Signal

FortiBleed Credential Theft Linked to INC and Lynx Ransomware Operations

Evidence first: scan the strongest sources, then decide whether to go deeper.

Published 2026-07-02 08:00 UTCUpdated 2026-07-02 15:32 UTC
rss
fortibleed_campaign_linked
Trend in the last 24h
Current brief openSource links open
This current signal is open on the public brief with summary, metadata, source links, and full evidence. Pro adds compare-over-time, alerts, exports, and workflow.
No card needed for the free brief.
Evidence trail (top sources)
top sources (3 domains)domains are deduped. counts indicate coverage, not truth.
3 top sources shown
Overview

Researchers say credentials harvested from hundreds of thousands of FortiGate firewalls are being used to facilitate ransomware attacks by the INC and Lynx operations. The post FortiBleed Campaign Linked to INC, Lynx Ransomware Attacks appeared first on SecurityWeek .

Score total
1.34
Momentum 24h
3
Posts
3
Origins
3
Source types
1
Duplicate ratio
0%
All evidence
All evidence
Ctrl+Alt+Oops: FortiBleed criminal's logins stitch two gangs together
The Register Security · theregister.com · 2026-07-02 15:32 UTC
FortiBleed Campaign Linked to INC, Lynx Ransomware Attacks
SecurityWeek · securityweek.com · 2026-07-02 12:34 UTC
FortiBleed Credential Theft Linked to INC and Lynx Ransomware Operations
thehackernews · thehackernews.com · 2026-07-02 08:00 UTC
Show filters & breakdown
Posts loaded: 0Publishers: 3Origin domains: 3Duplicates: -
Showing 3 / 0
Top publishers (this list)
  • The Register Security (1)
  • SecurityWeek (1)
  • thehackernews (1)
Top origin domains (this list)
  • theregister.com (1)
  • securityweek.com (1)
  • thehackernews.com (1)