Risky Bulletin

Risky Bulletin: AI-driven hacking campaign breaches 600+ Fortinet devices

Feb 23, 2026
An AI-assisted campaign used DeepSeek and Claude to compromise 600+ Fortinet firewalls. A VPN product was exploited to gain data center access. Chinese actors stole Italian police officer data. Archive.today was blacklisted after causing DDoS-like traffic. A PayPal loan bug exposed customer data and new malware in NPM packages is stealing credentials.
Ask episode
AI Snips
Chapters
Transcript
Episode notes
INSIGHT

AI Toolkits Scaled Fortinet Firewall Breaches

  • A Russian-speaking actor used commercial AI toolkits to scale attacks against Fortinet firewalls.
  • They exploited exposed management services with weak credentials, then used DeepSeek and Claude for reconnaissance and vulnerability exploitation.
ADVICE

Harden Management Interfaces Immediately

  • Harden exposed management interfaces and eliminate weak credentials to prevent automated AI-driven recon.
  • The attacker avoided hardened internal networks, showing basic hardening blocks AI-assisted exploitation.
INSIGHT

AI Combined Recon And Offensive Automation

  • Attackers combined tools: DeepSeek for discovery and Claude to generate vulnerability assessments and run offensive tools.
  • This shows AI can automate both reconnaissance and offensive decision-making in campaigns.
Get the Snipd Podcast app to discover more snips from this episode
Get the app