Key Takeaways
- Ransomware concentrated hard: top 10 groups now claim 71% of victims, up from 57%.
- Supply chain attacks shifted to stolen OAuth tokens instead of network breaches.
- AI-enabled fraud hit $893M in the US, inside a record $20.877B cybercrime year.
- Manufacturing stays the top industrial target; ransomware reach grew 49% year over year.
- New this year: AI infrastructure supply chain attacks and mass edge-device credential theft.
Back in January 2026, our Cybersecurity Forecast 2026: What to Expect report laid out six risk themes for the year ahead: ransomware and data-theft extortion, supply chain and third-party compromise, AI-enabled social engineering, virtualization and hypervisor attacks, cloud and machine identity abuse, and industrial and critical infrastructure targeting.
Six months in, this review checks those forecasts against what actually happened, using publicly reported incidents, government advisories, and threat intelligence published between January and June 2026. Sourcing leans on US and Western European material: CISA, the FBI, the UK’s National Cyber Security Centre, primary vendor disclosures, and independent security journalism. Put together, the picture that emerges says a lot about where 2026 cybersecurity trends are actually headed, and it sets up a fresh set of cyber threat predictions for the back half of the year.
2026 Forecast Scorecard
| Original Forecast | Status | Confidence |
|---|---|---|
| Ransomware & Data-Theft Extortion | Confirmed | High |
| Supply Chain & Third-Party Compromise | Confirmed | High |
| AI-Enabled Social Engineering | Accelerating | High |
| Industrial & Critical Infrastructure Targeting | Confirmed | High |
| Virtualization & Hypervisor Attacks | Emerging | Medium |
| Cloud & Machine Identity Abuse | Emerging | Medium |
- See the six expert predictions that shaped 2026 and the threats still expected to define the rest of the year.
What Came True
1. Ransomware & Data-Theft Extortion
The original forecast said ransomware crews would keep leaning into pure data-theft extortion instead of encryption, building off the 2,302-victim Q1 2025 leak-site baseline.
That held up, though the more interesting story is concentration. Check Point Research counted 2,122 organizations listed on ransomware leak sites in Q1 2026, the second-highest Q1 on record. But the top 10 groups alone claimed 71% of those victims, up from 57% just two quarters prior, and a handful of independent trackers flagged the exact same pattern[1]. Breachsense, using a different counting method entirely, logged 808 victims in March alone, putting 2026 on pace roughly 18.5% above 2025’s full-year total[2].
A few names stood out. Qilin held the top spot for a third straight quarter with 338 victims. The Gentlemen, a newer outfit started by a former Qilin affiliate late in 2025, jumped from just 40 victims in Q4 to 166 in Q1, quite a climb for a group that barely existed six months earlier. LockBit came back too, 163 victims, after law enforcement had supposedly dismantled it back in 2024. And ShinyHunters didn’t even bother with an encryptor: the group hit Salesforce Experience Cloud misconfigurations directly and still generated outsized damage[1].
Track the top 10 operators’ tactics rather than every new leak-site name that pops up. And stretch “assume data will be stolen” planning to cover SaaS platforms too, since there’s no encryption event there to trip an alert.
2. Supply Chain & Third-Party Compromise
The forecast here was straightforward: one compromised vendor keeps cascading across many downstream organizations.
What actually happened diverged a bit from that script. Several of this year’s biggest incidents ran through stolen OAuth tokens rather than a direct network breach at the vendor itself, a real change from the pattern that defined 2025.
Take Vercel. Vercel’s own security bulletin describes how an employee’s Google Workspace OAuth token was compromised after a third-party AI tool called Context.ai was infected with Lumma Stealer malware back in February 2026. Attackers used that token to pivot into Vercel’s internal systems and pull environment variables for a subset of customer projects[3].
Then in June, a breach at SaaS provider Klue traced back to something almost embarrassingly mundane: a four-year-old prototype credential nobody had ever revoked. Klue’s own incident disclosure explains how attackers used it to harvest OAuth tokens linking Klue’s customers to Salesforce[4].
