Russian hackers exploited a vulnerability in Fortinet firewalls, known as FortiBleed, to infiltrate the email accounts of UK government officials, the Foreign Office, and more than 80,000 devices. The breach exposed personal data and passwords of local officials, NHS staff, energy suppliers, and pharmaceutical companies, with some of the information being sold on the dark web for up to $60,000.

Affected accounts included IT staff at UK embassies in Thailand and Mauritius, as well as officials in Bahrain and Walterm Forest. Cybersecurity experts warned that the compromise could enable ransomware attacks on critical infrastructure and hospitals.

The National Cyber Security Centre confirmed a brute‑force attack on Fortinet and urged organizations to audit their networks and isolate compromised devices.