FortiBleed is a severe, large-scale credential compromise campaign targeting internet-facing Fortinet FortiGate devices. Threat actors utilize a sophisticated pipeline, including the custom CyberStrike Harvester, to extract and crack credentials from device configurations and traffic captures, subsequently pivoting into internal networks for Active Directory enumeration and data exfiltration.