The Cybersecurity and Infrastructure Security Agency (CISA) recently published Binding Operational Directive 26-04. BOD 26-04 emphasizes the need for federal entities to identify vulnerabilities and prioritize deploying security updates; this ensures vulnerabilities are remediated through a structured, intentional program to mitigate significant risks of compromise. This directive specifically impacts units of federal (civilian) executive branch agencies accessing and/or operating corresponding federal civilian information systems. BOD 26-04 also impacts the systems managed by third parties, most notably FedRAMP providers and supporting agencies.

Why Are Leading Ransomware Groups Claiming the Same Victims?

KryBit Ransomware Strikes Back, Exposing 0APT

Handala’s Surge Signals a New Wave of Wartime Cyberattacks

Bitdefender has analyzed the movements of dozens of ransomware groups executing campaigns against organizations based in the United States. As a result of this analysis, we can draw insights into patterns that emerged in early 2026. The analysis that follows expounds on key trends and developments. We also share predictions that underscore how ransomware operations and attack patterns may take shape during spring 2026.

Ransomware Group AtomSilo Returns After 5 Year Absence

The 0APT Ransomware Hoax: A New Threat Sounds a False Alarm

The ransomware threat actor Coinbase Cartel first emerged in September 2025 and claimed 14 victims that month. The group focuses on data exfiltration, which aligns with a trend Bitdefender is tracking in the ongoing evolution of ransomware.