The named victims read like a who’s-who of cybersecurity vendors, Huntress, Recorded Future, Tanium, Jamf, and each confirmed on its own that business contact and sales data had been exposed. Huntress’s own account of its investigation adds specifics Klue’s post doesn’t cover, naming the root cause as a long dormant credential Klue had created to prototype a third-party integration it later abandoned[5].
Neither incident started with a network breach. Both started with a credential nobody remembered to kill. Every third-party app with access to core systems needs an owner, an expiration date, and periodic re-authorization, not indefinite standing access.
3. AI-Enabled Social Engineering
The forecast expected AI voice cloning and generative phishing to push BEC losses higher.
It did, and the FBI’s own numbers make the case better than any vendor report could. The 2025 Internet Crime Report put total US cybercrime losses at $20.877 billion, up 26% year over year. Business email compromise losses climbed to $3.046 billion across 24,768 complaints, up from $2.77 billion in 2024, which is a strange combination: fewer people reporting attacks, but far more money lost per incident. This was also the first year in the IC3’s 25-year history that AI-enabled fraud got its own line item: 22,364 complaints, $893 million in losses[6][7].
AI-assisted fraud isn’t some future risk anymore. It’s already here, and payment verification, identity validation, and basic user awareness need to function as hard controls, not nice-to-haves.
4. Industrial & Critical Infrastructure Targeting
The forecast held that manufacturing would stay the top industrial target, with ransomware increasingly hitting the enterprise systems that support operational technology (OT).
Dragos put real numbers behind how much worse this got. Ransomware groups with reach into industrial organizations grew to 119 in 2025, up 49% from 80 the year before, hitting more than 3,300 organizations. Manufacturing absorbed more than two-thirds of that, again. But the number worth remembering is the dwell-time gap: organizations with real OT visibility caught and contained incidents in an average of 5 days. The industry-wide average was 42 days[8].
(Note: Dragos is itself a competitor in the OT security space, so this is a direct link to a competitor’s own report rather than third-party coverage of it. Flagging that trade-off explicitly since primary sourcing was the priority here.)
Three genuinely new threat groups showed up in 2025: SYLVANITE, PYROXENE, and AZURITE. SYLVANITE hands off established footholds to a separate, older group called VOLTZITE for deeper OT work. PYROXENE goes after aviation, aerospace, defense, and maritime targets. AZURITE focuses on long-term OT data theft. VOLTZITE itself, meanwhile, got promoted to Stage 2 of the ICS Cyber Kill Chain after Dragos caught it manipulating engineering workstation software, pulling configuration files and probing what conditions would actually trigger a shutdown. KAMACITE spent the year mapping control loops across US infrastructure. ELECTRUM targeted distributed energy systems in Poland with what looked like deliberate attempts to affect real operational assets[8].
Stop treating OT ransomware incidents as “IT-only” just because the compromised box happens to run Windows. Five days versus 42 is about as clean an ROI argument for OT visibility as you’ll ever get.
Trends Still Developing
1. Virtualization & Hypervisor Attacks
Exploitation of virtualization platforms kept going through the first half of 2026, though it’s still more of a post-compromise escalation move than a way attackers first break in.
Broadcom’s own VMware security advisory, VMSA-2025-0004, disclosed CVE-2025-22225 in March 2025, an arbitrary-write flaw in ESXi that Broadcom said it had information suggesting was already being exploited as a zero-day.
CISA later confirmed, by updating its Known Exploited Vulnerabilities catalog in February 2026, that ransomware groups were actively chaining this bug with related ESXi vulnerabilities to seize full control of hypervisors and encrypt everything they host in one shot, frequently getting in through a compromised VPN first. A related VMware vCenter vulnerability, CVE-2026-22719, made it onto CISA’s catalog this year too[9][10].
Worth watching: whether organizations actually start adopting vSphere’s stricter execution-control and lockdown settings, and whether new VM-escape bugs keep surfacing at this same pace.
