74,000 Fortinet device credentials leak online

Risky Business News says credentials for 74,000 Fortinet devices leaked online, alongside a separate supply-chain compromise affecting the Mastra AI framework. With only the bulletin summary available, this should be treated as a triage item rather than a fully mapped incident: identify affected Fortinet appliances, rotate exposed credentials, review administrative accounts and VPN configuration, and look for configuration access that would turn a password leak into durable persistence.

The Fortinet context is ugly enough without embellishment. CISA warned in January that Fortinet SSO bypass exploitation had produced unauthorized firewall configuration changes, unauthorized account creation, and VPN changes granting access to new accounts, and urged users to check internet-accessible Fortinet products for indicators of compromise and apply updates as available: https://www.cisa.gov/news-events/alerts/2026/01/28/fortinet-releases-guidance-address-ongoing-exploitation-authentication-bypass-vulnerability-cve-2026. That does not prove this credential leak came from that activity. It does explain why a Fortinet credential dump is not merely a password-reset nuisance.

For Mastra users, the available source gives the category, not the mechanics. Treat it like a dependency incident until the project or a primary advisory says otherwise: pin known-good versions, check build and package provenance, and look for unexpected changes in CI/CD tokens or downstream applications. The boring work is the correct work here. Edge-device credentials and AI-framework dependencies are different technical problems, but both punish teams that cannot quickly answer what they run and who can change it.