ShellCodeX
Tools • Events • News • Insights
ShellCodeX Intelligence Brief
CRITICAL Cybersecurity

FortiBleed campaign tied to Russian credential-sniffing initial access broker

Source headline: Russian Initial Access Broker Behind FortiBleed Campaign

Threat level Critical
Signal strength 85/100
Source confidence 1 source
Published 2 hours ago

Intelligence Summary

A Russian initial access broker is linked to the FortiBleed campaign. The actor used a custom sniffer to capture credentials from targeted systems. The activity reportedly began at least February 2026 and has yielded over 110 million stolen credentials. This suggests broad exposure risk for affected networks and accounts. Organizations should review for FortiBleed indicators, rotate potentially exposed credentials, and tighten access controls for externally reachable systems.

Recommended Action

Prioritize immediate review, validate exposure, and patch or mitigate affected systems.

Topics

#credential-theft #credential-rotation #fortibleed #initial-access #credential-sniffing #russian-threat-actor
Original reporting SecurityWeek Russian Initial Access Broker Behind FortiBleed Campaign
Open original source

Related Pulse Signals

View all signals
Medium · Cybersecurity OpenAI expands Daybreak with patch-first tools and partner ecosystem High · Cybersecurity London Hydro reveals customer data breach affecting names and account info Critical · Cybersecurity Compromised npm PostCSS utilities deliver Windows RAT payload High · Cybersecurity Xsolis breach exposes protected health data for 1.4 million people