DFIR Daily Threat Brief

💰 Ransomware Activity

In 2026, ransomware groups increased their activity, with Qilin leading in February, and many victims listed on dark web leak sites. The trend shows a rise in extortion campaigns and data leaks. Actual attack numbers likely exceed reported figures due to unreported incidents.

• February 2026 Ransomware Report: 680 Victims, 54 Groups — Ransomware leak sites are dark web pages where ransomware operators publish stolen data from victims who refuse to pay. Most modern ransomware groups use double extortion. They steal your data before ...
• What Is the Dark Web? Scale, Trends & Growth in 2026 — ### Ransomware and Cyber Extortion Ransomware operations are deeply intertwined with the dark web ecosystem. Most major ransomware groups maintain dedicated dark web leak sites where they publicly re...
• The State Of Ransomware 2026 - BlackFog — 69. A newly emerged ransomware group known as ALP-001 claimed responsibility for a cyberattack against Chinese surveillance technology giant Hikvision. The group listed the company on its dark web lea...
• Weekly Intelligence Report – 13 March 2026 - CYFIRMA — The Gentlemen Ransomware Impacts Reanthong Partcenter Summary: CYFIRMA observed in an underground forum that a company from Thailand, Reanthong Partcenter (www[.]rtvalve[.]com), was compromised by ...

🚨 Critical Vulnerabilities

In 2026, critical vulnerabilities CVE-2026-1281 and CVE-2026-1340 in Ivanti EPMM were exploited, allowing remote code execution. CVE-2026-22769 in Notepad++ was exploited by UNC6201. CVE-2026-21509 in Microsoft Office was exploited by APT28.

• February 2026 CVE Landscape: 13 Critical Vulnerabilities Mark 43 ... — Why this matters: Lotus Blossom exploited this flaw to replace legitimate Notepad++ update packages with malicious installers, deploying Cobalt Strike and the Chrysalis backdoor to targeted users over...
• Critical Vulnerabilities in Ivanti EPMM Exploited — ## Details of CVE-2026-1281 CVE-2026-1281 (CVSS 9.8) is a critical remote code execution (RCE) vulnerability in Ivanti EPMM. The vulnerability lies in legacy bash scripts used by the Apache web serve...
• CVE 2026 — The Vulnerabilities That Matter Most Right Now — Broadcom’s advisory for CVE-2026-22719 is unusually instructive. The vendor describes the flaw as a command injection vulnerability in VMware Aria Operations. A malicious unauthenticated actor may exp...
• January 2026 CVE Landscape: 23 Critical Vulnerabilities Mark 5 ... — What security teams need to know: APT28's Operation Neusploit: Russian state-sponsored actors exploited CVE-2026-21509 (Microsoft Office) via weaponized RTF files, delivering MiniDoor, PixyNetLoad...

🛡️ Incident Response & DFIR News

Today's DFIR news includes updates on incident response best practices and a panel discussion on AI systems as cyber attack targets. The DFIR Report offers actionable intelligence from real intrusions. This Week In 4n6 highlights new tools for forensics and incident response.

• The DFIR Report | Actionable Cyber Threat Intelligence — Dfir-Home-Hero-Background # Where Incidents Become Intelligence The DFIR Report delivers detailed, actionable intelligence drawn directly from observed intrusions—empowering organizations to harden ...
• This Week In 4n6 – Your weekly roundup of Digital Forensics and ... — # This Week In 4n6 ## Your weekly roundup of Digital Forensics and Incident Response news # Week 14 – 2026 Stop scaling headcount. Scale your SecOps.Most security teams don’t have a talent problem,...
• Incident Response Forum D.C. 2026 | News & Insights - Alston & Bird — Alston & Bird Alston & Bird # Incident Response Forum D.C. 2026 Lance Taubin will speak on the panel “Your Company’s AI Systems: The New Target for Cyber Attackers” at this event hosted by Cybersecu...
• Top 5 Incident Response Best Practices You Should Follow — In addition to enacting preventative measures such as resolving system vulnerabilities and enforcing security policies, the incident response team is responsible for developing a robust incident respo...

📰 Latest Ransomware Attacks

In 2026, ransomware attacks continue to target critical sectors, with healthcare and manufacturing being primary targets due to high leverage costs. Recent incidents include attacks on the University of Hawaii Cancer Center and the DeKalb County Sheriff’s Department. The U.S. saw significant ransomware operations disrupted by legal actions against foreign operators.

• The State Of Ransomware 2026 - BlackFog — 25. Approximately 90,000 individuals were affected by a ransomware attack on the National Association on Drug Abuse Programs (NADAP), attributed to the Genesis group. The incident, which occurred in l...
• Waterfall Threat Report 2026 finds ransomware slowdown masks ... — At the same time, GPS and other positioning systems are routinely jammed or spoofed in conflict zones, including waters near Russia, across Ukraine, and in the Red Sea region. Operators navigating the...
• 8 Ransomware Trends to Watch for in 2026 - Huntress — # Ransomware Trends Ransomware attacks continue to make major headlines. Just look at the recent breaches at Jaguar Land Rover and Asahi that dominated the news cycle. But beneath these high-profile ...
• Biggest Cyber Attacks, Data Breaches, Ransomware Attacks of ... — | March 04, 2026 | University of Hawaii | Data breach at University of Hawaiʻi Cancer Center impacts 1.2 Million individuals | Unknown | A ransomware attack on the University of Hawaiʻi Cancer Center ...

Facing an active incident? Contact us immediately at alerts@binary-response.com — we respond 24/7.