Fortibleed: Fortinet says it’s not a bug

Written By David Shipley

Fortinet finally weighs in on FortiBleed - it's not a bug. Plus a healthcare AI firm loses 1.4 million people's data to a single phishing email, a trading bot built to prey on others gets played for $15 million, and LastPass lands back on a breach list it didn't cause.

In the latest Cybersecurity Today episode, host David Shipley delves into:

A targeted phishing attack at Xsolis — an AI health-tech firm used by more than 600 hospitals and insurers — exposed names, Social Security numbers, and medical treatment records for nearly 1.4 million people.

An Ethereum sandwich bot called JaredFromSubway, one of the most aggressive on the network, was fed fake pools and tokens engineered to look like easy money. It took the bait, approved attacker-controlled contracts, and got drained of $15 million.

FortiBleed gets its verdict. After two weeks and 100,000-plus affected devices, Fortinet says there's no flaw, no patch, no advisory — just reused credentials and weak passwords being brute-forced at Moscow business hours.

The fix is depressingly basic.

And LastPass is notifying customers their data was stolen — this time through the Klue breach, not its own systems.

David Shipley
Next

Stolen OAuth Tokens Hit Security Firms, AryStinger Router Botnet Emerges, AI Deepfake Cyberstalking