The NCSC has issued an alert regarding a global campaign targeting Fortinet firewalls and VPN gateways using brute-force and credential stuffing techniques. A threat actor has leaked a database of compromised credentials, prompting organizations to urgently check for exposure, investigate for unauthorized access or persistence, and perform factory resets on compromised devices.