2026 Q2 Threat Report: Track the Threats Shaping Enterprise Risk

2026 Cybersecurity Forecast: Mid-Year Review and H2 Threat Predictions

Key Takeaways

Back in January 2026, our Cybersecurity Forecast 2026: What to Expect report laid out six risk themes for the year ahead: ransomware and data-theft extortion, supply chain and third-party compromise, AI-enabled social engineering, virtualization and hypervisor attacks, cloud and machine identity abuse, and industrial and critical infrastructure targeting.

Six months in, this review checks those forecasts against what actually happened, using publicly reported incidents, government advisories, and threat intelligence published between January and June 2026. Sourcing leans on US and Western European material: CISA, the FBI, the UK’s National Cyber Security Centre, primary vendor disclosures, and independent security journalism. Put together, the picture that emerges says a lot about where 2026 cybersecurity trends are actually headed, and it sets up a fresh set of cyber threat predictions for the back half of the year.

2026 Forecast Scorecard

Original ForecastStatusConfidence
Ransomware & Data-Theft ExtortionConfirmedHigh
Supply Chain & Third-Party CompromiseConfirmedHigh
AI-Enabled Social EngineeringAcceleratingHigh
Industrial & Critical Infrastructure TargetingConfirmedHigh
Virtualization & Hypervisor AttacksEmergingMedium
Cloud & Machine Identity AbuseEmergingMedium
Before These Threats Became Headlines, They Were Predictions.

What Came True

1. Ransomware & Data-Theft Extortion

The original forecast said ransomware crews would keep leaning into pure data-theft extortion instead of encryption, building off the 2,302-victim Q1 2025 leak-site baseline.

That held up, though the more interesting story is concentration. Check Point Research counted 2,122 organizations listed on ransomware leak sites in Q1 2026, the second-highest Q1 on record. But the top 10 groups alone claimed 71% of those victims, up from 57% just two quarters prior, and a handful of independent trackers flagged the exact same pattern[1]. Breachsense, using a different counting method entirely, logged 808 victims in March alone, putting 2026 on pace roughly 18.5% above 2025’s full-year total[2].

A few names stood out. Qilin held the top spot for a third straight quarter with 338 victims. The Gentlemen, a newer outfit started by a former Qilin affiliate late in 2025, jumped from just 40 victims in Q4 to 166 in Q1, quite a climb for a group that barely existed six months earlier. LockBit came back too, 163 victims, after law enforcement had supposedly dismantled it back in 2024. And ShinyHunters didn’t even bother with an encryptor: the group hit Salesforce Experience Cloud misconfigurations directly and still generated outsized damage[1].

Track the top 10 operators’ tactics rather than every new leak-site name that pops up. And stretch “assume data will be stolen” planning to cover SaaS platforms too, since there’s no encryption event there to trip an alert.

2. Supply Chain & Third-Party Compromise

The forecast here was straightforward: one compromised vendor keeps cascading across many downstream organizations.

What actually happened diverged a bit from that script. Several of this year’s biggest incidents ran through stolen OAuth tokens rather than a direct network breach at the vendor itself, a real change from the pattern that defined 2025.

Take Vercel. Vercel’s own security bulletin describes how an employee’s Google Workspace OAuth token was compromised after a third-party AI tool called Context.ai was infected with Lumma Stealer malware back in February 2026. Attackers used that token to pivot into Vercel’s internal systems and pull environment variables for a subset of customer projects[3].

Then in June, a breach at SaaS provider Klue traced back to something almost embarrassingly mundane: a four-year-old prototype credential nobody had ever revoked. Klue’s own incident disclosure explains how attackers used it to harvest OAuth tokens linking Klue’s customers to Salesforce[4].

The named victims read like a who’s-who of cybersecurity vendors, Huntress, Recorded Future, Tanium, Jamf, and each confirmed on its own that business contact and sales data had been exposed. Huntress’s own account of its investigation adds specifics Klue’s post doesn’t cover, naming the root cause as a long dormant credential Klue had created to prototype a third-party integration it later abandoned[5].

