Bottom line: 73,932 VPN credentials from Fortinet firewalls were exposed in a data breach, enabling attackers direct remote access to affected networks.
A data breach dubbed “FortiBleed” has exposed access credentials for Fortinet and FortiGate VPN connections from nearly 74,000 firewall devices worldwide. This creates a large attack surface for unauthorized remote access.
The security incident designated “FortiBleed” affects credentials for Virtual Private Network (VPN) connections to FortiGate firewalls—one of the world’s most widely deployed enterprise firewalls. The leaked data comprises 73,932 firewall URLs from organizations across various industries and regions.
For CISOs, this breach is critical: VPN credentials enable direct remote access to corporate networks without needing to overcome additional barriers such as network segmentation. With the exposed credentials, attackers can access firewalls, configure them, extract sensitive logs, or use the devices themselves for lateral movement within the network. This increases both incident response requirements and regulatory risks under NIS2, where protection of infrastructure components and their access controls is mandatory.
Immediate action involves identifying affected Fortinet environments (particularly those with publicly accessible VPN), rotating credentials, and reviewing access patterns on the firewalls. At the same time, it should be verified whether the affected devices correspond to a known security update from the manufacturer and whether additional monitoring or MFA measures are active on the VPN access.
Source: www.bleepingcomputer.com · Published 17 June 2026
Lumi AI News — AI-assisted curation pursuant to Art. 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.7.1.