Widespread Security Flaw Affects Business Networks in 194 Countries

In mid June 2026, security researchers discovered a massive attack targeting business security systems in 194 countries. The campaign, nicknamed FortiBleed, focuses on Fortinet FortiGate firewalls that companies use to protect their networks. Attackers are stealing configuration files from these systems and cracking the passwords inside them. This gives criminals working administrator access to company networks. This affects employees and customers of businesses that use these Fortinet systems. If your employer or a company you do business with uses FortiGate firewalls, criminals may have gained access to internal company systems. This could include employee records, customer databases, financial information, and confidential business data. The scale of this attack, spanning nearly every country in the world, means many organizations are potentially impacted.

Take these steps right now:

1. If you work for a company, notify your IT department or security team about this threat if they have not already addressed it. They need to check whether your organization uses affected Fortinet products.
2. Change passwords for any work related accounts, especially if your company uses Fortinet products. Use strong, unique passwords that you have never used before.
3. Enable two factor authentication on all work accounts where it is available. This requires a second verification step beyond just your password.
4. Watch your personal email for breach notifications from any businesses you interact with regularly. Retailers, service providers, and other companies may have been affected.
5. Monitor your financial accounts closely. Set up alerts for transactions over a certain amount so you are notified immediately of suspicious activity. For ongoing protection, treat your work accounts with the same security care as your personal ones. Never reuse passwords across multiple sites or services. Be suspicious of any unexpected requests to verify your identity or reset passwords, even if they appear to come from your employer. Always verify through a separate, trusted channel before providing sensitive information.