FortiBleed Credential Theft Campaign Attributed to INC and Lynx Ransomware Groups

Executive Summary On 02 July 2026, SOCRadar researchers linked the financially-motivated campaign dubbed “FortiBleed” to the Ransom and Lynx ransomware operations, marking the first confirmed instance connecting mass FortiGate credential theft to actual ransomware deployment. SOCRadar reported that an operator tied to FortiBleed infrastructure was found actively working negotiation panels for both groups, tying mass FortiGate credential theft directly…

Read More