FortiBleed campaign exposes 75,000 Fortinet firewalls worldwide

The FortiBleed campaign has exposed credentials for 73,932 unique Fortinet FortiGate firewall and VPN devices across 194 countries and 21,000 domains. Security researchers, including Volodymyr Diachenko and SOCRadar, discovered attacker-controlled servers containing plaintext usernames, emails, and passwords. This massive credential-compromise operation did not utilize a zero-day exploit. Experts warn that threat actors may maintain persistent access to affected enterprise environments using the stolen data, automation infrastructure, and victim lists found on the operational servers.