FortiBleed Campaign: A Threat to FortiGate Firewalls

The Hacker News reported on 23 June 2026 about the FortiBleed campaign, a large-scale credential-harvesting operation targeting FortiGate firewalls. The campaign, attributed to a Russian-speaking group, has affected over 430,000 firewalls globally since February 2026. The operation involves collecting credentials and exploiting exposed services, posing a significant threat to organisations using these devices.

Why this matters for UK organisations

For UK businesses using FortiGate firewalls, the FortiBleed campaign highlights the importance of securing network devices and maintaining up-to-date security configurations. The widespread nature of the attack underscores the need for vigilance and proactive defence strategies to protect sensitive information and maintain business continuity.

What to review

Organisations should review their network security configurations, ensuring all FortiGate devices are patched and monitored for unusual activity. This includes implementing robust access controls, conducting regular vulnerability assessments, and ensuring all security patches are applied promptly. Businesses should also consider enhancing their incident response capabilities to quickly address any potential breaches.

Source: The Hacker News