Jeremy Nichols

The first half of May was relatively routine overall, with ransomware activity continuing to heavily impact small businesses, which accounted for 79.06% of.

Byer-Nichols Threat Brief for April 16-30, 2026. Qilin dominated ransomware at 23.10% while small businesses bore 71.12% of attacks across all sectors.

Threat activity intensified as APT36, Bearlyfy, Silver Fox, TA446, TeamPCP, and UNC1069 leaned into credential theft, social-engineering lures, and quiet.

Threat activity spiked as APT36, TA446, and UNC1069 leaned into credential theft and cloud-identity abuse, while Bearlyfy escalated politically driven.

Ransomware activity in early March 2026 remained fragmented, led by Qilin with continued pressure across manufacturing, technology, and construction sectors,.

Byer-Nichols Threat Brief for February 16-28, 2026. Ransomware remained fragmented, led by Qilin. Large enterprise victims rose to 16 this period.

In early February, APT activity leaned hard on cloud abuse, identity compromise, and long‑dwell access, with UNC3886 standing out for its persistence.

Ransomware stayed hot in late January, with Cl0p jumping to the top after its huge Cleo linked victim dump, while Qilin, Akira, Sinobi and The Gentlemen kept.

We open the new year with a Microsoft CVE dating back to 2009 finally being added to the CISA known exploited vulnerability catalog on the 7th of January.

Byer-Nichols Threat Brief for December 16-31, 2025. Vendor reports slowed as the year ended, but victim counts and actively exploited vulnerabilities persisted.

Byer-Nichols Threat Brief for December 1-15, 2025. LockBit resurfaced in the top 5, Coinbase Cartel elevated the UAE to a top target region.

Qilin leads ransomware activity this period, with CL0P and Akira close behind. Newer and mid-tier groups like Sinobi and DragonForce show rising impact.

One of the most concerning developments over this period has been the discovery of zero-click vulnerabilities in Samsung mobile devices, which have already.

The recent theft of source code from F5 has seen over a quarter of a million F5 BIG-IP instances exposed to potential remote attacks via the Internet, and in.

The emergence of the Scattered LAPSUS$ Hunters 'Trinity of Chaos' has made headlines in recent weeks with their daring extortion attempts of large enterprises.

Of concern in this period is a rise in attacks against Cisco ASA and IOS XE devices, highlighting the exposure of critical network infrastructure.

Of concern in this period is an increase in attackers compromising devices from vendors including SonicWall and especially TP-Link.

Byer-Nichols Threat Brief for August 16-31, 2025. PromptLock malware leverages generative AI to analyze victim files and decide what to exfiltrate.

Small businesses continue to dominate the ranks of breach victims at 84.25%. When we consider that small businesses represent about half of employment.

Byer-Nichols Threat Brief for July 16-31, 2025. Qilin and INC ransomware dominated while Beast entered the top 5, representing 6.35% of attacks.

July 2025 cyber threats: Qilin ransomware hit 16.3% of attacks, targeting small businesses (80.6%) in manufacturing & tech. U.S. most affected (49%).