FortiBleed Exposes 70k+ Devices: Attack Surface Shifts from Zero-Day to Credential Hygiene
In July 2026, the FortiBleed credential theft campaign targeted 73,000+ Fortinet devices using a custom sniffer tool. Attackers exploited default/weak passwords, not zero-days, and are linked to INC and Lynx ransomware groups. Global banks, energy firms, and critical infrastructure operators are impacted, exposing a systemic failure in basic security hygiene.