← Back to news

Week in review: 74k Fortinet firewall credentials stolen, Splunk Enterprise RCE under active attack

Help Net Security21/06/2026, 08:00
Read full article →

Summary

AI-Generated

Key Points:

  • Main threat: Approximately 74,000 Fortinet firewall credentials were exposed in a data leak known as FortiBleed, attributed to a Russian-speaking cybercriminal group.
  • Impact assessment and affected systems: The leaked credentials are from configuration files of Fortinet firewalls and VPN gateways, potentially allowing unauthorized access to numerous networks globally.
  • Recommended actions or mitigations: Organizations using Fortinet products should immediately rotate their credentials, review access logs for suspicious activity, and apply any available patches to mitigate further risks.

Technical Details: The exposure resulted from the accidental release of configuration files by the cybercriminal group, which included sensitive information that could facilitate unauthorized access to affected systems.

MITRE ATT&CK Techniques:

  • T1078 - Valid Accounts (Defense Evasion, Initial Access)

IOCs Mentioned: None mentioned

Join the discussion — sign up to comment, upvote, and save articles.

Discussion

or to comment
Loading...

Loading comments...

Join 5,000+ security professionals

Get access to curated threat intel, upvote articles, join discussions, and build your karma in the SOC community.