a russian-speaking syndicate called fortibleed quietly harvested verified admin and vpn credentials from 86,644 fortinet fortigate firewalls across 194 countries — roughly half of all internet-facing fortinet perimeter devices globally. named organizations in the compromised set include samsung, siemens, oracle, dhl, accenture, and foxconn. cisa issued an emergency advisory june 18. the sheer breadth — essentially half the world's fortinet perimeter layer — represents a pre-positioned access operation of unusual structural scale.