DFIR Daily Threat Brief

💰 Ransomware Activity

In February 2026, 680 companies were listed on ransomware leak sites, with Qilin being the most active group. The Space Bears ransomware group is noted for its aggressive double extortion tactics. The actual number of attacks is likely higher due to unreported incidents.

• The State Of Ransomware 2026 - BlackFog — 79. Nova ransomware group has claimed responsibility for a cyberattack on KPMG Netherlands, listing the firm on its dark web leak site and threatening to publish up to 500 GB of allegedly stolen data ...
• February 2026 Ransomware Report: 680 Victims, 54 Groups — Ransomware leak sites are dark web pages where ransomware operators publish stolen data from victims who refuse to pay. Most modern ransomware groups use double extortion. They steal your data before ...
• Weekly Intelligence Report – 20 February 2026 - CYFIRMA — ETLM Assessment: According to CYFIRMA’s assessment, Space Bears ransomware represents a significant threat in the evolving landscape of cybercrime. With its aggressive tactics, association with esta...
• January 2026 Ransomware Report: 677 Victims, 58 Groups — ## January 2026 ransomware numbers at a glance You’ll see “leak site” throughout this report. Here’s what that means. Breachsense monitors these sites continuously. Ransomware leak sites are dark we...

🚨 Critical Vulnerabilities

In 2026, CVE-2026-21510 in Microsoft Windows is actively exploited. It allows malware installation via phishing links. Critical vulnerabilities in VS Code and WordPress plugins also pose significant risks.

• Critical Vulnerabilities Actively Exploited (16–22 February 2026) — Observed vulnerabilities: CVE-2025-65717 – Live Server file exfiltration CVE-2025-65716 – Markdown Preview Enhanced arbitrary JavaScript execution CVE-2025-65715 – Code Runner arbitrary code execu...
• January 2026 CVE Landscape: 23 Critical Vulnerabilities Mark 5 ... — ### Modular DS WordPress Plugin Exploitation (CVE-2026-23550 & CVE-2026-23800) The authentication bypass chain: CVE-2026-23550 enables administrator-level access without authentication: Plugin trea...
• Critical Vulnerabilities in Microsoft Windows and Office Under Active ... — HomeAlerts & Advisories # Critical Vulnerabilities in Microsoft Windows and Office Under Active Widespread Exploitation (CVE-2026-21510) ### Executive Summary Microsoft's February 2026 Patch Tuesda...
• Top 10 Trending CVEs (22/02/2026) - CVEWatch - Reddit — 📅 Published: 19/02/2026 📈 CVSS: 9.3 🧭 Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N 📣 Mentions: 2 ⚠️ Priority: 2 📝 Analysis: A critical Remote Code Execution (RCE) vulne...

🛡️ Incident Response & DFIR News

Recent DFIR incident response news highlights new ransomware variants and compromised IAM credentials for crypto mining; AI is increasingly used in SOC investigations; Europol dismantled a phishing-as-a-service operation.

• The DFIR Report | Actionable Cyber Threat Intelligence — Read more September 8, 2025 Flash Alert Flash Alert ###### KongTuke FileFix Leads to New Interlock RAT Variant Read more July 14, 2025 ransomhub ransomware rdp ransomhub, ransomware, rdp ####...
• SANS DFIR Summit & Training 2026 | Cybersecurity Training — The industry's top practitioners will share their latest digital forensics and incident response research, solutions, tools, and case studies. DFIR Summit &...
• Incident response — Latest News, Reports & Analysis — The Hacker News Logo Security Service Edge # Incident response | Breaking Cybersecurity News | The Hacker News Building a High-Impact Tier 1: The 3 Steps CISOs Must Follow Building a High-Impact Tie...
• The Hacker News | #1 Trusted Source for Cybersecurity News — The Hacker News Logo Security Service Edge # The Hacker News | #1 Trusted Source for Cybersecurity News Europol-Led Operation Takes Down Tycoon 2FA Phishing-as-a-Service Linked to 64,000 Attacks Eur...

📰 Latest Ransomware Attacks

In February 2026, healthcare was the most targeted sector in 82 publicly disclosed ransomware incidents. Ransomware trends continue to evolve, with new tactics emerging. The global cyber risk outlook for 2026 highlights significant changes in ransomware strategies.

• February 2026: Recent Cyber Attacks, Data Breaches, Ransomware ... — Check out the biggest cyber incidents, including ransomware attacks, data breaches and vulnerabilities exploited in February 2026....
• 2026 Global Cyber Risk Outlook Reveals New Ransomware Trends — The 2026 Global Cyber Risk Outlook, which is now available to download, analyses ransomware trends, the sources of ransomware attacks, and...
• Threat Brief: March 2026 Escalation of Cyber Risk Related to Iran — Unit 42 details recent Iranian cyberattack activity, sharing direct observations of phishing, hacktivist activity and cybercrime....
• The State Of Ransomware 2026 - BlackFog — February recorded 82 publicly disclosed ransomware incidents, with healthcare emerging as the most targeted sector, accounting for 31% of reported attacks....

Facing an active incident? Contact us immediately at alerts@binary-response.com — we respond 24/7.