Neither incident started with a network breach. Both started with a credential nobody remembered to kill. Every third-party app with access to core systems needs an owner, an expiration date, and periodic re-authorization, not indefinite standing access.

3. AI-Enabled Social Engineering

The forecast expected AI voice cloning and generative phishing to push BEC losses higher.

It did, and the FBI’s own numbers make the case better than any vendor report could. The 2025 Internet Crime Report put total US cybercrime losses at $20.877 billion, up 26% year over year. Business email compromise losses climbed to $3.046 billion across 24,768 complaints, up from $2.77 billion in 2024, which is a strange combination: fewer people reporting attacks, but far more money lost per incident. This was also the first year in the IC3’s 25-year history that AI-enabled fraud got its own line item: 22,364 complaints, $893 million in losses[6][7].

AI-assisted fraud isn’t some future risk anymore. It’s already here, and payment verification, identity validation, and basic user awareness need to function as hard controls, not nice-to-haves.

4. Industrial & Critical Infrastructure Targeting

The forecast held that manufacturing would stay the top industrial target, with ransomware increasingly hitting the enterprise systems that support operational technology (OT).

Dragos put real numbers behind how much worse this got. Ransomware groups with reach into industrial organizations grew to 119 in 2025, up 49% from 80 the year before, hitting more than 3,300 organizations. Manufacturing absorbed more than two-thirds of that, again. But the number worth remembering is the dwell-time gap: organizations with real OT visibility caught and contained incidents in an average of 5 days. The industry-wide average was 42 days[8].

(Note: Dragos is itself a competitor in the OT security space, so this is a direct link to a competitor’s own report rather than third-party coverage of it. Flagging that trade-off explicitly since primary sourcing was the priority here.)

Three genuinely new threat groups showed up in 2025: SYLVANITE, PYROXENE, and AZURITE. SYLVANITE hands off established footholds to a separate, older group called VOLTZITE for deeper OT work. PYROXENE goes after aviation, aerospace, defense, and maritime targets. AZURITE focuses on long-term OT data theft. VOLTZITE itself, meanwhile, got promoted to Stage 2 of the ICS Cyber Kill Chain after Dragos caught it manipulating engineering workstation software, pulling configuration files and probing what conditions would actually trigger a shutdown. KAMACITE spent the year mapping control loops across US infrastructure. ELECTRUM targeted distributed energy systems in Poland with what looked like deliberate attempts to affect real operational assets[8].

Stop treating OT ransomware incidents as “IT-only” just because the compromised box happens to run Windows. Five days versus 42 is about as clean an ROI argument for OT visibility as you’ll ever get.

1. Virtualization & Hypervisor Attacks

Exploitation of virtualization platforms kept going through the first half of 2026, though it’s still more of a post-compromise escalation move than a way attackers first break in.

Broadcom’s own VMware security advisory, VMSA-2025-0004, disclosed CVE-2025-22225 in March 2025, an arbitrary-write flaw in ESXi that Broadcom said it had information suggesting was already being exploited as a zero-day.

CISA later confirmed, by updating its Known Exploited Vulnerabilities catalog in February 2026, that ransomware groups were actively chaining this bug with related ESXi vulnerabilities to seize full control of hypervisors and encrypt everything they host in one shot, frequently getting in through a compromised VPN first. A related VMware vCenter vulnerability, CVE-2026-22719, made it onto CISA’s catalog this year too[9][10].

Worth watching: whether organizations actually start adopting vSphere’s stricter execution-control and lockdown settings, and whether new VM-escape bugs keep surfacing at this same pace.

2. Cloud & Machine Identity Abuse

Machine identity abuse kept building momentum as organizations expanded their cloud footprint, automation, and AI workloads. It’s shaping up to be one of the defining identity security problems of the year.

