Threat IntelligenceJul 2, 2026
FortiBleed Actors Collaborating With Inc, Lynx Ransomware Gangs
FortiBleed actors exploit Fortinet firewalls, partner with ransomware gangs, and use a Nextcloud zero-day.
Summary
Threat actors leveraging access gained through Fortinet firewall vulnerabilities, dubbed 'FortiBleed', are now collaborating with the Inc and Lynx ransomware gangs. These actors are monetizing their initial access and have also incorporated a zero-day vulnerability in Nextcloud into their operations, expanding their attack vectors and impact.
Indicators of Compromise
- malware — FortiBleed
- malware — Inc ransomware
- malware — Lynx ransomware
Entities
Fortinet firewall (product)Nextcloud (product)