CISA Warns Fortinet Customers as FortiBleed Hits 86,644 FortiGate Devices
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has urged Fortinet customers to secure FortiGate appliances against a campaign called FortiBleed. Malicious actors have exposed credentials for thousands of internet-accessible firewalls and VPN gateways. The activity affects both government and private sector organizations worldwide.
What changed
CISA issued an urgent advisory as the number of compromised devices reached 86,644 by June 19, 2026.
Live updates
-
CISA Warns of FortiBleed Campaign Targeting Fortinet Devices
confidence 90%The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has urged Fortinet customers to secure FortiGate appliances against a campaign called FortiBleed. Malicious actors have exposed credentials for thousands of internet-accessible firewalls and VPN gateways. The activity affects both government and private sector organizations worldwide.
What's confirmed:
- CISA urged Fortinet customers with FortiGate appliances to secure devices against the FortiBleed campaign.
- The campaign targeted internet-accessible Fortinet firewalls and virtual private network (VPN) gateways.
- As of June 19, 2026, the number of compromised devices stands at 86,644.
- The activity impacts government and private sector organizations.
Still unconfirmed:
- Russian-speaking threat actors are believed to be responsible for the campaign.
- The campaign used custom sniffers to harvest authentication secrets.
- Generic admin accounts and built-in system accounts make up the majority of compromised credentials.
- The campaign has impacted devices across 194 countries.
- The campaign has targeted western organizations for several months.