2. Cloud & Machine Identity Abuse
Machine identity abuse kept building momentum as organizations expanded their cloud footprint, automation, and AI workloads. It’s shaping up to be one of the defining identity security problems of the year.
SpyCloud’s own 2026 Identity Exposure Report, released through the company’s newsroom, recaptured 18.1 million exposed API keys and tokens from 2025 alone, spread across payment platforms, cloud infrastructure, developer ecosystems, and AI services, plus another 6.2 million credentials tied specifically to AI tools. Its recaptured identity dataset grew 23% year over year to 65.7 billion distinct records[14]. The same report noted Europol’s March 4, 2026 takedown of the Tycoon 2FA phishing-as-a-service platform, which had been enabling MFA-bypass attacks at scale, an operation SpyCloud says it supported with its own victim identity intelligence [14].
Worth watching here too:
whether AI agents start getting the same lifecycle governance as service accounts, and whether the CA/Browser Forum’s plan to shrink TLS certificate validity from 398 days down to 47 by 2029 actually forces broader automation of credential rotation, rather than just more manual busywork.
New Threat Trends That Emerged During H1 2026
Two developments sit entirely outside the original six-theme forecast.
AI infrastructure became a supply chain target in its own right. LiteLLM’s own security bulletin lays it out: a threat actor group tracked as TeamPCP compromised the CI/CD pipeline of the Trivy security scanner, which cascaded into maintainer credentials for LiteLLM itself, an AI gateway package used across a lot of agent frameworks and MCP servers. Two malicious package versions hit PyPI on March 24, 2026, and were pulled within roughly three hours. That’s fast, but not fast enough; the payload had already grabbed cloud credentials, SSH keys, and Kubernetes secrets[12].
Edge network appliances took a mass credential-harvesting hit. CISA’s June 2026 advisory on the campaign now called FortiBleed describes large-scale credential theft against internet-facing Fortinet firewalls, putting the confirmed number at roughly 74,000 devices[13].
Fortinet’s own PSIRT team, in its June 19 blog post responding to the campaign, did not publish its own device count, but was explicit about the mechanism: the activity involved threat actors reusing credentials from earlier incidents and brute-forcing devices with weak password hygiene and no MFA enabled, not a new vulnerability[15].
Independent researcher tracking, cited in third-party coverage of the campaign, put the device count higher than CISA’s figure, though that number does not come from Fortinet itself. CISA and the UK’s National Cyber Security Centre both issued guidance within days of disclosure.
H2 2026 Predictions
- Edge and perimeter appliances stay a leading ransomware entry point. FortiBleed made the case on its own: credential reuse and exposed management interfaces on perimeter devices remain exploitable at enormous scale without a single new vulnerability entering the picture [13][15]. Patching doesn't actually solve this, since credentials stolen before a patch stay valid after it. Rotate credentials after every patch as a mandatory step, enforce MFA on every VPN and admin account, and pull management interfaces off the public internet entirely.
- Encryption-less SaaS extortion keeps growing as its own category, separate from traditional ransomware. Klue and the ShinyHunters Salesforce campaign both proved enterprise-scale damage doesn't need an encryptor [1][4]. Backup-and-restore playbooks won't help here; the exposure is stolen data moving through a trusted OAuth integration, not a locked-down system. Build a SaaS-specific incident response plan, and specifically go hunting for dormant, never-revoked integration credentials, the exact thing that sank Klue.
- More AI infrastructure compromises will follow the LiteLLM pattern.
Why: The same threat actor group had already hit other widely used developer tools in the days before the LiteLLM compromise. That's a repeatable playbook, not a one-off.[12]
Impact: AI gateway and agent-framework libraries concentrate API keys and cloud credentials, making them high-value targets even in attacks that have nothing to do with AI specifically.
