Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

In 2026, threat intelligence isn’t just about tracking malware families or IP reputation. It’s about catching the earliest signals of identity abuse: stolen credentials, suspicious logins, token misuse, and privilege escalation attempts that move fast through cloud and SaaS environments. Credential abuse remains a key initial access vector, accounting for 70% of breaches. In response, modern threat intelligence tools are prioritizing identity signals.

We’re excited to share new updates and enhancements for February, including: For more info on these updates, check out the list below and dive into the detailed articles. Please join the Egnyte Community to get the latest updates, chat with experts, share feedback, and learn from other users.

Traditional detection methods and point solutions often focus on fraud detection at a single point. Identity platforms and orchestration layers help fraud fighters detect patterns and stop scaling attacks. But there’s a growing fraud vector called identity muling that’s particularly difficult for some fraud systems to detect. Below, we’ll explore how identity muling works, what it looks like from a fraud fighter’s perspective, and what you can do to protect your organization.

Your board wants a pentest, your compliance team needs a SOC 2, and you’ve got 47 browser tabs open, comparing penetration testing providers, where every vendor in the $2–3 billion market claims they’re ‘comprehensive’ and ‘best in class.’ Yet after 2 hours, 3 videos, and 7 guides, you are still not sure which provider fits your situation.

In April 2025, a logistics firm suffered a breach that followed a pattern security teams are seeing with increasing frequency—one that began with a single forgotten API. It wasn’t a zero-day exploit, or a sophisticated nation-state intrusion. It was an exposed development endpoint—one that had quietly been left online long after its purpose was served.

Per PwC’s Global Compliance Survey 2025, 85% of organizations report that compliance requirements have become more complex over the past three years, increasing the risk of non-compliance and violations or fines. ‍ In the current age, compliance coexists with evolving vulnerabilities like unpredictable AI adoption and higher cybersecurity risks.

For legal organizations, the integrity of communication isn't just a business requirement, it’s a foundational pillar of the profession. Whether it’s a sensitive case strategy, a confidential merger agreement, or personal client data, the information contained within firm emails represents an immense amount of trust and significant liability. However, as law firms increasingly migrate to cloud environments like Microsoft 365, they face a double-edged sword.

For marketing, a JavaScript tag is a growth lever. Something that’ll allow your business to target the right people, run personalized campaigns, and onboard more customers with less spend. For your security team, though, it’s a different story. The third-party scripts and tags on your pages can be a shadow PHI disclosure pipeline that quietly avoids detection, sidesteps your server-side controls, and transmits sensitive member data to third parties without triggering a single alert.

Between January 2025 and January 2026, Arctic Wolf tracked an extensive cyber espionage campaign that we assess was conducted by SloppyLemming (also known as Outrider Tiger and Fishing Elephant), an India-nexus threat actor, targeting government entities and critical infrastructure operators in Pakistan and Bangladesh.

The modern threat landscape is an ever-evolving battlefield of innovation and escalation. Thanks to the rapid adoption of artificial intelligence, both attackers and defenders now have powerful new tools at their disposal. But who has the edge when it comes to the artificial intelligence (AI) arms race? Unsurprisingly, the answer is complicated.