a credential-spray campaign named fortibleed targeted 320,777 fortinet fortigate ssl vpn endpoints worldwide using 3,639 base credential pairs, generating 1.16 billion total attempts; 74,000 device credentials were subsequently leaked. the scale — industrial automation at the vpn-device layer — represents a structural shift from targeted intrusion toward mass-harvest infrastructure attack. active exploitation of compromised credentials is ongoing globally.