Researchers have connected credential theft exploiting the FortiBleed vulnerability to active ransomware campaigns by the INC and Lynx groups. The attacks leverage stolen credentials from vulnerable Fortinet devices to gain initial access to corporate networks. Security experts are urging organizations to patch affected systems and review access logs for signs of compromise linked to these ongoing ransomware operations.