Attackers exploiting the FortiBleed vulnerability in Fortinet firewalls have begun collaborating with Inc and Lynx ransomware groups to monetize their access. This development indicates a significant escalation of the threat, as the attackers are now leveraging their foothold in thousands of compromised firewalls to launch targeted ransomware attacks. Furthermore, the actors are also utilizing a newly discovered Nextcloud zero-day bug to expand their reach. The use of zero-day exploits underscores the urgency of the situation, as the window for patching vulnerable systems is rapidly closing. The fact that attackers are already exploiting these vulnerabilities in the wild1 highlights the need for immediate action to assess and mitigate potential exposure. This collaboration and exploitation of zero-day bugs pose a significant threat to organizations relying on Fortinet firewalls and Nextcloud services, so patching and mitigating these vulnerabilities is crucial to preventing ransomware attacks.
FortiBleed Actors Collaborating With Inc, Lynx Ransomware Gangs
⚡ High Priority
Why This Matters
Zero-day activity targeting Fortinet means patching windows are already closing — assess your exposure immediately.
References
- Dark Reading. (2026, July 2). FortiBleed Actors Collaborating With Inc, Lynx Ransomware Gangs. *Dark Reading*. https://www.darkreading.com/threat-intelligence/fortibleed-actors-inc-lynx-ransomware-gangs
Original Source
Dark Reading
Read original →