DFIR Daily Threat Brief

💰 Ransomware Activity

In 2026, ransomware group 0APT claimed numerous victims but was later identified as a scam. Qilin was the most active ransomware group in February 2026. February saw 680 claimed victims across 54 groups.

• The State Of Ransomware 2026 - BlackFog — 79. Nova ransomware group has claimed responsibility for a cyberattack on KPMG Netherlands, listing the firm on its dark web leak site and threatening to publish up to 500 GB of allegedly stolen data ...
• February 2026 Ransomware Report: 680 Victims, 54 Groups — February 2026 Ransomware FAQ February 2026 ransomware numbers at a glance You’ll see “leak site” throughout this report. Here’s what that means. Breachsense monitors these sites continuously. Ranso...
• Emerging Ransomware Group: 0Apt — ### Background On 28 January 2026, a ransomware group calling itself 0Apt began posting victim data to its dark web leak site. The group's leak site, accessible via a single TOR-based portal running ...
• Dark Web Profile: 0APT Ransomware — Feb 02, 2026 Alleged Axtria & Salesfloor Data Leaks Surface on Dark Web Jan 27, 2026 Dark Web Profile: BravoX Ransomware Jan 26, 2026 Subscribe to our newsletter and stay updated on the latest in...

🚨 Critical Vulnerabilities

CVE-2026-24061 is a critical Telnetd flaw granting root access. CVE-2026-20127 is a Cisco SD-WAN authentication bypass vulnerability actively exploited. Both are critical and exploited in the wild.

• CVE-2026-24061: Critical Telnetd Flaw Grants Root Access — CVE-2026-24061 is a critical vulnerability in the GNU InetUtils telnetd server daemon that allows remote attackers to bypass authentication and gain immediate root access. The flaw is an argument i...
• CVE-2026-20127 Zero-Day Auth Bypass Exploited | Tenable® — ## Analysis CVE-2026-20127 is a critical severity authentication bypass vulnerability in Cisco’s Catalyst SD-WAN Controller and Cisco Catalyst SD-WAN Manager. A remote, unauthenticated attacker could...
• Critical Cisco Catalyst Vulnerability Exploited in the wild (CVE-2026 ... — ## Overview On February 25, 2026, Cisco disclosed a critical authentication bypass vulnerability in Cisco Catalyst SD‑WAN Controller and Cisco Catalyst SD‑WAN Manager, tracked as CVE‑2026‑20127, that...
• January 2026 CVE Landscape: 23 Critical Vulnerabilities Mark 5 ... — ### Modular DS WordPress Plugin Exploitation (CVE-2026-23550 & CVE-2026-23800) The authentication bypass chain: CVE-2026-23550 enables administrator-level access without authentication: Plugin trea...

🛡️ Incident Response & DFIR News

Recent DFIR news includes a ransomware incident at the University of Hawaiʻi Cancer Center and CISA guidance on identifying dormant Ivanti malware. These updates emphasize the importance of comprehensive incident response strategies and advanced detection methods.

• SANS DFIR Summit & Training 2026 — About DFIR NetWars: Focused on digital forensics, incident response, threat hunting, and malware analysis, this tool-agnostic approach covers everything from low-level artifacts to high-level behavior...
• NEWS ROUNDUP - 2nd March 2026 - Digital Forensics Magazine — DFM News Roundup ## Snapshot Summary | Sector / Section | Headline Highlights | Count | | DFIR & Incident Response | Ivanti malware hunt; Juniper router takeover | 2 | | Cyber Investigations | Hac...
• The DFIR Report | Actionable Cyber Threat Intelligence — Dfir-Home-Hero-Background # Where Incidents Become Intelligence The DFIR Report delivers detailed, actionable intelligence drawn directly from observed intrusions—empowering organizations to harden ...
• Cybersecurity & Risk Forum 2026 - ACA International — In this hands-on workshop, participants will build a practical incident response plan from the ground up using guided templates and real-world examples. The session walks step by step through the core...

📰 Latest Ransomware Attacks

In 2026, ransomware attacks continue to target various sectors, including healthcare and government, with significant data breaches reported. The University of Hawaii Cancer Center confirmed a major data compromise affecting 1.2 million people. Ransomware trends show attackers using multi-extortion tactics.

• February 2026: Recent Cyber Attacks, Data Breaches, Ransomware ... — University of Mississippi Medical Center University of Mississippi Medical Center closes clinics after ransomware attack Unknown A ransomware attack crippled the University of Mississippi Medical C...
• The State Of Ransomware 2026 - BlackFog — # The State Of Ransomware 2026 ## January 2026 opened with 91 publicly disclosed ransomware attacks. Healthcare was the most targeted sector with 27 incidents, followed by government with 11 and man...
• 8 Ransomware Trends to Watch for in 2026 - Huntress — From the formation of super-syndicates like Scattered LAPSUS$ Hunters or the LockBit-Qilin-DragonForce alliance to the weaponization of AI and machine learning for deepfake voice cloning like the $25 ...
• U. Hawaii Cancer Center confirms data compromised - EdScoop — EdScoop # U. Hawaii Cancer Center confirms data compromised By EdScoop Staff March 3, 2026 a ransomware skull The University of Hawaii’s Cancer Center has confirmed that a recent ransomware attac...

Facing an active incident? Contact us immediately at alerts@binary-response.com — we respond 24/7.