Skip to main content

Weekly Cyber Intelligence for Leaders

This was the week the perimeter leaked. The most consequential breaches did not begin with a clever exploit.

Tom Guerin 25 June 2026 · 1 min read
Weekly Cyber Intelligence for Leaders

Tens of thousands of firewalls surrendered their credentials. A trusted software supplier became the doorway into hundreds of customer systems. Law enforcement dismantled one of the oldest pipelines feeding the ransomware economy. And the largest consultancy in the world placed a four-billion-dollar bet that defending industrial systems is the defining security challenge of the decade. The through-line is unmistakable - the contest is no longer only about keeping intruders out, but about seeing compromise the moment it surfaces, wherever it surfaces.

Here is your weekly five-minute distillation of the 10 most consequential movements in cyber

security.

FortiBleed: 86,644 Fortinet Firewalls Surrender Their Credentials, and the Data Reaches the Dark Net First

THE BIG DEAL 

On 18 June, the United States Cybersecurity and Infrastructure Security Agency warned that a sweeping credential-theft campaign, dubbed FortiBleed, had compromised roughly 86,644 internet-facing Fortinet firewalls and SSL VPN gateways across 194 countries. Researchers attribute the operation to a Russian-speaking group that ran an estimated 1.16 billion credential attempts against more than 320,000 FortiGate targets. Government agencies, financial institutions and healthcare providers are among the victims. Critically, the stolen credential database was already circulating on dark net forums before CISA issued its advisory, giving secondary actors a head start. 

TAKEAWAY 

The edge device is now the prize, and the warning shot arrives on the dark net, not in your security operations centre. Terminate active VPN sessions, rotate every Fortinet credential, enforce phishing-resistant multi-factor authentication and remove management interfaces from the public internet today. Then ask the harder question: if your credentials were traded tonight, how would you know?

SOURCE CISA - Hardening Fortinet Devices After Credential Exposure

Published by

Tom Guerin Founder, Brighten Tech

About our partner

Brighten Tech

Brighten Tech, is designed to provide organisations with earlier visibility of potential threats by identifying exposed credentials, leaked information and emerging threat activity directly from source environments across the dark net and related ecosystems. Rather than relying solely on intelligence that has already been aggregated and widely circulated, the platform aims to provide organisations with greater time to assess, respond and reduce risk.What the Radiance platform delivers:› Real-time dark net monitoring across forums and marketplaces, captured at the moment of publication› Automated credential-leak and PII breach detection for your organisation, customers and executives› Breach source-URL identification and threat-actor intelligence for rapid, targeted response› A non-attributable collection methodology that leaves no digital footprint› SIEM and SOAR integration that triggers automated playbooks the moment a leak is detectedStop discovering breaches last. Start seeing them first.Explore Radiance at brightentech.aiUntil next

Learn more