FortiBleed Credential Theft Linked to INC and Lynx Ransomware
FortiBleed began as a warning about exposed Fortinet firewall logins, but the case has now moved into ransomware territory. SOCRadar’s Threat Research Unit (STRU) says the credential harvesting campaign is connected to INC Ransom and Lynx, two active ransomware-as-a-service operations, after an operator associated with FortiBleed infrastructure was found working negotiation panels for both groups.
The company says the finding links mass FortiGate credential theft to ransomware deployment for the first time.
Earlier in June 2026, as reported by Hackread.com, the story around FortiBleed was mainly about stolen firewall credentials and exposed VPN access. Hackread.com reported that Hudson Rock described 73,932 unique Fortinet firewall URLs in 194 countries, related to 21,632 affected domains, after researcher Bob Diachenko identified the data.
That reporting also noted 1.16 billion credential attempts against more than 320,000 FortiGate targets, with many successful passwords traced to earlier leaks or infostealer infections, not simple guessing.
...
Copyright of this story solely belongs to hackread.com. To see the full text click HERE