CyberIntel ⬡ News
★ Saved ◆ Cyber Reads
← Back ◇ Industry News & Leadership Jun 19, 2026

CISA Urges Hardening Fortinet Devices Following FortiBleed Attack

Cybersecurity News Archived Jun 19, 2026 ✓ Full text saved

CISA has issued an urgent advisory warning organizations to secure their Fortinet devices following reports of a large-scale credential exposure campaign known as “FortiBleed.” The alert comes after threat actors were found exploiting compromised credentials linked to tens of thousands of internet-facing Fortinet systems worldwide. According to CISA, the FortiBleed activity involves leaked credentials associated […] The post CISA Urges Hardening Fortinet Devices Following FortiBleed Attack appea

Full text archived locally
✦ AI Summary · Claude Sonnet


    HomeCyber Security News CISA Urges Hardening Fortinet Devices Following FortiBleed Attack By Abinaya June 19, 2026 CISA has issued an urgent advisory warning organizations to secure their Fortinet devices following reports of a large-scale credential exposure campaign known as “FortiBleed.” The alert comes after threat actors were found exploiting compromised credentials linked to tens of thousands of internet-facing Fortinet systems worldwide. According to CISA, the FortiBleed activity involves leaked credentials associated with approximately 74,000 Fortinet devices, including FortiGate firewalls and SSL VPN gateways. The exposure has affected government and private-sector organizations across multiple regions, raising serious concerns about unauthorized access and potential lateral movement within networks. CISA Warns on FortiBleed Attacks Security researchers and threat intelligence firms, including SOCRadar, Hudson Rock, and Arctic Wolf, have reported that the campaign spans over 190 countries, highlighting the global scale of the issue. Many of the affected devices were directly accessible from the internet, making them high-value targets for attackers seeking initial access. The primary risk stems from attackers leveraging valid but compromised credentials to bypass traditional security controls. Once inside, threat actors can escalate privileges, move laterally across networks, and potentially deploy malware or exfiltrate sensitive data. In response, CISA has strongly urged organizations using Fortinet products to take immediate defensive actions. One key recommendation is to terminate all active SSL VPN and administrative sessions. Organizations should also reset all passwords associated with Fortinet devices, particularly those exposed to the internet, and enforce strong password policies. Another critical mitigation step involves securing credential storage. CISA recommends verifying that administrator credentials are protected using the Password-Based Key Derivation Function 2 (PBKDF2), a more secure hashing algorithm. Older or weaker hashing mechanisms should be removed in line with Fortinet’s latest guidance. Organizations are also advised to conduct thorough log reviews. This includes analyzing firewall logs, VPN access records, authentication logs, and domain controller activity for signs of suspicious behavior. Indicators such as unusual login attempts, unauthorized account creation, and unexpected configuration changes may signal compromise. To further strengthen defenses, CISA recommends enabling phishing-resistant multi-factor authentication (MFA) across all remote access points and administrative interfaces. This adds a layer of protection, even if credentials have already been exposed. Reducing the attack surface is another key priority. Administrators should ensure that Fortinet management interfaces are not exposed to the public internet. Access should be restricted to trusted internal networks, and any unnecessary or unauthorized accounts must be removed immediately. The FortiBleed campaign underscores the growing risk of credential-based attacks, particularly as threat actors increasingly rely on stolen login data rather than exploiting software vulnerabilities. It also highlights the importance of proactive security measures, including strong authentication, proper credential management, and continuous monitoring. While no specific CVE has been directly tied to this campaign, the scale and impact of the exposure demonstrate how misconfigurations and credential leaks can create significant security gaps. Organizations are encouraged to review CISA’s guidance and threat intelligence reports to assess their exposure and take immediate action. As threat actors continue to evolve their tactics, securing edge devices like firewalls and VPN gateways remains critical to maintaining overall network security. Follow us on Google News, LinkedIn, and X to Get More Instant Updates. Tags cyber security cyber security news Copy URL Linkedin Twitter ReddIt Telegram Abinayahttps://cybersecuritynews.com/ Abi is a Security Editor and fellow reporter with Cyber Security News. She is covering various cyber security incidents happening in the Cyber Space. Trending News Critical Fortinet FortiSandbox Vulnerabilities Actively Exploited in Attacks India Temporarily Bans Telegram Messenger Over Medical Exam Fraud Hackers Abuse LNK Files, PowerShell, and Python Loader to Deploy NarwhalRAT The Half-Life of Threat Intelligence: When Does an IOC Stop Being Useful?  Palo Alto Warns of GlobalProtect VPN Vulnerability Actively Exploited in the Wild Latest News Cyber Security News CISA Warns of Splunk Enterprise Critical Function Vulnerability Actively Exploited in Attacks Cyber Security News Node.js Fixes 12 Vulnerabilities, Including 2 High-Severity Authentication Bypasses Cyber Security News Hackers Use Weaponized Windows Shortcuts to Spread Crypto Clipper Across USB Drives Cyber Security News AI-Powered Public Surveillance and Biometric Data Collection Expand Government Monitoring Cyber Security Authorities Dismantle SocGholish Malware Network — 106 Servers and 101 Domains Seized
    💬 Team Notes
    Article Info
    Source
    Cybersecurity News
    Category
    ◇ Industry News & Leadership
    Published
    Jun 19, 2026
    Archived
    Jun 19, 2026
    Full Text
    ✓ Saved locally
    Open Original ↗