FortiBleed: 86,000 Fortinet Logins Are Already in Criminal Hands
The news: A campaign called FortiBleed has dumped over 86,000 working FortiGate admin and VPN logins into criminal forums. There is no CVE and no patch: attackers stole config files and cracked the passwords offline.
Why it matters: Roughly half of all internet-reachable FortiGate devices may be exposed, across 194 countries. This is credential theft, not a software bug, so your patch dashboards stay green while a valid VPN key sits in a forum.
What to do: Treat every FortiGate admin and VPN credential as compromised. Rotate them this morning, force MFA on remote access, and check configs for changes you did not make.
Accenture Just Bought Its Way Into the OT Security Stack
Accenture said on June 18 it will pay about $4.18 billion for a majority stake in Dragos, plus all of runZero and NetRise. That folds three independent security vendors into one integrator-owned platform, and the targets are not niche. runZero is widely used for asset discovery, NetRise for software-supply-chain visibility, and Dragos for OT threat detection. If any sits in your stack, your best-of-breed tool now reports to a firm that also sells you services. The deals close in August and September, so check your contracts for change-of-control terms and ask for a roadmap before renewal.
Your AI Agents Now Have Their Own Logins. Can You See Them?
Enterprise AI has shifted from chatbots to agents that act with their own credentials, and the tooling to govern them is finally catching up. Microsoft's Agent 365 now discovers agents on Windows, AWS Bedrock, and Google Cloud, including third-party tools like Claude Code and Copilot CLI. KPMG went live on it globally on June 9. The practical shift: shadow agents holding production credentials are now inventoriable, the way unmanaged laptops were a decade ago. Pull a count this week of how many agents in your environment hold their own credentials.
Watch This
FortiBleed is the clearest sign yet that the breach of the year may not have a CVE at all. Compromises built on stolen configs, leaked tokens, and cracked credentials leave your vulnerability metrics looking pristine while attackers walk in the front door. If your security reporting still leads with patch coverage, expect it to miss the next one.
This week, DoGood network members are rotating edge-device credentials and pulling agent-identity inventories at the same time, two fixes for the same blind spot: assets and identities they could not see. If you run IT or security at a $100M+ company, that is the conversation your peers are already having.
Know a CIO who needs this? Forward it and they can subscribe here.
Enterprise IT leader at a $100M+ company? Apply to join DoGood.