Byer-Nichols Threat Brief Cybersecurity Data for February 16-31 2026

[Alex] Welcome back to Digital Rage! So, okay, here's the thing... we just got the latest threat brief from the team at Byer Co. It’s written by Jeremy Nichols, and honestly, the data for the second half of February 2026 is... well, it’s a lot to process.

[Sarah] Oh, I bet. It feels like every time we look at these reports, the landscape just gets... messier? Is that the right word?

[Alex] Messy is actually perfect. Jeremy uses the word 'fragmented.' Basically, there isn’t one big cartel running the show right now. It’s a bunch of different groups all carving out their own space. But, if we're looking at the top of the leaderboard, Qilin is still the one to watch. They’re sitting at nearly twenty percent of the activity.

[Sarah] Twenty percent! That’s... wow. And I saw another name in there that sounded, I don’t know, almost polite? 'The Gentlemen'?

[Alex] Right, right. Don't let the name fool you, though. They’re holding steady at about ten percent. Then you’ve got Akira and INC Ransom. But what’s really interesting in this report is who they’re going after. Tech and Retail are the biggest targets this time around.

[Sarah] Wait, really? Technology? You’d think tech companies would have the best defenses, right? I mean, that’s their whole thing.

[Alex] You’d think! But they’re actually at the top of the list—over sixteen percent. Retail is right behind them. And here’s the stat that really jumped out at me... large enterprise victims? They’re up by two hundred and forty-five percent compared to the last period.

[Sarah] Wait, back up. Two hundred and forty-five percent? That’s not just a small bump, that’s... that’s a massive spike. Why the sudden shift toward the big guys?

[Alex] It’s... it’s kind of fascinating, actually. While small businesses still make up the majority of victims—like eighty percent—the attackers are clearly swinging for the fences more often. Sixteen large enterprises were hit just in this two-week window. It shows that these groups are getting more confident, or maybe just better at finding those enterprise-level cracks.

[Sarah] Mmhmm. And it's not just where they're hitting, it's where they're *from*, right? The report mentions some big-name actors coming back into the spotlight.

[Alex] Exactly. We’re seeing a resurgence from groups like APT37 and Lazarus. And as the Byer Co team points out, the line between 'financial motivation' and 'state-aligned' activity is getting super blurry. Like, is it a heist or is it espionage? Sometimes, it’s both.

[Sarah] That’s... actually a great point. It’s like they’re multitasking. Speaking of multitasking, I noticed some really specific malware names in the brief. 'PromptSpy' caught my eye. Is that what I think it is?

[Alex] Spot on. It’s malware that uses AI-related lures. Think about it... everyone is talking about AI right now. So, the attackers create tools or themes that look like AI productivity boosters to trick people into downloading them. It’s clever. In a dark way.

[Sarah] Ugh, of course. They're using our own curiosity against us. And I saw something about Microsoft Copilot in the news section? Something about... summarizing confidential emails?

[Alex] Yeah, that’s a big one. There was a bug where Copilot could end up summarizing confidential stuff it wasn't supposed to. It just goes to show that even the big, trusted platforms are having these 'growing pain' security issues. And then you’ve got $4.8 million in crypto stolen because a Korean tax agency exposed a wallet seed... it’s just one thing after another.

[Sarah] It sounds like we're just... flying blind sometimes. But, okay, let’s bring it back. If I’m a business owner listening to this—or even just an IT manager—what’s the big takeaway from Jeremy’s report?

[Alex] The big takeaway? Well, first, watch your vulnerabilities. The CISA KEV added eleven new ones this period, including stuff for Cisco and GitLab. If you use those, patch them yesterday. Second, realize that 'fragmentation' means the threat is coming from everywhere. You can't just watch for one specific group.

[Sarah] Right, right. It’s not just about the 'big bad' anymore. It’s the dozens of mid-tier groups that are gaining momentum.

[Alex] Exactly. And honestly, the fact that ransomware payment rates are dropping to record lows—even as attacks surge—is a good sign. It means companies are getting better at backups and recovery. They’re refusing to play the game.

[Sarah] Well, that’s at least a little bit of good news in a pretty heavy report! Huge thanks to Jeremy Nichols and Geoff Rehmet for putting this data together. It’s... it's a lot, but it’s better to know, right?

[Alex] Always. Knowledge is the first line of defense. We’ll be back next time to see where these trends go next. Stay safe out there.