Two overlapping campaigns have compromised or exposed credentials for a combined scope of more than 100,000 Fortinet FortiGate devices globally. The larger dataset, ‘FortiBleed,’ contains SSL VPN credentials for approximately 73,932 devices across 194 countries, with documented lateral movement into Active Directory environments; the root cause extraction vector remains unconfirmed. A concurrent campaign affecting more than 30,000 devices in 196 countries exploited authentication weaknesses in Fortinet VPN and firewall endpoints, with CISA and CCCS both issuing concurrent advisories confirming active exploitation of Fortinet authentication vulnerabilities.