- 4 March 2026
- 5 March 2026
- 5 min read
Exa News
Fortinet Firewall & VPN Security Guidance
- Date Posted:
- Read time:
- 5 min read
- Written by: Exa Networks
Recent reports from the National Cyber Security Centre (NCSC) and Fortinet have highlighted a large-scale campaign targeting Fortinet firewalls and VPN gateways through credential-based attacks. Current analysis suggests this activity is linked to the harvesting and reuse of credentials, rather than a newly discovered vulnerability affecting updated systems.
At this time, Exa’s managed systems and services are not affected by this activity and we continue to actively monitor the situation.
The reports indicate that attackers are primarily attempting to gain access using exposed, reused or compromised credentials. This means that while core managed infrastructure may remain secure, individual user accounts and unmanaged devices can still present a risk if security best practice is not followed.
Multi-Factor Authentication matters
Events such as this demonstrate why Multi-Factor Authentication (MFA), also known as Two-Factor Authentication (2FA), remains one of the most effective security measures available.
Even if a password becomes exposed, MFA adds another layer of protection that can prevent attackers from successfully accessing systems and accounts.
Password hygiene remains critical
Strong password habits are still essential:
- Use unique passwords for every account.
- Use long pass phrases instead of short complex passwords where possible.
- Consider using a password manager to generate and store credentials securely.
- Avoid sharing credentials between colleagues or systems.
- Ensure MFA/2FA is implemented if possible
Cyber threats increasingly rely on compromised credentials rather than sophisticated attacks. Good password practices and MFA significantly reduce risk and provide effective protection against many common attack methods.
Recommended actions
If you manage your own devices, firewalls, VPN services or network infrastructure, we recommend taking the following actions:
- Check your exposure using the fortibleed leak search tools such as:
https://socradar.io/free-tools/fortibleed or https://www.hudsonrock.com/fortinet. - Change passwords for administrator and VPN accounts if they have not been updated recently.
- Ensure all systems and devices are running the latest updates and firmware versions.
- Review account activity and login history for any unexpected access attempts.
- Remove any internet-facing management portals unless there is a clear operational requirement.
Exa will continue to monitor developments and provide updates where appropriate.
Keep up to date with our news.
Keep up to date with our news
Suggested Next Read
Related News Articles
- 12 November 2025
- 12 November 2025
- 5 min read
- 22 October 2025
- 23 October 2025
- 5 min read
