Find notable cyber news and cases, enriched with sources, timelines, and signals.

Sharp rise in brute-force attempts against SonicWall and Fortinet edge devices

Trend
First reported
Last updated
Happening score
H score 34
1 unique sources, 1 articles

Summary

Hide ▲

A sharp rise in brute-force attempts against SonicWall and Fortinet edge devices is increasing risk of perimeter-device compromise across organizations that rely on VPNs and firewalls. 88% of observed attempts appeared to come from the Middle East, and 56% of confirmed incidents from February to March involved this attack type. Persistent scanning and failed logins matter because a single weak credential or misconfiguration can still lead to compromise.

Related Happenings

FortiBleed Fortinet credential-theft campaign

Campaign
H score89 First: 19.06.2026 13:48 Last: 19.06.2026 13:48 Sources 1

About this happening: The **FortiBleed** Happening is a global **Fortinet credential-theft** campaign affecting **FortiGate firewall** and **SSL VPN** customers. The **UK’s NCSC** issued guidance after...

Latest development: 22.06.2026 11:30

The UK’s National Cyber Security Centre issued guidance for Fortinet customers impacted by FortiBleed after the campaign exposed around 75,000 credentials from FortiGate firewall and SSL VPN customers. The NCSC urged affected organizations to use Hudson Rock’s or SOCRadar’s FortiBleed checker tools and then review indicators of compromise such as unauthorized account creation and unexpected activity in log files.

Russian-speaking FortiGate and Microsoft SQL Server bruteforce campaign

Campaign
H score82 First: 17.06.2026 18:12 Last: 17.06.2026 18:12 Sources 1

About this happening: A Russian-speaking multi-operator threat group ran a **FortiGate** and **Microsoft SQL Server** bruteforce campaign that generated **billions of credential attempts**, raising the...

SonicWall Gen6 SSL-VPN MFA-bypass flaw (CVE-2024-12802)

Vulnerability
H score50 First: 21.05.2026 00:19 Last: 21.05.2026 00:19 Sources 1

About this happening: Researchers confirmed **first-in-the-wild exploitation** of **CVE-2024-12802** against **SonicWall Gen6 SSL-VPN appliances**, showing that incomplete remediation can leave **MFA b...

NCSC-UK joint advisory on covert botnets and proxy networks

Public Sector Action
H score66 First: 23.04.2026 15:28 Last: 23.04.2026 15:28 Sources 1

About this happening: **NCSC-UK** and partner agencies issued a **joint advisory** warning that **China-nexus hackers** are using **hijacked consumer devices** as covert proxy networks to hide maliciou...

Forest Blizzard DNS hijacking token-theft campaign against older routers

Campaign
H score35 First: 07.04.2026 20:02 Last: 07.04.2026 20:02 Sources 1

About this happening: Russia-backed **Forest Blizzard** is running a **DNS hijacking campaign** against older routers to steal **Microsoft Office** authentication tokens, putting accounts at risk acros...

Timeline

  1. 15.04.2026 03:00 2 articles · 2mo ago

    Barracuda flags brute-force surge against SonicWall and Fortinet devices

    Initial Disclosure

    Barracuda detected a sharp rise in brute-force attempts targeting SonicWall and Fortinet edge devices on 2026-04-15, with 88% of observed attempts appearing to originate from the Middle East and 56% of confirmed incidents from February to March tied to this attack type. Most attempts were blocked by security tools or used invalid usernames, and Barracuda advised stronger unique passwords, MFA on VPNs and firewalls, monitoring repeated failed logins, and restricting management interfaces to trusted IP ranges.

    Show sources