THE article discusses the 'FortiBleed' operation, a large-scale credential-spraying attack on Fortinet FortiGate SSL VPN devices and MSSQL servers, which occurred in June 2026. Led by a multi-operator crew, the attack involved automated attempts to log in using more than 3.6k credential pairs, totaling 1.16 billion tries across FortiGate devices worldwide.
The attackers, operating from Kali Linux VMs, used compromised credentials to gain access to sensitive information, including network sniffers to capture cleartext credentials from various protocols, leading to significant breaches in organizations across multiple countries. The report highlights that many of the affected organizations had previous security incidents. Recommendations to enhance security include limiting public access to the management interface of FortiGate devices and implementing credential reforms.