Cybersecurity

Global cybersecurity agencies warn of credential exposure in FortiBleed campaign targeting Fortinet firewalls, VPN gateways

26 sec read10 views0 listens

Threat actors are exploiting weak credentials to gain unauthorized access to Fortinet firewalls and VPN gateways through a campaign known as FortiBleed. This highlights a critical cybersecurity gap where credential reuse and poor password hygiene are enabling widespread breaches, bypassing traditional perimeter defenses. Developers and IT professionals must immediately rotate credentials, enforce MFA, and restrict management access to prevent further compromise.

Read the full article at Industrial Cyber

Want to create content about this topic? Use Nemati AI tools to generate articles, social posts, and more.

FortiBleed: The Most Detailed Breakdown Yet of an Active Russian Credential-Harvesting Operation

A sophisticated Russian credential-harvesting campaign called FortiBleed has compromised over 430,000 FortiGate firewalls globally, extracting 110 million credentials through a five-phase operation still targeting 19,000 devices. The attack abuses le...

Ali Nemati

Cybersecurity1 day ago26 sec read

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 102

The latest Security Affairs Malware Newsletter rounds up significant cybersecurity threats, including a supply chain attack on OptinMonster, a China-nexus actor targeting medical research, and new Android and Windows malware. It also details advanced...

Ali Nemati

Cybersecurity6 days ago29 sec read

ClickFix Campaign Uses EtherHiding and GULoader to Infect Windows Users via Fake CAPTCHA

A sophisticated cyberattack campaign is targeting desktop Windows users by deploying fake CAPTCHA overlays on compromised WordPress sites to deliver GULoader malware. This threat leverages blockchain-based payload delivery and social engineering to b...

Ali Nemati

Cybersecurity6 days ago1m & 1 s read

Ghostwriter Hackers Abuse Gmail Admin-Themed Emails to Steal Credentials and 2FA Codes

Ghostwriter Hackers Abuse Gmail Admin-Themed Emails to Steal Credentials and 2FA Codes A sophisticated cyber threat group known as Ghostwriter has been leveraging phishing tactics that mimic official Google alerts to deceive users into divulging thei...

Ali Nemati

CybersecurityJun 1527 sec read

Google exposes China espionage group that's been lurking in networks undetected since 2023

Google's Threat Intelligence Group uncovered a new Chinese state-sponsored espionage group, UNC6508, which has been operating since September 2023 and targeting U.S. and Canadian organizations across various sectors to steal sensitive data. This disc...

Ali Nemati

Global cybersecurity agencies warn of credential exposure in FortiBleed campaign targeting Fortinet firewalls, VPN gateways

Related Articles

FortiBleed: The Most Detailed Breakdown Yet of an Active Russian Credential-Harvesting Operation

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 102

ClickFix Campaign Uses EtherHiding and GULoader to Infect Windows Users via Fake CAPTCHA

Ghostwriter Hackers Abuse Gmail Admin-Themed Emails to Steal Credentials and 2FA Codes

Google exposes China espionage group that's been lurking in networks undetected since 2023