CISA has issued an alert regarding the FortiBleed incident, which has leaked credentials for approximately 74,000 Fortinet devices, including firewalls and VPN gateways. Attackers are actively exploiting these credentials globally, targeting both government and private organizations. Security researchers confirmed the leak's legitimacy, which arose from misconfigured servers exposing valid credentials and contributing to a large-scale active exploitation campaign.
CISA advises organizations using Fortinet devices to take immediate actions such as resetting passwords, enabling multi-factor authentication, and reviewing access logs. Notable companies and agencies were affected, and the incident underscores the severity of device misconfigurations exposed to the internet.