Sharp rise in brute-force attempts against SonicWall and Fortinet edge devices
Target Trend
Summary
Hide ▲
Show ▼
A sharp rise in brute-force attempts against SonicWall and Fortinet edge devices is increasing risk of perimeter-device compromise across organizations that rely on VPNs and firewalls. 88% of observed attempts appeared to come from the Middle East, and 56% of confirmed incidents from February to March involved this attack type. Persistent scanning and failed logins matter because a single weak credential or misconfiguration can still lead to compromise.
Related Happenings
SonicWall Gen6 SSL-VPN MFA-bypass flaw (CVE-2024-12802)
Vulnerability
First: 21.05.2026 00:19
Last: 21.05.2026 00:19
Sources 1
About this happening:
Researchers confirmed **first-in-the-wild exploitation** of **CVE-2024-12802** against **SonicWall Gen6 SSL-VPN appliances**, showing that incomplete remediation can leave **MFA b...
SonicWall Gen6 SSL-VPN MFA-bypass flaw (CVE-2024-12802)
VulnerabilityAbout this happening: Researchers confirmed **first-in-the-wild exploitation** of **CVE-2024-12802** against **SonicWall Gen6 SSL-VPN appliances**, showing that incomplete remediation can leave **MFA b...
NCSC-UK joint advisory on covert botnets and proxy networks
Public Sector Action
First: 23.04.2026 15:28
Last: 23.04.2026 15:28
Sources 1
About this happening:
**NCSC-UK** and partner agencies issued a **joint advisory** warning that **China-nexus hackers** are using **hijacked consumer devices** as covert proxy networks to hide maliciou...
NCSC-UK joint advisory on covert botnets and proxy networks
Public Sector ActionAbout this happening: **NCSC-UK** and partner agencies issued a **joint advisory** warning that **China-nexus hackers** are using **hijacked consumer devices** as covert proxy networks to hide maliciou...
Forest Blizzard DNS hijacking token-theft campaign against older routers
Campaign
First: 07.04.2026 20:02
Last: 07.04.2026 20:02
Sources 1
About this happening:
Russia-backed **Forest Blizzard** is running a **DNS hijacking campaign** against older routers to steal **Microsoft Office** authentication tokens, putting accounts at risk acros...
Forest Blizzard DNS hijacking token-theft campaign against older routers
CampaignAbout this happening: Russia-backed **Forest Blizzard** is running a **DNS hijacking campaign** against older routers to steal **Microsoft Office** authentication tokens, putting accounts at risk acros...
2025 Rise in legitimate-access intrusions across enterprise sectors
Target Trend
First: 01.04.2026 17:05
Last: 01.04.2026 17:05
Sources 1
About this happening:
**Legitimate access abuse** is now a leading intrusion pattern across **2025** investigations, increasing the risk of stealthy compromise across **manufacturing, healthcare, MSPs,...
2025 Rise in legitimate-access intrusions across enterprise sectors
Target TrendAbout this happening: **Legitimate access abuse** is now a leading intrusion pattern across **2025** investigations, increasing the risk of stealthy compromise across **manufacturing, healthcare, MSPs,...
FortiGate NGFW abuse campaign targeting healthcare, government, and managed service providers
Campaign
First: 10.03.2026 18:21
Last: 10.03.2026 18:21
Sources 1
About this happening:
A **new FortiGate abuse campaign** is using **FortiGate NGFW appliances** as entry points to breach victim networks, creating immediate risk for **healthcare**, **government**, an...
FortiGate NGFW abuse campaign targeting healthcare, government, and managed service providers
CampaignAbout this happening: A **new FortiGate abuse campaign** is using **FortiGate NGFW appliances** as entry points to breach victim networks, creating immediate risk for **healthcare**, **government**, an...
Timeline
-
15.04.2026 03:00 2 articles · 1mo ago
Barracuda flags brute-force surge against SonicWall and Fortinet devices
Initial DisclosureBarracuda detected a sharp rise in brute-force attempts targeting SonicWall and Fortinet edge devices on 2026-04-15, with 88% of observed attempts appearing to originate from the Middle East and 56% of confirmed incidents from February to March tied to this attack type. Most attempts were blocked by security tools or used invalid usernames, and Barracuda advised stronger unique passwords, MFA on VPNs and firewalls, monitoring repeated failed logins, and restricting management interfaces to trusted IP ranges.
Show sources
- Researchers Spot Surge in Brute-Force Attacks from Middle East — www.infosecurity-magazine.com — 15.04.2026 12:30
- Researchers Spot Surge in Brute-Force Attacks from Middle East — www.infosecurity-magazine.com — 15.04.2026 12:30