DFIR Daily Threat Brief

💰 Ransomware Activity

Ransomware activity increased by 31% in 2025, with RaaS driving growth. Qilin and Akira are prominent groups. Double, triple, and quadruple extortion tactics are prevalent.

• The State Of Ransomware 2026 — 69. A newly emerged ransomware group known as ALP-001 claimed responsibility for a cyberattack against Chinese surveillance technology giant Hikvision. The group listed the company on its dark web lea...
• 10 most infamous ransomware groups to watch in 2026 — According to our research, ransomware incidents exposed on the dark web increased by 31% between July and September 2025, compared to the same period in 2024. We attribute much of this growth to Ranso...
• February 2026 Ransomware Report: 680 Victims, 54 Groups — Ransomware leak sites are dark web pages where ransomware operators publish stolen data from victims who refuse to pay. Most modern ransomware groups use double extortion. They steal your data before ...
• 8 Ransomware Trends to Watch for in 2026 - Huntress — These groups went from competitors to partners. They’re sharing: Infrastructure:Groups are pooling servers and botnets to improve their resilience against law enforcement takedowns. Data:If yo...

🚨 Critical Vulnerabilities

CVE-2026-33017 is a critical unauthenticated remote code execution flaw actively exploited in Langflow instances. Cisco's Secure Firewall Management Center (FMC) is also affected by CVE-2026-20131, exploited by ransomware attackers. Both vulnerabilities have high CVSS scores and are confirmed to be actively exploited.

• March 2026 Threat Report: Critical CVEs - Greenbone — ## New Cisco Firewall Flaws Ignite Perimeter Risk Cisco published a group of 48 CVEs affecting its firewall product line, including two critical CVSS 10 vulnerabilities. One of these, CVE-2026-20131,...
• February 2026 CVE Landscape: 13 Critical Vulnerabilities ... — Why this matters: Lotus Blossom exploited this flaw to replace legitimate Notepad++ update packages with malicious installers, deploying Cobalt Strike and the Chrysalis backdoor to targeted users over...
• Critical Vulnerabilities in Ivanti EPMM Exploited — ## Details of CVE-2026-1281 CVE-2026-1281 (CVSS 9.8) is a critical remote code execution (RCE) vulnerability in Ivanti EPMM. The vulnerability lies in legacy bash scripts used by the Apache web serve...
• March 2026 CVE Landscape: 31 High-Impact Vulnerabilities ... — On March 18, 2026, Amazon Threat Intelligence published an analysis detailing an ongoing Interlock ransomware campaign exploiting CVE-2026-20131. CVE-2026-20131 is a critical vulnerability affecting C...

🛡️ Incident Response & DFIR News

DFIR involves digital forensics and incident response to investigate breaches and stop attackers. The SANS DFIR Summit in 2026 offers training and networking. The DFIR Report provides actionable cyber threat intelligence.

• DFIR in 2026: A Complete Guide to Digital Forensics and Incident Response — Hive Security — # DFIR in 2026: A Complete Guide to Digital Forensics and Incident Response From initial alert to post-incident report — a professional walkthrough of DFIR methodology, evidence collection, memory fo...
• SANS DFIR Summit - DFIR, Cybersecurity, and OSINT Events — DFIR, Cybersecurity, and OSINT Events DFIR, Cybersecurity, and OSINT Events DFIR, Cybersecurity, and OSINT Events # SANS DFIR Summit Date/Time: October 15 – 16, 2026 9:00 am – 5:00 pm ET Cost: Free...
• The DFIR Report | Actionable Cyber Threat Intelligence — Dfir-Home-Hero-Background # Where Incidents Become Intelligence The DFIR Report delivers detailed, actionable intelligence drawn directly from observed intrusions—empowering organizations to harden ...
• SANS DFIR Summit & Training 2026 | Cybersecurity Training — FOR528: Ransomware and Cyber Extortion #### Quick view ### FOR577: LINUX Incident Response and Threat Hunting FOR577: LINUX Incident Response and Threat Hunting #### Quick view ### FOR589: Cyberc...

📰 Latest Ransomware Attacks

In 2026, Advantest Corporation faced a ransomware attack; Booking.com suffered a ransomware attack causing $280 million in losses; Rockstar Games was also targeted by ransomware.

• Advantest Corporation Ransomware Attack: 2026 Cyber Incident Impacting Internal IT Systems and Supply Chain Security – Rescana — On February 15, 2026, Advantest Corporation, a leading Japanese supplier of semiconductor test equipment, detected unusual activity within its IT environment. The company immediately activated its inc...
• The State Of Ransomware 2026 | BlackFog — 25. Approximately 90,000 individuals were affected by a ransomware attack on the National Association on Drug Abuse Programs (NADAP), attributed to the Genesis group. The incident, which occurred in l...
• Biggest Cyber Attacks, Data Breaches, Ransomware Attacks of March 2026 — | | | | | | | --- --- --- | | Date | Victim | Summary | Threat Actor | Business Impact | Source Link | | March 03, 2026 | Catalyst RCM | Cyber Attack on healthcare RCM vendors may have impact...
• April 2026 Data Breaches: 15+ Major Incidents & Latest Updates - SharkStriker — ## Major Cyber Attacks April 2026 ### Victim: Rockstar games #### About Rockstar Games is a New York-based video game publishing company that was founded in 1998. It is known for its action-adventu...

Facing an active incident? Contact us immediately at alerts@binary-response.com — we respond 24/7.