Product

FortiGate

3 briefs RSS

FortiBleed Campaign: 73,932 FortiGate Systems Credentials Exposed

A Russian-speaking threat group utilized a large dataset of administrative and VPN credentials, likely sourced from exposed FortiGate configuration files and active credential harvesting, to access government, critical infrastructure, and multinational corporate networks, resulting in widespread data exfiltration.

FortiGate +1 Russian-speaking threat group credential-theft fortios state-sponsored espionage data-exfiltration russian-speaking critical-infrastructure government

3r 9t 1i 1d ago

high advisory

First-Time FortiGate Administrator Login Detected

2 rules 1 TTP

A user with the Administrator role has successfully logged in to the FortiGate management interface for the first time within the last 5 days, potentially indicating unauthorized access or misconfiguration.

FortiGate initial-access administrator-login

2r 1t May 13, 2026

high advisory

Komari Agent Abused as SYSTEM-Level Backdoor

2 rules 4 TTPs 2 IOCs

Threat actors are abusing the Komari monitoring agent, a project hosted on GitHub, as a SYSTEM-level backdoor following initial access through compromised VPN credentials and lateral movement via Impacket.

Defender +2 komari backdoor nssm github rat reverse shell

2r 4t 2i Apr 30, 2026