[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"focus:fortibleed-campaign-linked-to-inc-lynx-ransomware-attacks-mr444bcz":3},{"item":4},{"id":5,"title":6,"slug":7,"summary":8,"severity":9,"category":10,"cve_ids":11,"affected_products":12,"action_required":16,"article_ids":17,"ioc_summary":19,"source_urls":20,"status":22,"expires_at":23,"created_at":24,"updated_at":25,"articles":26},"748bd652-658d-4437-911b-47e6bd685bb7","FortiBleed Campaign Linked to INC, Lynx Ransomware Attacks","fortibleed-campaign-linked-to-inc-lynx-ransomware-attacks-mr444bcz","FortiBleed is actively harvesting credentials from 430,000+ FortiGate firewalls and has enabled ransomware deployments by INC Ransom and Lynx operators. Attackers have compromised 110 million credentials and gained admin access to 409 targets, with 12 confirmed ransomware incidents. This is an ongoing operation since February with direct ransomware group coordination.","critical","advisory",[],[13,14,15],"FortiGate","Fortinet","SOCRadar","Immediately audit all FortiGate admin accounts for unauthorized access and lateral movement. Cross-reference your firewall user logs against known INC\u002FLynx IOCs, check for suspicious VPN logins, and enforce credential rotation for all administrative accounts.",[18],"479c814f-ac71-4892-8a96-1e2c5933b13a",null,[21],"https:\u002F\u002Fwww.securityweek.com\u002Ffortibleed-campaign-linked-to-inc-lynx-ransomware-attacks\u002F","active","2026-07-04T23:05:12.245+00:00","2026-07-02T23:05:17.817946+00:00","2026-07-02T23:08:05.064007+00:00",[27],{"id":18,"title":6,"url":21}]