FortiBleed: Credential Compromise Campaign Targeting Fortinet Devices (Campaign)
ID: a394d839-74a7-5944-9c0e-f1145a714480
STIX ID: report--a394d839-74a7-5944-9c0e-f1145a714480
Feed Name: Wiz Cloud Threat Landscape
Date Published: 2026-06-16
Date Updated: 2026-07-02
Author: [email protected] (Wiz Threat Research)
The FortiBleed campaign uses automated scanning and credential stuffing against Fortinet SSL VPN and management interfaces on standard and non-standard HTTPS ports, leveraging leaked or reused credentials to build and continuously validate a database of working logins; compromised devices are then used to harvest further credentials, impacting government, telecom, healthcare, education, energy, and commercial organizations globally.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
