An active global campaign has implanted a Golang-based traffic sniffer on an estimated 430,000 FortiGate firewall appliances, harvesting approximately 110 million credentials in transit. No CVE has been assigned; the initial access vector is assessed as an authentication bypass or configuration exposure in internet-facing management interfaces or VPN endpoints. Compromised FortiGate devices represent adversary-controlled positions inside the network perimeter with full visibility into passing traffic.