#initial access
7 stories taggedinitial access.

FortiBleed: Stolen FortiGate Credentials Now Fueling INC and Lynx Ransomware Attacks
Credentials harvested from hundreds of thousands of compromised FortiGate devices are feeding active ransomware operations — and defenders who haven't rotated credentials post-patch are still exposed.

FortiBleed Credential Haul Now Feeding INC and Lynx Ransomware Crews
A single operator was spotted running negotiation panels for both gangs, turning stolen FortiGate logins into ransomware payloads.

Non-Admin macOS Accounts Can Chain Native OS Features to Blind Endpoint Security Tools
No exploit required. Researchers found that standard user privileges are enough to chain macOS weaknesses and silently kill endpoint security agents — no vulnerability needed.

WhatsApp DMs Push VBScript Loaders That Deploy Legitimate RMM Tools
An active campaign abuses WhatsApp Desktop and Web to distribute scripted droppers that install commercial remote-management software across at least ten jurisdictions.

ShinyHunters Doesn't Need Malware. That's the Point.
The group's latest breaches are a reminder that stolen credentials and patience beat zero-days most days of the week.

Three New Loaders Ride the ClickFix Wave: BabaDeda, Lorem Ipsum, and Potemkin
Separate research teams have pinned three distinct loader families on the same social-engineering pattern, with education and finance taking the brunt of the April 2026 activity.

Infostealers Are Now the Front Door for Ransomware Gangs
Credential theft at industrial scale has made exploit-based initial access look quaint. Here's why stolen session tokens are reshaping the attack chain.