FortiBleed: 86,000 Fortinet Device Credentials Compromised

The large-scale credential theft campaign hit roughly half of the internet-accessible Fortinet firewalls and VPNs. The post FortiBleed: 86,000 Fortinet Device Credentials Compromised appeared first on SecurityWeek .

According to public reporting, the FortiBleed campaign involves threat actors compiling more than 86,000 verified working credentials for internet-accessible Fortinet firewalls and VPNs, affecting roughly half of all internet-facing Fortinet devices worldwide.[3][2][4] CISA and Fortinet have urged customers to terminate active sessions, reset all admin and VPN passwords, enforce MFA, upgrade to PBKDF2-based credential storage, and lock down management interfaces to trusted networks.[3][5] From a CyberSE.AI perspective, any AI systems, agents, or data pipelines sitting behind Fortinet appliances are at high risk of secondary compromise via these stolen credentials, which can enable lateral movement into environments hosting models, training data, or sensitive operational logic. Organizations should immediately assess exposure paths from Fortinet devices to AI infrastructure, perform targeted red teaming to validate whether compromised network access can be leveraged to exfiltrate models or data, and update AI security policies and access controls to assume credentials and perimeter devices may already be compromised.