IN mid-June 2026, researchers uncovered the FortiBleed campaign, affecting Fortinet FortiGate firewalls, with an estimated 30,000 to 75,000 devices compromised across 194 countries. Threat actors extracted configuration files and cracked credential hashes, obtaining verified administrator credentials. SOCRadar's research revealed operational infrastructures of the threat group, including databases of validated credentials organized by various factors.
Beaumont and Hudson Rock's analysis indicated that up to 75,000 devices may be impacted, likely due to existing administrator passwords stored with outdated SHA-256 hashes before upgrades to more secure PBKDF2-based mechanisms. This exposes the vulnerability primarily to poor password management rather than flaws in Fortinet's systems.