CoinbaseCartel Claims Data Breach of Dolby Laboratories in Latest Extortion Scheme A newly emerged cybercriminal group, CoinbaseCartel, has added Dolby Laboratories to its dark web leak site, alleging a data breach over Super Bowl weekend (February 2026). The U.S.-based audio technology giant, which reported over $1.3 billion in revenue in 2025 and employs 2,000+ staff, joins a growing list of high-profile victims, including SK Telecom (South Korea’s largest mobile carrier) and Desjardins Group (Canada’s largest financial services cooperative). Despite denying ransomware operations, CoinbaseCartel’s tactics password-protecting stolen data and extorting victims via a dark web blog align with traditional ransomware cartels. The group, first observed in September 2025, previously targeted SK Telecom, threatening to leak source code after the company refused negotiations. Researchers note that some victims listed by CoinbaseCartel overlap with those claimed by other ransomware gangs, suggesting possible data recycling. Unlike typical ransomware groups, CoinbaseCartel restricts access to stolen data, likely to showcase it exclusively to potential buyers either the victim or other cybercriminals. No samples have been released to verify the breach’s severity. The group’s emergence follows a broader trend of law enforcement crackdowns, including the FBI’s seizure of the RAMP dark web forum, which has fueled distrust among cybercriminals. Dolby Laboratories has not yet responded to requests for comment. The incident underscores the persistent threat of double extortion tactics, where attackers both encrypt data and threaten to leak it unless demands are met.

Google Patches Critical Dolby Audio Decoder Flaw in January 2026 Android Update Google’s January 2026 Android security update addressed a severe vulnerability in Dolby audio decoders, tracked as CVE-2025-54957, which posed risks to millions of devices. Discovered by Google researchers in October 2025, the flaw allowed malicious audio files to execute remote code, access private data, or trigger system crashes. The fix was first deployed to Google Pixel devices in December 2025, providing immediate protection for Pixel users. The broader rollout arrived with the January 2026 Android security update, extending coverage to a wider range of Android devices. This patch strengthens defenses against exploit attempts via compromised audio files, reinforcing Android’s security posture and underscoring the importance of timely updates in mitigating emerging threats.