CISA Warns of Active Exploitation Following FortiBleed Leak

**FortiBleed — Active exploitation of leaked Fortinet credentials:** CISA issued an emergency alert after researchers discovered plaintext VPN and admin credentials (and device config exports) for ~74k Fortinet devices that attackers are actively using worldwide; evidence includes confirmed working logins, a dataset spanning 194 countries and 21k+ domains, large-scale cracking operations (45‑GPU Hashtopolis), billions of credential attempts, and reported compromises of organizations across multiple countries. Recommended mitigations include immediate session termination and password resets, enabling phishing‑resistant MFA, upgrading FortiOS and forcing admin re-login to rehash credentials, and removing management interfaces from the public internet.