The Point: Admin passwords for 74,000 Fortinet firewalls were compromised in an attack wave, granting full access to critical network perimeters.
A coordinated attack campaign has stolen admin credentials for approximately 74,000 Fortinet firewalls. The incident signals widespread compromise of critical network infrastructure over an extended period.
Attackers are currently conducting massive attacks against firewalls from manufacturer Fortinet and have already compromised administrator passwords for around 74,000 devices. The credentials grant complete control access to the affected firewalls, which serve as critical perimeter protection in enterprise networks.
For CISOs, this represents significant risk: with admin access, attackers can disable security policies, manipulate traffic logs, inject malware into the network, or perform lateral movement without raising suspicion. Fortinet devices typically protect networks of enterprises, government agencies, and critical infrastructure – compromise thereby undermines an organization’s entire security posture.
CISOs should immediately verify whether their Fortinet firewalls fall within the affected inventory. Necessary immediate actions include: reviewing admin access for suspicious activity, password changes, enforcing redefinition of access policies, and monitoring for abnormal network patterns. Depending on existing security incidents and public disclosures, incident response procedures and potential NIS2 notification obligations should also be evaluated.
Source: www.golem.de · Published 18 June 2026
Lumi AI News — AI-assisted curation in accordance with Article 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.1.