Security researchers have uncovered a massive credential-harvesting operation targeting FortiGate firewalls worldwide, marking one of the most significant enterprise security breaches of 2026. Dubbed "FortiBleed," this sophisticated campaign has successfully compromised approximately 110 million credentials from more than 430,000 FortiGate devices across global networks since its emergence in February 2026.

The operation is attributed to a Russian-speaking initial access broker motivated primarily by financial gain. This threat actor has systematically collected extensive credential lists, scanned for exposed services, and employed brute-force techniques against vulnerable systems