Active FortiBleed Campaign Impacting Fortinet Devices Across 194 Countries

From Arctic Wolf Summary In midJune 2026 security researchers identified an active largescale credential compromise campaign affecting Fortinet FortiGate firewalls dubbed FortiBleed Threat actors have been systematically extracting configuration files from internetfacing FortiGate devices and cracking the stored credential hashes resulting in verified working administrator credentials for between 30000 and 75000 devices across 194 countries Source