Threat Radar — Top 10 Cyber Threats

CrowdStrike 2026 Global Threat Report: 89% YoY increase in AI-enabled attacks. Average eCrime breakout time now 29 minutes (65% faster than 2024); fastest observed: 27 seconds. Autonomous AI agents account for 1 in 8 reported AI breaches. Unit 42 2026: identity loopholes drive nearly 90% of incident investigations as AI boosts the full attack lifecycle.

Voice cloning has crossed the "indistinguishable threshold" — a few seconds of audio now produces convincing clones with natural intonation and breathing (Fortune, Dec 2025). 1 in 4 Americans report being fooled by deepfakes. UN warns deepfakes are a global wake-up call to organised fraud (UN News, Mar 2026). Major retailers report 1,000+ AI-generated scam calls per day. US AI-facilitated fraud losses projected to reach $40B by 2027 (CAGR 32%).

Five major supply-chain attacks in March 2026 alone. Axios npm compromise (100M weekly downloads) attributed by Google GTIG to North Korean group UNC1069 — WAVESHAPER.V2 backdoor deployed across Windows/macOS/Linux (Google, Apr 2026). TeamPCP campaign hit LiteLLM (3.4M daily PyPI downloads), Trivy, KICS, and Telnyx in 8 days — harvesting cloud credentials, SSH keys, and CI/CD secrets (Datadog, Mar 2026). 36 additional malicious npm packages exploited Redis/PostgreSQL for persistent implants (Apr 2026).

Publicly reported ransomware attacks reached 7,200 in 2025, up 47% from 4,900 in 2024 (Recorded Future). Despite volume surge, total payments declined as more organisations refuse to pay. Top groups: Qilin, Akira, Clop, INC Ransom, Play, DragonForce, Sinobi. Emerging shift: many groups skip encryption entirely, using pure data extortion. Cross-platform encryption and insider recruitment via native English speakers accelerating in 2026.

Unit 42 Global Incident Response Report 2026: identity loopholes drive nearly 90% of all investigations, with AI boosting the full attack lifecycle. AiTM attacks increased 146% YoY with ~40,000 incidents detected daily. SpyCloud 2026: 8.6 billion stolen session cookies recaptured. 84% of compromised accounts had MFA enabled. Fastest observed intrusion-to-exfiltration: just 4 minutes (CrowdStrike 2026).

Over-permissioned cloud identities (85% of cloud IAM) and SaaS sprawl now account for 50%+ of breach entry points. In Aug 2025, threat actor UNC6395 abused stolen OAuth tokens from Drift's Salesforce integration to compromise 700+ organisations via a trusted SaaS-to-SaaS connection. Misconfigurations, shadow AI tools, and unmanaged OAuth chains create lateral movement paths invisible to perimeter controls. Shadow AI usage added $670K to average breach cost (IBM 2026).

Q-Day timeline accelerating: three papers in three months rewriting quantum threat estimates (Quantum Insider, Mar 2026). Google whitepaper indicates ECC vulnerable at ~1,200 logical qubits; Gidney RSA-2048 estimate reduced to under 1M physical qubits. Global quantum investment surged to $17.3B. Google introduces 2029 PQC migration timeline; Pentagon targets 2030 full PQC implementation. Android 17 integrating ML-DSA for PQC digital signatures at device scale. 2026 designated "Year of Quantum Security" by FBI/NIST/CISA.

Ivanti EPMM zero-days CVE-2026-1281 and CVE-2026-1340 (both CVSS 9.8) exploited in the wild since July 2025 — Germany's BSI confirmed state-linked exploitation 6 months before public disclosure. Both flaws enable unauthenticated RCE on mobile device management servers. Fortinet, WatchGuard, and Palo Alto edge devices also compromised in sustained 2026 attack campaigns targeting government, defence, and healthcare sectors.

China and Russia account for 57% of global state-sponsored cyber operations (2026). Salt Typhoon compromised US telecom providers including AT&T and Verizon, stealing metadata of political figures. Volt Typhoon maintains multi-year persistence in US energy, water, and transport CNI. Waterfall Threat Report 2026: nation-state and hacktivist attacks on critical infrastructure doubled YoY. Finland National Security Overview 2026 flags Russian and Chinese cyber espionage targeting government and CNI. BRICKSTORM malware actively deployed against VMware vSphere and Windows cloud platforms.

Insider risk costs hit $19.5M per organisation annually, up 20% since 2023 (Proofpoint 2026). 90% of organisations experienced at least one insider incident in the past 12 months. 94% report AI is increasing insider risk exposure — 74% describe it as moderate to significant. 39.7% of AI interactions involve sensitive data (Cyberhaven Labs 2026). Fastest data exfiltration: 1.2 hours from initial access, with one case at just 4 minutes. Shadow AI usage added $670K to average breach cost (IBM 2026). 74% of organisations rank negligent insiders as their top concern, ahead of malicious actors (59%).