Your firewall is supposed to be the thing keeping attackers out. This week, for thousands of businesses, it became the way in.
Security researchers disclosed a campaign they are calling FortiBleed, and the numbers are rough: working administrator and VPN credentials for roughly 86,000 Fortinet firewalls, or about half of every internet-facing FortiGate device on the planet.
Here is the part that should get your attention: there is nothing to patch.
What Actually Happened
This was not a clever new software flaw; it was old-fashioned bad password hygiene at scale. Attackers took credentials exposed in earlier Fortinet incidents, brute-forced devices that had no multi-factor authentication, and built a searchable database of logins that still work.
Many of those passwords were never changed after the original breach, so the attackers simply tried them again, and a lot of them opened the door.
Why This One Is Different
Most security stories end with “apply the patch.” This one does not, because there is no patch to apply. That is why CISA urged affected organizations to act right away rather than wait.
A compromised firewall is a quiet disaster. Once an attacker is on it, they can watch your traffic, harvest more credentials, change settings, and create their own accounts, all without tripping the alarms your other tools rely on (aka the thing guarding the door turns out to be an excellent place to hide). This is exactly the kind of exposure that ongoing managed security maintenance is built to catch before it becomes a headline.
What to Do About It
If your business runs a Fortinet firewall or VPN, this is a today problem rather than a someday one:
- Reset every administrator and VPN password, especially anything facing the internet
- Turn on multi-factor authentication for all admin and VPN accounts
- Get your firewall’s management interface off the public internet
- Check the logs for logins, accounts, or configuration changes you do not recognize
None of this requires new tools, it just requires someone actually doing it and knowing where to look.
The Bottom Line
FortiBleed is a reminder that your security is only as strong as the maintenance behind it. A firewall you bought five years ago and never touched is not really protection at all, just a liability with a login page.
If you are not certain your firewall, your credentials, and your MFA are actually locked down, that is worth a conversation.
→ Schedule a Security Check with Rob
→ Learn More About Our Managed Security Services
Published: Jun 25, 2026
Need IT Support for Your Florida Business?
GiaSpace provides proactive managed IT services, cybersecurity, and local tech support across Florida — with teams in Gainesville, Fort Lauderdale, Jacksonville, and Ocala.
Managed IT Services FloridaCybersecurity Services FLGainesville IT ServicesFort Lauderdale IT Services
