The data was collected by Darktrace from incidents across its global customer base and points to a year defined by automation, convergence and accelerating attacker speed.

ThreatLabz details the Ruby Jumper campaign in the following sections, focusing on the specific malware employed, the deployment methods, and how the final payload is delivered to achieve the ultimate objective.

Japanese tech testing company Advantest has suffered a ransomware attack, the company confirmed last Thursday, after detecting unusual activity within its IT environment on February 15, 2026.

APT28, a Russia-linked state-sponsored threat actor, has been attributed to a campaign targeting selected entities across Western and Central Europe, active from September 2025 through January 2026, according to S2 Grupo’s LAB52 team.

Atomic (AMOS) Stealer has evolved from being distributed via cracked software to a more sophisticated supply chain attack that manipulates AI agentic workflows on platforms like OpenClaw.

The Iranian hacking group known as MuddyWater has targeted several organizations and individuals mainly located across the Middle East and North Africa (MENA) region as part of a new campaign codenamed Operation Olalampo.

A fraud campaign exploiting Indonesia's Coretax tax platform has resulted in financial losses of $1.5m to $2m. The operation identified 228 new malware samples and 996 phishing URLs, targeting a potential pool of 67 million Indonesian taxpayers.

The Remcos RAT has evolved with new real-time surveillance capabilities and stronger evasion techniques. Originally a legitimate remote management tool, Remcos has been repurposed as a Remote Access Trojan.

A critical vulnerability has been identified in the Welker OdorEyes EcoSystem Pulse Bypass System with XL4 Controller. This vulnerability, which lacks authentication for a critical function, could lead to over- or under-odorization events.

Multiple critical vulnerabilities have been identified in the Jinan USR IOT Technology Limited (PUSR) USR-W610 device, potentially allowing unauthorized access and denial-of-service attacks.