An active initial access broker campaign called FortiBleed has compromised over 430,000 FortiGate firewalls globally using a custom Golang-based credential harvesting sniffer and GPU-accelerated password cracking infrastructure. No single CVE is assigned to this campaign; the operation exploits authentication and session management weaknesses inherent in internet-exposed FortiOS management planes. Harvested credentials are being staged for resale to ransomware and espionage operators, making every uncontained internet-exposed FortiGate a potential downstream intrusion precursor.