惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

WordPress大学
WordPress大学
Cyberwarzone
Cyberwarzone
The GitHub Blog
The GitHub Blog
云风的 BLOG
云风的 BLOG
P
Proofpoint News Feed
小众软件
小众软件
Recent Announcements
Recent Announcements
博客园 - 三生石上(FineUI控件)
Security Archives - TechRepublic
Security Archives - TechRepublic
W
WeLiveSecurity
Cloudbric
Cloudbric
博客园 - 司徒正美
美团技术团队
N
News and Events Feed by Topic
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
PCI Perspectives
PCI Perspectives
宝玉的分享
宝玉的分享
H
Help Net Security
H
Hackread – Cybersecurity News, Data Breaches, AI and More
Google DeepMind News
Google DeepMind News
Help Net Security
Help Net Security
Last Week in AI
Last Week in AI
S
Schneier on Security
N
News | PayPal Newsroom
B
Blog RSS Feed
L
LINUX DO - 最新话题
T
Troy Hunt's Blog
S
Secure Thoughts
雷峰网
雷峰网
aimingoo的专栏
aimingoo的专栏
L
Lohrmann on Cybersecurity
G
Google Developers Blog
Microsoft Azure Blog
Microsoft Azure Blog
Hacker News - Newest:
Hacker News - Newest: "LLM"
T
Tenable Blog
S
Securelist
L
LangChain Blog
Recent Commits to openclaw:main
Recent Commits to openclaw:main
I
InfoQ
H
Heimdal Security Blog
Cisco Talos Blog
Cisco Talos Blog
F
Full Disclosure
Y
Y Combinator Blog
酷 壳 – CoolShell
酷 壳 – CoolShell
K
Kaspersky official blog
T
Tailwind CSS Blog
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
阮一峰的网络日志
阮一峰的网络日志
C
Cisco Blogs

