cybersecurity

Identity remains key to cybersecurity with stolen IDs opening the door to many attacks. And with the rise of AI agents and machine identities it isn’t just just humans that we have to worry about. Here’s what some leading industry figures think we can expect from the identity landscape in 2026.

Itamar Apelblat, CEO and co-founder of Token Security, thinks compliance frameworks will need to be rebuilt to account for AI agents. “Traditional compliance models were designed for human-centric workflows, and they are already breaking. Over the next year, frameworks will evolve to recognize AI agents as workforce identities with their own permissions, accountability requirements, and control expectations. Organizations that fail to adapt will fall out of step with regulators and customers.”

Attackers will always use tactics that are proven to work and with more business turning to SaaS for their systems obviously these apps are on the cybercriminal’s radar.

We spoke to Martin Vigo, lead offensive security researcher at SaaS security company AppOmni, to explore the reasons why SaaS apps are such fertile ground for attackers.

A new survey of CISOs at North American hospitals finds that 43 percent identified complete device visibility as the challenge they would most want to solve immediately, followed by ransomware threat detection (24 percent) and compliance automation (22 percent).

The study from Asimily also uncovered fragmentation in how hospital security teams approach vulnerability remediation. Only 22 percent of hospital CISOs base their prioritization on device usage and criticality, which is the most effective method for focusing resources on the highest-risk assets. Meanwhile, 18 percent rely on manual review and 15 percent report having no clear process at all for addressing IoMT (Internet of Medical Things) vulnerabilities.

The task of the CISO has historically been an underappreciated one. But as businesses wake up to the fact that cybersecurity issues can represent a threat to the entire business it has taken on more significance.

Here’s how a range of industry experts see the future for CISOs and their role as we head into 2026.

According to a new report 52 percent of public vulnerabilities bypass leading web application firewalls (WAFs). Yet over 91 percent of bypassed vulnerabilities can be mitigated when rules are tailored with AI for the actual vulnerability and application context instead of generic attack patterns.

The report from Miggo Security is based on analysis of a sample of 360+ CVEs for WAF testing across leading WAF vendors.

A new report from endpoint management company Action1 shows cyber incidents have become the norm in schools worldwide, with most IT leaders now adopting a more realistic view of their cybersecurity readiness.

But despite rising budgets, persistent staffing shortages and structural barriers continue to leave learning environments exposed to increasingly sophisticated threats, especially AI-driven phishing and ransomware.

A new report reveals that 95 percent of organizations now rely on AI tools to generate code, yet only 24 percent apply comprehensive IP, license, security, and quality evaluations to that AI-generated code.

The study from Black Duck shows that that organizations without strong dependency management, automation, and SBOM validation are already falling behind on their ability to detect and remediate critical issues.

A new campaign uses mass registration of fake online shop domains to impersonate legitimate retailers, facilitate financial fraud, and in certain instances, distribute malware through counterfeit checkout systems and redirect payloads.

Identified by the research division of BforeAI, analysis of the campaign’s registration and DNS telemetry indicates a well-structured operation with distinct clusters, primarily originating from Chinese infrastructure providers and utilizing domain privacy services to obscure attribution.

It’s the time of year again when industry executives like to peer into their crystal balls and try to predict what the future might hold.

We’ll kick off this year’s roundups with a look at quantum, something which has been hovering on the edge a major breakthrough for a few years now but, so far, has always seemed to be just out of reach from a commercial perspective. Is that set to change in 2026?

The banking, financial services and insurance (BFSI) sector has been the most targeted in 2025 accounting for 17.8 percent of all incidents (172 incidents out of 966) tracked in Cyble’s latest North American Threat Landscape Report.

The report describes a mature leak economy where a small cluster of prolific actors generate many listings, supported by a large ‘long tail’ of smaller sellers -- meaning BFSI data can be sourced by both major brokers and many opportunists.

Regulatory tightening across the EU and UK, including the EU’s new anti-money laundering package and platform-economy rules, as well as emerging age-assurance requirements around online safety, have pushed organizations to formalize identity checks at scale.

But identity verification provider Veriff has published its 2026 Identity Fraud Report, showing that 4.18 percent of all digital identity checks processed through its platform in 2025 were flagged as fraudulent – the equivalent of one in every 25 verification attempts across its global dataset.

Managing identity is one of the more challenging cybersecurity tasks and can soak up a good deal of time and resources.

We spoke to Raz Rotenberg, co-founder and CEO of Fabrix Security, to discuss the rise of self-governing IAM systems that don’t just enforce policy -- but continuously adapt, reason, and remediate access in real time.

A new report reveals that security leaders are facing increased pressure in managing behavioral cybersecurity risk as the workforce transforms to include AI.

The study from KnowBe4, of 700 cybersecurity leaders and 3,500 employees, finds incidents relating to the human element surged by 90 percent in the past year. Examples of ways these incidents can occur include social engineering attacks such as phishing or business email compromise (BEC), risky or malicious behavior and human error.

Attacks on operational technology (OT) are growing more automated and indiscriminate, Forescout Research- Vedere Labs’ latest honeypot analysis shows just how aggressively adversaries are probing industrial systems.

New data shows industrial routers are now the most attacked devices in OT environments, drawing 67 percent of all malicious activity in Forescout’s 90-day honeypot analysis.

More than one in three organizations (37 percent) say AI-driven attacks forced them to adjust their security approach over the past year according to a new report from Netwrix.

The global survey of 2,150 IT and security professionals from 121 countries finds 30 percent say their business uses AI and must now protect it like any other critical system. Compliance is catching up too, 29 percent report auditors now require proof of data security and privacy in AI-based systems.