Attackers exploiting the FortiBleed vulnerability in Fortinet firewalls have begun collaborating with Inc and Lynx ransomware groups to monetize their access. This development indicates a significant escalation of the threat, as the attackers are now leveraging their foothold in thousands of compromised firewalls to launch targeted ransomware attacks. Furthermore, the actors are also utilizing a newly discovered Nextcloud zero-day bug to expand their reach. The use of zero-day exploits underscores the urgency of the situation, as the window for patching vulnerable systems is rapidly closing. The fact that attackers are already exploiting these vulnerabilities in the wild1 highlights the need for immediate action to assess and mitigate potential exposure. This collaboration and exploitation of zero-day bugs pose a significant threat to organizations relying on Fortinet firewalls and Nextcloud services, so patching and mitigating these vulnerabilities is crucial to preventing ransomware attacks.