By Jordan Polasek · July 5, 2026

There is a special kind of quiet danger in this line of work: not a new hole punched in your front door, but the discovery that someone already made a copy of your key. That is the story of FortiBleed — and if your business runs a Fortinet firewall, it is worth two minutes of your attention this week.

## ⚡ The 60-Second Version
- What: A criminal group has assembled a collection of working administrator and VPN passwords for tens of thousands of internet-facing Fortinet firewalls — reports put it around 86,000 devices across 194 countries, roughly half of every Fortinet firewall exposed to the internet. Researchers named the campaign FortiBleed. Importantly, this is not a new software flaw — it is reused, guessed, and cracked passwords.
- Fix: Reset every Fortinet admin and SSL-VPN password now, kill all active sessions, turn on phishing-resistant multi-factor authentication (MFA), and get the firewall's management screen off the public internet.
- By when: Now. CISA, the UK's national cyber agency, and Fortinet all issued guidance the week of June 18, 2026, and attackers are actively using these credentials today.

What FortiBleed actually is — and what it isn't

Let me clear up the scary part first, because the headlines have been loud. FortiBleed is not a brand-new zero-day vulnerability in Fortinet's software. Fortinet has been clear that no new flaw is involved, and I believe them here. So you don't need to panic-patch a specific version overnight.

What actually happened is, in some ways, more sobering. Security researchers found a stash of data on an exposed server in mid-June — a working list of login credentials for tens of thousands of Fortinet firewalls and their VPN gateways. The criminals built that list the old-fashioned way:

In other words, this wasn't a clever exploit. It was a harvest of businesses that never rotated a password, never turned on MFA, and left the front-desk login facing the open internet. That should feel less like bad luck and more like a checklist.

Why a firewall login is the worst thing to lose

Of all the passwords in your business, the one guarding your firewall and VPN is close to the crown jewels. Think about what that login actually controls:

And here's the part that stings: because it's the firewall, it is trusted. Alarms that would scream about a suspicious laptop often stay silent when the "firewall admin" logs in, because that's supposed to be you. That trust is exactly what makes a leaked firewall credential so valuable to a criminal — and why CISA warned that these logins are already being used against businesses worldwide.

For scale: last year's Belsen Group leak exposed around 15,000 Fortinet devices. FortiBleed is several times larger and built from fresher data — not a rerun.

Who's affected — and how to tell

The devices at risk share a simple profile: a Fortinet firewall (FortiGate) with an SSL-VPN or management interface reachable from the public internet. That describes a huge number of small and mid-sized businesses across Texas, because a FortiGate is one of the most common firewalls a local IT shop will install. If you have remote workers who "VPN in," there is a good chance a Fortinet appliance is sitting at your edge right now.

You likely can't tell from your desk whether your specific device is on the leaked list — and honestly, you shouldn't wait to find out. The safe assumption, if you have an internet-facing Fortinet device, is that its credentials could be exposed, and to act as though they are.

What this means for your business — this week

Here's the short, prioritized list I'd hand any owner reading this:

None of these are exotic. They are the fundamentals — and FortiBleed is a very expensive reminder that fundamentals, skipped, become someone else's opportunity.

How BVTech helps

For our managed clients, this is a quiet week by design. The firewalls we manage already run MFA on remote access, keep management interfaces off the public internet, and rotate credentials on a schedule — so a leaked-password campaign like FortiBleed has very little to grab onto. Where a reset or session purge is warranted, we handle it and confirm it, and you hear from us before you hear from a headline.

If you're not sure whether your firewall is exposed — or whether MFA is really on for your VPN — that's exactly the kind of thing we check for free. You can book a short call, take a look at your Security Scoreboard, or read more about our cybersecurity solutions. No pressure, no fear-mongering — just a straight answer about whether your front door's keys are still yours.

— Jordan Polasek · Founder, BVTech LLC