP integration is configured, it is important to treat this account as compromised and monitor your AD for its use for authentication elsewhere or the creation of additional accounts and monitor your network for lateral movement.

If you believe your internal network may have been compromised and would like Fortinet to conduct an investigation of your network, please reach out to Fortinet FortiGuard Incident Response to arrange a scoping call.

Fortinet diligently balances our commitment to the security of our customers and our culture of responsible transparency. We are continuing to investigate this situation and taking actionable steps with the security of our customers as our top priority. Our response and mitigation efforts remain ongoing.