Back to Feed
Threat IntelligenceJul 2, 2026

FortiBleed Actors Collaborating With Inc, Lynx Ransomware Gangs

FortiBleed actors exploit Fortinet firewalls, partner with ransomware gangs, and use a Nextcloud zero-day.

Summary

Threat actors leveraging access gained through Fortinet firewall vulnerabilities, dubbed 'FortiBleed', are now collaborating with the Inc and Lynx ransomware gangs. These actors are monetizing their initial access and have also incorporated a zero-day vulnerability in Nextcloud into their operations, expanding their attack vectors and impact.

Indicators of Compromise

  • malware — FortiBleed
  • malware — Inc ransomware
  • malware — Lynx ransomware

Entities

Fortinet firewall (product)Nextcloud (product)