💰 Ransomware Activity
In 2026, Qilin remains the most active ransomware group, with February seeing 104 claimed victims. Other notable groups include Medusa and Akira. The rise of Ransomware-as-a-Service continues to fuel growth.
- The State Of Ransomware 2026 - BlackFog — 69. A newly emerged ransomware group known as ALP-001 claimed responsibility for a cyberattack against Chinese surveillance technology giant Hikvision. The group listed the company on its dark web lea...
- Ransomware 2026: New Actors and Threats Emerge as ... — Ransomware 2026 | White Paper | 20 Attempts by Syrphid to regroup and build a strong position again with a new version of its ransomware (LockBit 4.0) were disrupted in May 2025. The group’s dark web ...
- 10 most infamous ransomware groups to watch in 2026 — According to our research, ransomware incidents exposed on the dark web increased by 31% between July and September 2025, compared to the same period in 2024. We attribute much of this growth to Ranso...
- February 2026 Ransomware Report: 680 Victims, 54 Groups — Ransomware leak sites are dark web pages where ransomware operators publish stolen data from victims who refuse to pay. Most modern ransomware groups use double extortion. They steal your data before ...
🚨 Critical Vulnerabilities
CVE-2026-20131 in Cisco firewalls and CVE-2026-21902 in Juniper Networks are critical vulnerabilities actively exploited. Both have high CVSS scores and enable remote code execution.
- March 2026 Threat Report: Critical CVEs - Greenbone — ## New Cisco Firewall Flaws Ignite Perimeter Risk Cisco published a group of 48 CVEs affecting its firewall product line, including two critical CVSS 10 vulnerabilities. One of these, CVE-2026-20131,...
- February 2026 CVE Landscape: 13 Critical Vulnerabilities Mark 43 ... — Why this matters: Lotus Blossom exploited this flaw to replace legitimate Notepad++ update packages with malicious installers, deploying Cobalt Strike and the Chrysalis backdoor to targeted users over...
- CVE 2026 — The Vulnerabilities That Matter Most Right Now — Broadcom’s advisory for CVE-2026-22719 is unusually instructive. The vendor describes the flaw as a command injection vulnerability in VMware Aria Operations. A malicious unauthenticated actor may exp...
- Newest CVEs - Tenable — | CVE-2026-35587 | Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.4, a Server-Side Request Forgery (SSRF) vulnerability exists in the Glances IP plugin due to im...
🛡️ Incident Response & DFIR News
Three Microsoft Defender zero-days are actively exploited; CISA added four flaws to its Known Exploited Vulnerabilities catalog with a May 2026 deadline. The FIRESTARTER backdoor targeted a federal Cisco device, surviving patches. NASA employees were duped in a Chinese phishing scheme targeting U.S. defense software.
- The DFIR Report | Actionable Cyber Threat Intelligence — Dfir-Home-Hero-Background # Where Incidents Become Intelligence The DFIR Report delivers detailed, actionable intelligence drawn directly from observed intrusions—empowering organizations to harden ...
- Cybersecurity News, Insights and Analysis | SecurityWeek — ## Webinar: A Step-by-Step Approach to AI Governance With “Shadow AI” usage becoming prevalent in organizations, learn how to balance the need for rapid experimentation with the rigorous controls req...
- Cybersecurity Conferences 2026 - 2027 | Over 3.4K Events — ## Gartner Digital Workplace Summit Europe 2026 The Gartner Digital Workplace Summit Europe 2026 offers a comprehensive exploration of the latest advancements in workplace technologies, collaboration...
- The Hacker News | #1 Trusted Source for Cybersecurity News — ## CTM360 Exposes Global GovTrap Campaign With 11,000+ Fake Government Portals Targeting Citizens Worldwide Expert Insights ## Work Moved Into the Browser. Security Didn't. AI Is Exposing the Gap E...
📰 Latest Ransomware Attacks
In 2026, ransomware attacks remain prevalent, with significant incidents affecting healthcare, manufacturing, and insurance sectors. Notable attacks include breaches by Everest and Anubis ransomware groups. The ransomware landscape shows no signs of slowing down.
- Biggest Cyber Attacks, Data Breaches, Ransomware Attacks of March 2026 — | | | | | | | --- --- --- | | Date | Victim | Summary | Threat Actor | Business Impact | Source Link | | March 03, 2026 | Catalyst RCM | Cyber Attack on healthcare RCM vendors may have impact...
- The State Of Ransomware 2026 | BlackFog — 25. Approximately 90,000 individuals were affected by a ransomware attack on the National Association on Drug Abuse Programs (NADAP), attributed to the Genesis group. The incident, which occurred in l...
- Ransomware reaches elevated ‘new normal’ as attack volumes hold steady into 2026, reshape baseline risk expectations - Industrial Cyber — # Ransomware reaches elevated ‘new normal’ as attack volumes hold steady into 2026, reshape baseline risk expectations Ransomware reaches elevated ‘new normal’ as attack volumes hold steady into 2026...
- 10 New Ransomware Groups Of 2025 & Threat Trends For 2026 — ## 8) Sinobi Sinobi appears to operate as either a rebrand or close relative of the Lynx ecosystem and demonstrates deliberate tradecraft, including data exfiltration before encryption. Cases point t...
Facing an active incident? Contact us immediately at alerts@binary-response.com — we respond 24/7.