Crestvale Newsroom
Crestvale Newsroom is a short-form podcast breaking down what’s happening across business, finance, and technology, and why it actually matters. Each episode focuses on signal over noise, helping operators, founders, and decision-makers stay informed without chasing headlines.
Crestvale Newsroom
FortiBleed breaches 30k–73k Fortinet devices
Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.
Attackers did not break in. They logged in. And in doing so, they turned the very systems meant to protect networks into a global credential harvesting engine. This is the Crestvale Newsroom Daily Podcast. FortyBleed is not a software flaw story. It is an identity failure at scale. Attackers targeted Fortinet firewalls and VPNs that were exposed to the Internet. Instead of exploiting a bug, they used credentials that were already leaked elsewhere. Password reuse did the rest. Once inside, those edge devices became surveillance points. Attackers watched traffic. They harvested fresh credentials. Then they fed those credentials back into automated scans to expand access into more environments. That loop scaled fast. Estimates now put between 30,000 and 73,000 devices impacted across enterprises and government systems. This is the part that matters. The perimeter did not fail because of a missing patch. It failed because identity controls at the edge were weak. If your VPN accepts reused passwords, it is not a control. It is an entry point. And this kind of compromise compounds. One valid login becomes many. One exposed device becomes a launch pad into others. The blast radius grows without any new exploit. That is why this is showing up everywhere at once. The practical shift here is simple. Edge security is now identity security. If you are not enforcing strong authentication at every internet facing entry point, you are operating on borrowed time. Unique credentials are table stakes. Rotation needs to be aggressive, and anything exposed to the internet should be treated as actively targeted, not passively protected. Now, Databricks is moving AI security into a very different place. The runtime. Their Unity, AI gateway, puts controls directly in the execution path. It inspects prompts, responses, and tool calls as they happen, not after the fact. More importantly, it treats AI agents as real identities. Integrations with Okta, Ping, and Saviant mean those agents can be governed like human users. They can be audited, restricted, tied to policy. This closes a gap that most teams still have open. Today, many AI controls sit in dashboards or monitoring layers. They observe behavior. They do not stop it. Databricks is pushing enforcement into the moment an action occurs. That changes the model, because once an agent takes an action, logs do not help you. Prevention has to happen before execution. If your AI stack is not enforcing controls at runtime and tying them to identity, you are not actually governing it. You are watching it. Meanwhile, a new startup called Tenet Security is taking that idea even further. They are focused on stopping AI agents before they act at all. Their approach is to simulate what an agent is about to do and block risky paths before they reach production systems. This is not alerting, it is pre-execution control. The company comes from Cisco's AI defense work and just raised $6 million to build this out. Their argument is straightforward. Once agents have access, most existing tools cannot see or control what happens next. They also point to a growing issue they call agent jacking. Attackers manipulate trusted inputs like logs or emails. Agents consume that data and execute harmful actions without triggering traditional controls. Early data suggests most organizations are already running far more agents than they realize. In some cases, up to five times more. If that holds, then visibility is already broken, and control has to move closer to execution. This is where the stack is heading. Not more monitoring, more interception, and regulators are starting to enforce the basics with real consequences. In Australia, the federal court fined a financial services firm $2.5 million after a breach exposed hundreds of gigabytes of data. This was not about a novel attack. It was about failing to implement basic controls. The court tied the penalty directly to gaps in incident response, training, and monitoring. It also required the company to bring in an independent expert to rebuild its security posture. This is new in one important way. The penalty was tied to general corporate obligations, not just security guidelines. That means underinvestment in cybersecurity can now be treated as negligence, and the cost of fixing it after the fact is higher than doing it right up front. For leadership teams, this changes the math. Security is no longer just a risk function, it is a direct financial liability. Here is what else is worth knowing today. The NPM ecosystem saw 144 packages hijacked through a single contributor account. Maintainer identity is now a critical control point. CISA is warning that a Joomla JCE vulnerability is being actively exploited. Older plugins are still one of the fastest paths to initial access. Research from OA Labs shows low-skill attackers using AI agents to breach multiple companies. The barrier to entry is dropping quickly. Comcast is pushing security controls into the network layer for small and mid-sized businesses. Inline enforcement is becoming the default model. And the White House is centralizing national security cyber authority under the National Security Agency. Expect more top-down coordination models to follow. Here is the takeaway. If identity is weak at the edge or inside your AI systems, everything built on top of it becomes an attack surface. Tomorrow we are watching how identity providers respond as non human identities start to outnumber human users across enterprise environments. If this was useful, follow the Crestvale Newsroom Daily Podcast so you don't miss it. Thanks for listening. Thanks for