Threat Intelligence Blog | Flashpoint

Understanding Illicit Ecosystems: How Dark Web Forums Structure Cybercrime AI, Trust, and the Future of Threat Intelligence Remus Stealer: A New, Not-So-New Infostealer America250 Fourth of July Threat Assessment Unmasking the Digital Trail: Essential Techniques for Vetting AI-Generated Content The Shift to Threat-Informed Prioritization: Operationalizing CISA BOD 26-04 Identity Is the New Attack Surface: How Infostealers Are Reshaping Enterprise Risk Understanding Illicit Ecosystems: Weaponizing Mainstream Apps and Social Infrastructure Connecting Vulnerability Intelligence to Real-World Exposure With Flashpoint EASM Understanding Illicit Ecosystems: XSS and the Current State of the Russian-Speaking Underground How to Align and Measure Threat Intelligence Operations: Flashpoint Priority Intelligence Requirements The Mini Shai-Hulud Worm and the New Era of CI/CD Exploitation Understanding Illicit Ecosystems: The Hybrid Threat of “The Com” AI Threat Report: How Artificial Intelligence Is Used Across Illicit Communities How Mergers and Acquisitions Expand Your Attack Surface Overnight The Evolution of the Geotag: How AI is Bridging the Gap in Location-Based OSINT Navigating the Threat Landscape of the 2026 FIFA World Cup Inside the 2026 Cyber Threat Landscape: Data-Driven Security Priorities Flashpoint MCP Server: Operationalizing Cyber Threat Data for Agentic AI Security Workflows 2026 Gartner® Magic Quadrant™ for Cyber Threat Intelligence: Key Takeaways for Security Leaders Escalation in the Middle East: Tracking “Operation Epic Fury” Across Military and Cyber Domains How to Build and Operationalize Priority Intelligence Requirements National Vulnerability Database (NVD) Shifts to Selective Enrichment as CVE Volume Surges Flashpoint Surpasses Cataloging 7,000 Known Exploited Vulnerabilities as Disclosure Volume Accelerates Why Intelligence Requirements Fall Flat and How to Fix Them with a Practical Priority Intelligence Requirements Framework The Phishing-as-a-Service Pipeline: How a Scalable Fraud Ecosystem Is Driving Global Attacks Tax Refund Fraud in 2026: How Threat Actors Exploit Identity, Verification, and Cash-Out Channels The Language of Emojis in Threat Intelligence: How Adversaries Signal, Obfuscate, and Coordinate Online What the NVD ‘Slowdown’ Means For You: How to Stay Ahead in Vulnerability Management Forrester Threat Intelligence Landscape: Key Takeaways for Security Leaders Connecting Threat Intelligence to Decision-Making: How Flashpoint Is Operationalizing Intelligence in 2026 Iran-Aligned Militias Signal Expanded Regional Risk Amid US–Israel–Iran Conflict Destructive Activity Targeting Stryker Highlights Emerging Supply Chain Risks What to Know About the Notepad++ Supply-Chain Attack Cyber Threat Intelligence Index: Q3 2023 Edition Beyond Hamas: Militant and Terrorist Groups Involved in the October 7 Attack on Israel The First 72 Hours of the Israel-Hamas War: Hamas and PIJ Activity on Telegram About Us Qakbot Takedown: A Brief Victory in the Fight Against Resilient Malware Unmasking the Attacker and Decoding Threat Actor Patterns The Flashpoint Firehose: 5 Questions With Michael Raypold, VP of Engineering The Seven Phases of a Ransomware Attack: A Step-by-Step Breakdown of the Attack Lifecycle Lost in Transition: A Timeline of Failed Successors to Breach and Raid Forums Days of Chaos: How OSINT Helps Us Understand the Putin-Prigozhin Schism Lessons From Clop: Combating Ransomware and Cyber Extortion Events How to Combat Check Fraud: Leveraging Intelligence to Prevent Financial Loss Beyond Gates and Alarms: The Scope and Impact of Physical Security Intelligence Why We Built Flashpoint Ignite: Unity, Power, and Performance The Risk-Reducing Power of Flashpoint Video Search Card Shop Threat Landscape: BidenCash Dumps 2.1M Stolen Credit Cards Flashpoint in 2023: A Note From Our CEO 5 Reasons Taiwan Is a Growing Source of US-China Tension Why We Acquired Echosec Systems: The OSINT Revolution Open Source Intelligence
Navigating 2026’s Converged Threats: Insights from Flashpoint’s Global Threat Intelligence Report
2026-03-11 · via Threat Intelligence Blog | Flashpoint

The cybersecurity landscape has reached a point of total convergence, where the silos that once separated malware, identity, and infrastructure have collapsed into a single, high-velocity threat engine. Simultaneously, the threat landscape is shifting from human-led attacks to machine-speed operations as a result of agentic AI, which acts as a force multiplier for the modern adversary.

To explore how these shifts are playing out in real-world threat activity — and what they mean for security teams — join our upcoming webinar, Inside the 2026 Cyber Threat Landscape: Data-Driven Security Priorities, where Flashpoint analysts will break down the key findings and their operational impact.

Flashpoint’s 2026 Global Threat Intelligence Report

Flashpoint’s 2026 Global Threat Intelligence Report (GTIR) was developed to anchor security leaders — from threat intelligence and vulnerability management teams to physical security professionals and the CISO’s office — with the data required to navigate this year’s greatest threats, rife with infostealers, vulnerabilities, ransomware, and malicious insiders.

Our report uncovers several staggering metrics that illustrate the industrialization of modern cybercrime:

  • AI-related illicit activity skyrocketed by 1,500% in a single month at the end of 2025.
  • 3.3 billion compromised credentials and cloud tokens have turned identity into the primary exploit vector.
  • From January 2025 to December 2025, ransomware incidents rose by 53%, as attackers pivot from technical encryption to “pure-play” identity extortion.
  • Vulnerability disclosures surged by 12% from January 2025 to December 2025, with the window between discovery and mass exploitation effectively vanishing.

