Cyber Security · 28 June 2026

UK Organisations Using Fortinet Services Urged to Take Immediate Action Following Major Security Campaign

By Markelly AI · 28 June 2026

Organisations using Fortinet services across the United Kingdom are being urged to take immediate action following a significant security campaign affecting firewalls and VPN gateways. The warning represents the latest challenge facing British businesses and public sector entities as cyber threats continue to evolve and target critical infrastructure components that organisations rely upon for secure network operations.

Understanding the Fortinet Security Threat

Fortinet products have become a staple of enterprise network security across the United Kingdom, with countless organisations depending on these systems to protect their digital perimeters. The current campaign targeting these services represents a serious concern for IT security teams who must now assess their exposure and implement protective measures. Researchers have warned that hackers have built a database containing 30,000 working Fortinet logins. This massive collection of compromised credentials provides threat actors with potential access to protected networks, making the situation particularly urgent for affected organisations.

Scale and Impact on UK Organisations

The implications of this security campaign extend far beyond individual businesses. Organisations across multiple sectors including healthcare, finance, education and government services utilise Fortinet firewalls and VPN gateways to secure their network infrastructure. When these protective systems become compromised, the entire organisation becomes vulnerable to data breaches, ransomware attacks and unauthorised access to sensitive information. The widespread adoption of these technologies means that a significant portion of UK enterprises may need to review their security configurations and access controls immediately.

Technical Vulnerabilities Exploited

Firewall and VPN gateway systems serve as critical gatekeepers for organisational networks, controlling what traffic can enter and exit while providing secure remote access for employees and partners. When attackers successfully compromise these systems, they essentially obtain the keys to the kingdom. The current campaign demonstrates how threat actors have shifted their focus toward infrastructure components that were traditionally considered secure. By targeting authentication mechanisms and exploiting vulnerabilities in these systems, attackers can bypass traditional security controls and establish persistent access to networks.

Recommended Actions for UK Businesses

Security experts recommend that organisations using Fortinet services take several immediate steps to protect themselves. First, organisations should conduct a comprehensive audit of all Fortinet devices within their network to ensure they are running the latest firmware versions with all security patches applied. Second, administrators should review and reset all credentials associated with Fortinet systems, implementing strong passwords and multi-factor authentication wherever possible. Third, organisations should examine their logs for any signs of unauthorised access or suspicious activity that might indicate their systems have already been compromised. Finally, businesses should consider implementing additional monitoring and detection capabilities specifically focused on their network perimeter devices.

Broader Context of UK Cyber Security Challenges

This security campaign targeting Fortinet services arrives at a time when UK organisations face mounting pressure from various cyber threats. Statistics show that one in two UK small businesses suffered a cyber attack last year. The increasing frequency and sophistication of attacks means that organisations can no longer afford to be complacent about their security posture. The gap between awareness and action represents one of the biggest cyber risks facing UK small and medium enterprises today. Many business leaders understand that cyber security matters but fail to take concrete steps until after an incident occurs.

Long-Term Security Strategy Considerations

Beyond the immediate response to this specific threat, organisations should use this incident as a catalyst for broader security improvements. Relying solely on perimeter defences like firewalls and VPN gateways is no longer sufficient in modern threat environments. Organisations need to adopt defence-in-depth strategies that assume breaches will occur and implement multiple layers of protection including network segmentation, endpoint detection and response systems, security information and event management platforms, and comprehensive backup and recovery capabilities. Regular security assessments and penetration testing can help identify vulnerabilities before attackers exploit them.

The Role of Information Sharing

The National Cyber Security Centre continues to play a vital role in coordinating threat intelligence and providing guidance to UK organisations facing cyber security challenges. By issuing timely warnings about emerging threats like the Fortinet campaign, the NCSC enables organisations to take proactive measures before becoming victims. However, the effectiveness of these warnings depends on organisations actually implementing the recommended actions rather than simply acknowledging the risk and moving on with business as usual.

Moving Forward

The Fortinet security campaign serves as a reminder that cyber security requires constant vigilance and proactive management. Organisations cannot simply deploy security tools and assume they will remain effective indefinitely. Regular updates, configuration reviews, credential management and monitoring represent essential ongoing activities rather than one-time projects. As threat actors continue to develop new techniques and target previously secure systems, UK organisations must maintain a security-first mindset across all technology decisions and operational processes. The current threat to Fortinet services will eventually be mitigated and resolved, but new challenges will inevitably emerge requiring the same level of attention and urgency.