SpyCloud’s own 2026 Identity Exposure Report, released through the company’s newsroom, recaptured 18.1 million exposed API keys and tokens from 2025 alone, spread across payment platforms, cloud infrastructure, developer ecosystems, and AI services, plus another 6.2 million credentials tied specifically to AI tools. Its recaptured identity dataset grew 23% year over year to 65.7 billion distinct records[14]. The same report noted Europol’s March 4, 2026 takedown of the Tycoon 2FA phishing-as-a-service platform, which had been enabling MFA-bypass attacks at scale, an operation SpyCloud says it supported with its own victim identity intelligence [14].

Worth watching here too:

whether AI agents start getting the same lifecycle governance as service accounts, and whether the CA/Browser Forum’s plan to shrink TLS certificate validity from 398 days down to 47 by 2029 actually forces broader automation of credential rotation, rather than just more manual busywork.

Two developments sit entirely outside the original six-theme forecast.

AI infrastructure became a supply chain target in its own right. LiteLLM’s own security bulletin lays it out: a threat actor group tracked as TeamPCP compromised the CI/CD pipeline of the Trivy security scanner, which cascaded into maintainer credentials for LiteLLM itself, an AI gateway package used across a lot of agent frameworks and MCP servers. Two malicious package versions hit PyPI on March 24, 2026, and were pulled within roughly three hours. That’s fast, but not fast enough; the payload had already grabbed cloud credentials, SSH keys, and Kubernetes secrets[12].

Edge network appliances took a mass credential-harvesting hit. CISA’s June 2026 advisory on the campaign now called FortiBleed describes large-scale credential theft against internet-facing Fortinet firewalls, putting the confirmed number at roughly 74,000 devices[13].

Fortinet’s own PSIRT team, in its June 19 blog post responding to the campaign, did not publish its own device count, but was explicit about the mechanism: the activity involved threat actors reusing credentials from earlier incidents and brute-forcing devices with weak password hygiene and no MFA enabled, not a new vulnerability[15].

Independent researcher tracking, cited in third-party coverage of the campaign, put the device count higher than CISA’s figure, though that number does not come from Fortinet itself. CISA and the UK’s National Cyber Security Centre both issued guidance within days of disclosure.

H2 2026 Predictions

Enterprise Priorities for H2 2026

If there’s one thread running through enterprise cybersecurity trends this year, it’s that identity, not the perimeter, is now the control point that matters.

Our customers detect post-breach attacks over 9x Faster

  • Detect Advanced Threats Before Damage Escalates Trusted
  • Cybersecurity Leader for 20+ Years
  • See why security teams choose us over other solutions
Request a DemoSee Fidelis in Action

Conclusion

Line up the most reliable data points from the first half of 2026, the FBI’s own report, CISA’s advisories, the primary disclosures from Vercel and LiteLLM, and one pattern keeps repeating: some credential, token, or account carried more standing trust than anyone had actually accounted for. Ransomware groups didn’t multiply so much as consolidate into fewer, sharper operations. Supply chain risk stopped being mainly about vendor networks and became mainly about OAuth tokens instead. AI didn’t even need a new technique to make social engineering more expensive per incident; it just made the old ones work better.

Whatever the back half of 2026 brings, the organizations that come out ahead will be the ones treating every credential, human, machine, OAuth token, or AI agent alike, as something that needs active management rather than indefinite trust.

Citations:

About Author

Sarika Sharma

Sarika, a cybersecurity enthusiast, contributes insightful articles to Fidelis Security, guiding readers through the complexities of digital security with clarity and passion. Beyond her writing, she actively engages in the cybersecurity community, staying informed about emerging trends and technologies to empower individuals and organizations in safeguarding their digital assets.

Related Readings

One Platform for All Adversaries

See Fidelis in action. Learn how our fast and scalable platforms provide full visibility, deep insights, and rapid response to help security teams across the World protect, detect, respond, and neutralize advanced cyber adversaries.