The FortiBleed credential harvesting campaign compromised over 430,000 FortiGate firewalls globally. Ransomware operations INC Ransom and Lynx used these harvested credentials to launch attacks.
Attackers exploited a vulnerability to passively intercept authentication traffic and collect credentials at scale. The breach impacted major companies across the maritime, port, and energy sectors.
Cybersecurity firm Cydome reported that leaked data included credentials for 703 satellite-linked internet devices. The campaign exploits legacy administrator credentials that remained valid after software updates, allowing attackers to recover logins even on patched systems.