Do this: Pin dependencies to exact, hash-verified versions, and start treating AI gateway libraries as high-privilege infrastructure that needs the same change controls as production secrets. - Ransomware keeps consolidating into fewer, more capable brands. The top 10 groups' share of victims climbed from 57% to 71% in two quarters, with newcomers like The Gentlemen scaling fast by absorbing affiliates displaced from disrupted operations[1].
Fewer distinct attackers doesn't mean less risk. Each one left standing tends to be more operationally mature and more likely to deliver working decryption, which can perversely push ransom payment rates up instead of down. Shift threat-intel spending away from chasing group names and toward the shared initial-access techniques, stolen VPN credentials and vishing chief among them, that feed the entire top-10 cohort. - OAuth token governance becomes a named factor in a major breach disclosure.
Why: Two of this year's largest incidents, Vercel/Context.ai and Klue, both traced back to OAuth token compromise, not network intrusion[3][4].
Impact: Expect future disclosures to name specific dormant or over-permissioned OAuth grants as root cause, which will pull more scrutiny toward SaaS app marketplaces and integration review generally.
Do this: Build a full inventory of every OAuth grant across the SaaS estate, revoke anything with no API traffic in the past 90 days, and require periodic re-authorization for high-scope grants instead of letting them sit indefinitely.
Enterprise Priorities for H2 2026
If there’s one thread running through enterprise cybersecurity trends this year, it’s that identity, not the perimeter, is now the control point that matters.
- Inventory every third-party OAuth app authorized against SaaS platforms. A forgotten credential caused two of this year's largest breaches.
- Put internet-facing appliances on a fixed credential-rotation schedule instead of waiting for a CVE to force the issue. FortiBleed ran entirely on reused, never-rotated logins.
- Pin AI infrastructure dependencies to hashed, exact versions. The CI/CD-to-package-registry attack pattern has already shown up more than once this year.
- Fix IT/OT segmentation now. The five-day-versus-42-day detection gap says everything about whether visibility investment actually pays off.
- Make out-of-band verification mandatory for payment changes and credential resets. The FBI's own data shows AI-enabled fraud losses are real and climbing.
- Build a SaaS-specific breach response plan that doesn't assume every extortion event has to involve encryption, because plenty in 2026 didn't.
Our customers detect post-breach attacks over 9x Faster
- Detect Advanced Threats Before Damage Escalates Trusted
- Cybersecurity Leader for 20+ Years
- See why security teams choose us over other solutions
Conclusion
Line up the most reliable data points from the first half of 2026, the FBI’s own report, CISA’s advisories, the primary disclosures from Vercel and LiteLLM, and one pattern keeps repeating: some credential, token, or account carried more standing trust than anyone had actually accounted for. Ransomware groups didn’t multiply so much as consolidate into fewer, sharper operations. Supply chain risk stopped being mainly about vendor networks and became mainly about OAuth tokens instead. AI didn’t even need a new technique to make social engineering more expensive per incident; it just made the old ones work better.
Whatever the back half of 2026 brings, the organizations that come out ahead will be the ones treating every credential, human, machine, OAuth token, or AI agent alike, as something that needs active management rather than indefinite trust.
Citations:
- ^https://research.checkpoint.com/2026/the-state-of-ransomware-q1-2026/
- ^https://www.breachsense.com/ransomware-reports/march-2026/
- ^https://vercel.com/kb/bulletin/vercel-april-2026-security-incident
- ^https://klue.com/blog/an-update-on-recent-klue-security-incident
- ^https://www.huntress.com/blog/klue-breach-investigation
- ^https://www.fbi.gov/news/press-releases/cryptocurrency-and-ai-scams-bilk-americans-of-billions
- ^https://www.ic3.gov/AnnualReport/Reports/2025_IC3Report.pdf
- ^https://www.dragos.com/ot-cybersecurity-year-in-review
- ^https://support.broadcom.com/web/ecx/support-content-notification/-/external/content/SecurityAdvisories/0/25390
- ^https://www.cisa.gov/known-exploited-vulnerabilities-catalog