The Point: A cross-industry attack campaign has leaked credentials from over 30,000 Fortinet devices across nearly 200 countries.
A large-scale attack campaign has leaked login credentials for over 30,000 Fortinet devices. The perpetrators operate across industries in nearly 200 countries and already possess functioning credentials for a large number of compromised systems.
Security researchers have documented a systematic campaign that deliberately collects access credentials to Fortinet infrastructure. The attack spans diverse industries and geographic regions in nearly 200 countries. The attackers have already secured valid credentials for tens of thousands of affected devices.
For CISOs, this presents a significant risk in perimeter management: Fortinet FortiGate and related security appliances are often positioned as gateways to infrastructure. Compromised admin credentials potentially enable direct access to network segmentation, VPN configuration, and logging systems.
Immediate countermeasures should include reviewing Fortinet devices for unusual login activity, enforcing strong password policies, and implementing multi-factor authentication for administrative access. An examination for indicators of compromised admin sessions is required.
Source: www.darkreading.com · Published June 17, 2026
Lumi AI News — AI-assisted curation pursuant to Art. 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.1.