russian-speaking attackers exposed plaintext credentials for nearly 74,000 fortinet devices across 194 countries, with confirmed access at oracle, chevron, lenovo, fedex, and nato contractor networks. the breach appears to be an unrestricted credential dump, meaning affected networks remain open to actors who obtained the data. the scope — 21,000+ source ip addresses, near-global coverage — is structurally unusual in scale and the inclusion of nato-adjacent infrastructure.