Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Watchlists Beta Browse News Feed Stats About Contact

FortiGate firewall and SSL VPN customers data exposed after Fortinet breach

Data Leak
First reported
Last updated
Happening score
H score 93
1 unique sources, 1 articles

Summary

Hide ▲

The FortiBleed credential leak exposed around 75,000 stolen logins from FortiGate firewall and SSL VPN customers, creating immediate account-takeover risk for affected organizations. The exposed records include usernames, email addresses, and plaintext passwords tied to customers in 194 countries. The dataset also spans over 21,000 unique domains, showing broad exposure across internet-facing Fortinet deployments. The UK’s NCSC has issued guidance for impacted customers to check exposure and hunt for compromise indicators.

Cases

FortiBleed Credential Exposure Affecting FortiGate and SSL VPN Accounts (1)

Related Happenings

CISA warning on FortiBleed for FortiGate customers

Public Sector Action
H score89 First: 19.06.2026 17:00 Last: 19.06.2026 17:00 Sources 1

About this happening: **CISA** warned **Fortinet** customers with **FortiGate appliances** to secure exposed systems against ongoing malicious activity tied to **FortiBleed**. The activity had reached...

Open Happening

FortiBleed Fortinet credential-theft campaign

Campaign
H score89 First: 19.06.2026 13:48 Last: 19.06.2026 13:48 Sources 1

How related: A database of around 75,000 credentials stolen from FortiGate firewall and SSL VPN customers was discovered by security researchers last week.

About this happening: The **FortiBleed** Happening is a global **Fortinet credential-theft** campaign affecting **FortiGate firewall** and **SSL VPN** customers. The **UK’s NCSC** issued guidance after...

Latest development: 22.06.2026 11:30

The UK’s National Cyber Security Centre issued guidance for Fortinet customers impacted by FortiBleed after the campaign exposed around 75,000 credentials from FortiGate firewall and SSL VPN customers. The NCSC urged affected organizations to use Hudson Rock’s or SOCRadar’s FortiBleed checker tools and then review indicators of compromise such as unauthorized account creation and unexpected activity in log files.

Open Happening

CISA FortiBleed mitigation guidance

Advisory/Mitigation
H score67 First: 19.06.2026 09:47 Last: 19.06.2026 09:47 Sources 1

About this happening: **CISA** issued mitigation guidance for **FortiBleed**, urging operators of **internet-accessible Fortinet devices** to harden exposed **FortiGate** and VPN environments after a *...

Open Happening

FortiBleed Fortinet/FortiGate VPN credential leak

Data Leak
H score80 First: 17.06.2026 18:12 Last: 17.06.2026 18:12 Sources 1

About this happening: **FortiBleed** is a **data leak** of **Fortinet/FortiGate VPN credentials** that now includes a verified database of **86,644 confirmed working credentials** collected from **inte...

Latest development: 19.06.2026 09:47

CISA urged Fortinet customers to secure FortiGate appliances after nearly 74,000 firewall and VPN credentials were exposed in the FortiBleed leak. The agency advised affected owners to terminate SSL VPN and administrative sessions, reset VPN and administrative passwords, enable phishing-resistant multifactor authentication, review logs for unauthorized access or lateral movement, store admin credentials with PBKDF2, restrict firewall management interfaces from public internet access, and remove unauthorized accounts.

Open Happening

Russian-speaking FortiGate and Microsoft SQL Server bruteforce campaign

Campaign
H score82 First: 17.06.2026 18:12 Last: 17.06.2026 18:12 Sources 1

About this happening: A Russian-speaking multi-operator threat group ran a **FortiGate** and **Microsoft SQL Server** bruteforce campaign that generated **billions of credential attempts**, raising the...

Open Happening

Timeline

  1. 22.06.2026 11:30 1 articles · 3h ago

    Security researchers discover stolen FortiGate and SSL VPN credentials database

    Initial Disclosure

    Security researchers discovered a database containing around 75,000 credentials stolen from FortiGate firewall and SSL VPN customers, including usernames, email addresses and plaintext passwords tied to organizations such as Oracle, Spotify, Toyota and AT&T. The exposed logins were said to affect customers in 194 countries and over 21,000 unique domains, creating account-takeover risk for any organization listed in the dataset.

    Show sources
    Open in new tab
  2. 22.06.2026 11:30 2 articles · 3h ago

    NCSC issues FortiBleed guidance for Fortinet customers

    Industry Or Public Sector Update

    The UK’s National Cyber Security Centre issued guidance for Fortinet customers affected by the credential theft campaign, recommending Hudson Rock’s or SOCRadar’s FortiBleed checker tools and checks for indicators of compromise such as unauthorized account creation and unexpected log activity. The guidance was aimed at organizations whose FortiGate and SSL VPN credentials may have been exposed.

    Show sources
    Open in new tab