February 2026

Cyber Threat Intelligence Report

Threat activity, ransomware trends, and vulnerability intelligence from the frontlines.

Cyber attackers are moving faster than ever, weaponizing vulnerabilities within hours and scaling campaigns through phishing platforms, malware loaders, and ransomware ecosystems.

This month’s report examines emerging ransomware operations, large-scale phishing campaigns, supply chain compromises, and high‑impact vulnerabilities affecting organizations worldwide. It also includes deep technical analysis of new malware strains and attacker techniques used to evade defenses and maintain persistence.

 

This month’s report covers:

 

Emerging Ransomware Operations

  • Green Blood Group ransomware and its double‑extortion leak infrastructure
  • Ransomware‑as‑a‑Service activity tied to the emerging 0APT operation
  • February ransomware activity trends across groups such as Qilin, Clop, Akira, LockBit5, and DragonForce

 

Real‑World Cyber Campaigns and Attacks

  • Diesel Vortex phishing‑as‑a‑service campaign targeting global logistics organizations
  • Malicious NPM supply‑chain packages deploying Pulsar RAT through steganography
  • ValleyRAT distribution via a fake Huorong antivirus website linked to the Silver Fox group

 

Critical Vulnerabilities & Exploits

  • CVE‑2026‑1731: a critical pre‑authentication RCE affecting BeyondTrust Remote Support and PRA appliances
  • Hardcoded credential vulnerability in Dell RecoverPoint (CVE‑2026‑22769)
  • Authentication bypass and command injection vulnerabilities affecting Ivanti Endpoint Manager, JetBrains Hub, and Tenable Security Center

Powered by Cynet CyOps Threat Intelligence

This report is produced by Cynet’s CyOps Threat Intelligence Team, combining decades of combined expertise and continuous threat research, real-world telemetry, and hands-on incident response experience to deliver intelligence that is timely, relevant, and designed for action.

Looking for more in-depth Threat Intel?

Cynet partners and customers receive exclusive access to CTI Reports before they are made available for public download. Learn more about CyOps MDR to unlock the advantage of ongoing threat intel and real-time response.

 

Backed by the industry, loved by customers.

Outstanding results in 2025 Mitre ATT&CK Evaluations

100% Detection Visibility

100% Technique-Level Coverage

100% Protection

Learn More

Top-tier performance according to our users

98% score for Real-Time Detection

97% score for 24/7 support

97% score for Automated Remediation

Learn More

Recommended by 95%

Overall 4.8/5 Rating

Product capabilities 4.8/5 Rating

Ease of deployment 4.8/5 Rating

Learn More