Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Picture this. You’re a data engineer at a healthcare company with millions of patient records in Snowflake. HIPAA requires you to protect PII before sharing data with researchers or running analytics. So you tokenize the data. And your system catches fire. Your joins break. Your ETL pipelines fail. BI dashboards return wrong results. ML model training jobs crash. All because something fundamental changed about your data architecture.

As a threat intelligence team, our job is to separate noise from persistence in the cybersecurity threat landscape. In this article, we assess the threats most likely to remain and evolve through 2026 based on the threat actors, campaigns, and malware we have tracked and researched during the last year. Our work centers on tracking adversaries with a strong footprint in the underground ecosystem: forums, Telegram channels, data leak sites, and marketplaces where cybercriminals operate.

It is not always malware or a sophisticated tool that results in cyber threats. Sometimes, this happens through a convincing email or a request that appears trustworthy. There have been occasions where attackers created a moment of urgency to lead someone into clicking, sharing, or approving without realizing the consequences. This is social engineering. Social engineering threats are becoming more dangerous.

Kubernetes workloads comprise more than just container images—they encapsulate state, storage dependencies, service endpoints, and intricate metadata. A naive “lift and shift” approach that moves persistent data, manifest files, and images overlooks the crucial platform-specific configurations required for true application fidelity.

On October 13, 2025, security researchers from FearsOff identified and reported a vulnerability in Cloudflare's ACME (Automatic Certificate Management Environment) validation logic that disabled some of the WAF features on specific ACME-related paths. The vulnerability was reported and validated through Cloudflare’s bug bounty program. The vulnerability was rooted in how our edge network processed requests destined for the ACME HTTP-01 challenge path (/.well-known/acme-challenge/*).

Artificial intelligence (AI) adoption is fast becoming a strategic necessity for modern businesses. With adoption continuing at pace, a carefully considered strategy is essential for gaining or maintaining a competitive advantage, managing downside risk and addressing the continued regulatory, legal, ethical and operational complexities presented by AI.

Open source is one of the best things to ever happen to software development. It is also one of the easiest ways to accidentally ship legal obligations you did not sign up for. Most teams know they rely heavily on open-source dependencies. Fewer teams know exactly what licenses those dependencies use, what obligations come with them, or how those licenses travel through transitive dependencies and container images. That gap is what we call open-source license risk.

Traditional HIPAA response plans were built for the incidents everyone can picture, like a compromised server, ransomware in the network, or unauthorized access to a clinical database. But website PHI leaks are different altogether. Often, there’s no attacker and no break-in. The leak comes from authorized tracking pixels or third-party analytics scripts simply collecting and sending data as designed, but on pages where it should never touch patient information in the first place.

CVE-2026-23745 is a high-severity path traversal flaw in node-tar (the tar library for Node.js). Versions ≤7.5.2 fail to sanitize linkpath in hardlink and symlink entries when preservePaths is false (default secure mode). Malicious tar archives bypass extraction root restrictions, enabling arbitrary file overwrite via hardlinks and symlink poisoning via absolute targets. Discovered January 2026, patched in 7.5.3. Impacts npm ecosystems, CI/CD pipelines, and apps extracting untrusted archives.

We are surrounded by generative AI tools, cloud-based solutions, and AI assistants that often perform functions for us. We tend to share data with them for smoother operations and to automate our work for enhanced productivity. The non-human tools are a playground for cybercriminals to access the data and damage critical infrastructures. So, it is paramount for us, especially organizations, to protect the shared information, along with the access rights of the non-human entities.