a russian-speaking threat actor campaign dubbed fortibleed conducted industrial-scale credential harvesting against fortinet ssl vpns and admin interfaces, compromising an estimated 75,000 devices across 194 countries — roughly 50 percent of internet-facing fortinet hardware. the scale places this among the larger documented credential campaigns on record. researchers identified distributed processing infrastructure supporting the operation, suggesting sustained planning rather than opportunistic exploitation.