DFIR Daily Threat Brief

💰 Ransomware Activity

In 2026, ransomware group ALP-001 claimed a major attack on Hikvision, and Qilin targeted Philippine Savings Bank. February saw 680 victims from 54 groups, with Qilin leading. TheGentlemen nearly doubled their previous month's attacks.

• The State of Ransomware: March 2026 - BlackFog — 69. A newly emerged ransomware group known as ALP-001 claimed responsibility for a cyberattack against Chinese surveillance technology giant Hikvision. The group listed the company on its dark web lea...
• February 2026 Ransomware Report: 680 Victims, 54 Groups — Ransomware leak sites are dark web pages where ransomware operators publish stolen data from victims who refuse to pay. Most modern ransomware groups use double extortion. They steal your data before ...
• Philippine Savings Bank Allegedly Named by Qilin Ransomware Group on Dark Web Leak Site - Deep Web Konek — along with several preview images purportedly taken from internal systems. The screenshots shown on the leak site appear to depict spreadsheet-style records and structured tabular data, suggesting pot...
• The State Of Ransomware 2026 - BlackFog — 69. A newly emerged ransomware group known as ALP-001 claimed responsibility for a cyberattack against Chinese surveillance technology giant Hikvision. The group listed the company on its dark web lea...

🚨 Critical Vulnerabilities

CVE-2026-20131 in Cisco firewalls is critical and exploited. It allows remote code execution and was used in ransomware attacks. Mitigations are required.

• March 2026 Threat Report: Critical CVEs - Greenbone — ## New Cisco Firewall Flaws Ignite Perimeter Risk Cisco published a group of 48 CVEs affecting its firewall product line, including two critical CVSS 10 vulnerabilities. One of these, CVE-2026-20131,...
• February 2026 CVE Landscape: 13 Critical Vulnerabilities Mark 43 ... — Why this matters: Lotus Blossom exploited this flaw to replace legitimate Notepad++ update packages with malicious installers, deploying Cobalt Strike and the Chrysalis backdoor to targeted users over...
• January 2026 CVE Landscape: 23 Critical Vulnerabilities Mark 5 ... — What security teams need to know: APT28's Operation Neusploit: Russian state-sponsored actors exploited CVE-2026-21509 (Microsoft Office) via weaponized RTF files, delivering MiniDoor, PixyNetLoad...
• Known Exploited Vulnerabilities Catalog | CISA — Date Added: 2026-03-19 Due Date: 2026-03-22 Additional Notes ; Microsoft | SharePoint ### CVE-2026-20963") Microsoft SharePoint Deserialization of Untrusted Data Vulnerability: Microsoft Sh...

🛡️ Incident Response & DFIR News

CISA added a TrueConf flaw to its Known Exploited Vulnerabilities Catalog, urging federal agencies to remediate it. ShinyHunters claimed to have stolen over 3 million Cisco records. Wynn Resorts disclosed a data breach affecting 21,000 employees.

• NEWS ROUNDUP - 7th April 2026 — ## Digital Forensics & Incident Response CISA added a TrueConf flaw to its Known Exploited Vulnerabilities Catalog on 06-04-2026 and required federal agencies to remediate it after reporting linked t...
• InfoSec News Nuggets 04/03/2026 — AboutDFIR.com – The Definitive Compendium Project Digital Forensics & Incident Response # InfoSec News Nuggets 04/03/2026 ShinyHunters claim theft of over 3 million Cisco records, threaten public...
• The DFIR Report | Actionable Cyber Threat Intelligence — Dfir-Home-Hero-Background # Where Incidents Become Intelligence The DFIR Report delivers detailed, actionable intelligence drawn directly from observed intrusions—empowering organizations to harden ...
• SecurityWeek: Cybersecurity News, Insights and Analysis — Delve into big-picture strategies to reduce attack surfaces, improve patch management, conduct post-incident forensics, and tools and tricks needed in a modern organization. ServiceNow acquires Veza ...

📰 Latest Ransomware Attacks

In 2026, ransomware attacks continue to disrupt major organizations, including healthcare systems and government services, causing significant operational delays and data breaches. The U.S. healthcare sector and city governments faced severe disruptions. The threat remains a major concern for business continuity.

• Ransomware Is Still Shutting Down Organizations in 2026 — # Ransomware Is Still Shutting Down Organizations in 2026 — Here’s What Businesses Must Learn Posted by Roland Parker On March 24th, 2026 In March 2026, a ransomware attack forced a major disruption...
• The State Of Ransomware 2026 - BlackFog — 25. Approximately 90,000 individuals were affected by a ransomware attack on the National Association on Drug Abuse Programs (NADAP), attributed to the Genesis group. The incident, which occurred in l...
• Waterfall Threat Report 2026 finds ransomware slowdown masks ... — At the same time, GPS and other positioning systems are routinely jammed or spoofed in conflict zones, including waters near Russia, across Ukraine, and in the Red Sea region. Operators navigating the...
• Biggest Cyber Attacks, Data Breaches, Ransomware Attacks of ... — | March 04, 2026 | University of Hawaii | Data breach at University of Hawaiʻi Cancer Center impacts 1.2 Million individuals | Unknown | A ransomware attack on the University of Hawaiʻi Cancer Center ...

Facing an active incident? Contact us immediately at alerts@binary-response.com — we respond 24/7.