guidance United States effective 8/10
Government · Cybersecurity and Infrastructure Security Agency

CISA has issued an urgent alert regarding a global cyber incident, dubbed 'FortiBleed,' involving the exposure of approximately 74,000 Fortinet device credentials. Malicious actors are using these compromised credentials to target internet-accessible Fortinet devices in government and private sector organizations. CISA strongly recommends immediate actions for affected customers, including terminating all sessions, resetting passwords with strong policies, enabling phishing-resistant multifactor authentication, reviewing logs for suspicious activity, and restricting management interface access.

Effective date

2026-06-18

Action required

Impacted Fortinet customers must immediately terminate active SSL VPN and administrative sessions, reset all Fortinet VPN and administrative passwords, ensure secure credential storage, review logs, enable phishing-resistant MFA, and reduce the attack surface by locking down management access.

Binding status

advisory

Governing body

Cybersecurity and Infrastructure Security Agency

Direction

clarifying

Innovation impact

neutral

Compliance requirements

Audit requirements

  • Review firewall, VPN, authentication, and domain controller logs for lateral movement, unusual access, suspicious accounts, or unauthorized configuration changes.

Affected industries

governmentall

Affected roles

cisoctocompliance officerrisk manager

"To defend against this malicious cyber activity, CISA urges impacted Fortinet customers with FortiGate appliances and associated secure sockets layer (SSL) VPN gateways to immediately: Terminate sessions and reset credentials."

Enriched 2026-06-18

Stay informed

Get daily intelligence briefs on this and related regulatory developments.

Start 14-day trial