logo

FortiBleed: The Broker Who Turned 73,000 Firewalls Into a Product Catalog

ID: 4956d03c-1ac4-5a9a-9e19-69ee3f2ea1ef

STIX ID: report--4956d03c-1ac4-5a9a-9e19-69ee3f2ea1ef

Feed Name: Security Affairs

Threat Score
85/100

Date Published: 2026-06-24

Date Updated: 2026-06-24

Author: Pierluigi Paganini

...
...

A security researcher discovered an exposed server containing valid login credentials for 73,932 Fortinet devices spanning 21,632 organizations in 194 countries; the data was part of an access-brokering operation run by a seller (“SantaAd”) who performed large-scale brute-force and cracking activity, cataloged victims with revenue/sector metadata for resale, and advertised live auctions—indicating active criminal resale (likely to ransomware actors) and a systemic operational pipeline leveraging rented infrastructure and AI-driven tooling.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.