These findings are derived from Flashpoint’s Primary Source Collection (PSC), a specialized operating model that collects intelligence directly from original sources, driven by an organization’s unique Priority Intelligence Requirements (PIR). The 2026 Global Threat Intelligence Report leverages this ground-truth data to provide a strategic framework for the year ahead. Download to gain:

  1. A Clear Understanding of the New Convergence Between Identity and AI
    Discover how threat actors are preparing to transition from generative tools to sophisticated agentic frameworks. Learn how 3.3 billion compromised credentials are being weaponized via automated orchestration to bypass legacy defenses and exploit the connective tissue of modern corporate APIs.
  2. Intelligence on the “Franchise Model” of Global Extortion
    Gain deep insight into the professionalized operations of today’s most prolific threat actors. From the industrial efficiency of RaaS groups like RansomHub and Clop to the market dominance of the next generation of infostealer malware, we break down the economics driving today’s cybercrime ecosystem.
  3. A Blueprint for Proactive Defense and Risk Mitigation
    Leverage the latest trends, in-depth analysis, and data-driven insights driven by Primary Source Collection to bolster your security posture by identifying and proactively defending against rising attack vectors.

As attackers automate exploitation of identity, vulnerabilities, and ransomware, defenders who rely on fragmented visibility will fall behind. To keep pace, organizations must ground their decisions in primary-source intelligence that is drawn from adversarial environments, so that decision-makers can get ahead of this accelerating threat cycle.”

Josh Lefkowitz, CEO & Co-Founder at Flashpoint

The Top Threats at a Glance

Our latest report identifies four driving themes shaping the 2026 threat landscape:

2026 Is the Era of Agentic-Based Cyberattacks

Flashpoint identified a 1,500% rise in AI-related illicit discussions between November and December 2025, signaling a rapid transition from criminal curiosity to the active development of malicious frameworks. Built on data pulled from criminal environments and shaped by fraud use cases, these systems scrape data, adjust messaging for specific targets, rotate infrastructure, and learn from failed attempts without the need for constant human involvement.

2026 is the era of agentic-based cyberattacks. We’ve seen a 1,500% increase in AI-related illicit discussions in a single month, signaling increased interest in developing malicious frameworks. The discussions evolve into vibe-coded, AI-supported phishing lures, malware, and cybercrime venues. When iteration becomes cheap through automation, attackers can afford to fail repeatedly until they find a successful foothold.

Ian Gray, Vice President of Cyber Threat Intelligence Operations at Flashpoint

Identity Is the New Exploit

Flashpoint observed over 11.1 million machines infected with infostealers in 2025, fueling a massive inventory of 3.3 billion stolen credentials and cloud tokens. The fundamental mechanics of cybercrime have shifted from breaking in to logging in, as attackers leverage stolen session cookies to behave like legitimate users.

The Patching Window Is Rapidly Closing

Vulnerability disclosures surged by 12% in 2025, with 1 in 3 (33%) vulnerabilities having publicly available exploit code. The strategic gap between discovery and weaponization is increasingly vanishing, as evidenced by mass exploitation of zero-day vulnerabilities in as little as 24 hours after discovery.

Ransomware Is Hacking the Person, Not the Code

As technical defenses against encryption harden, ransomware groups are pivoting to the path of least resistance: human trust. This approach has led to a 53% increase in ransomware, with RaaS groups being responsible for over 87% of all ransomware attacks.

Build Resilience in a Converged Landscape

The findings in the 2026 Global Threat Intelligence Report make one thing clear: incremental improvements to legacy security models are no longer sufficient. As adversaries transition to machine-speed operations, the strategic advantage shifts to organizations that can maintain visibility into the adversarial environments where these attacks are born.

The 2026 threat landscape is defined by speed, scale, and convergence — conditions that demand a more integrated, intelligence-led approach. To dive deeper into the data and analysis behind these shifts, join our upcoming webinar, Inside the 2026 Cyber Threat Landscape.

Protecting organizations and communities requires an intelligence-first approach. Download Flashpoint’s 2026 Global Threat Intelligence Report to gain clarity and the data-driven insights needed to safeguard critical assets.

Get Your Copy