There were 264 publicly disclosed ransomware attacks in Q1 2026, a 15% decrease year-on-year.

Organizations with weak NHI management pay approximately $150,000 more to recover from incidents than average.

74% of organizations cite coordinating vulnerability prioritization and remediation as their biggest security issue.

74% of IT and security professionals have experienced vulnerabilities in third-party applications.

65% of technology leaders invest in AI-powered observability to gain deeper, real-time insights into their digital ecosystems.

The "Qix" campaign used 25 packages to compromise over 2.5 million downloads.

Germany increased to 8.74%, becoming the third largest adversary infrastructure hosting location and overtaking both Hong Kong (7.22%) and the Netherlands (6.51%).

Cobalt Strike accounted for 38.4% of all OST output (3,944 of 10,272 tracked OST instances), maintaining its position as the primary adversary framework.

Pwn2Own Automotive 2026 in Tokyo produced 76 unique zero-days and $1.047 million in payouts

DrainDead portable EV battery siphoning rig was built for approximately €1,200 using a solar inverter and CCS adapter

Ultra-Fast Wireless Charging attack synchronises with the charger's signal within only three cycles, defeating frequency hopping countermeasures

160 Medium, 75 High, and 16 Critical automotive vulnerabilities identified in Q1 2026

Synacktiv chained an information leak with an out-of-bounds write to achieve a full win against Tesla infotainment via USB at Pwn2Own Automotive 2026

Most EVs in DrainDead testing allowed indefinite battery siphoning with repeated session resets; only some (e.g. Volkswagen group) halted discharging after around 60 seconds

Hands-on-keyboard intrusions against financial institutions spiked 43% globally and 48% in North America over the past two years.

43% of CISOs report Employee Awareness Training is the top-ranked challenge for ransomware mitigation.

Organizations with weak NHI management are 22% more likely to experience financial theft.

WhiteSnake Stealer was the most widely observed infostealer family, accounting for 31.6% of all tracked output, followed by RedLine at 23.9%, Rhadamanthys at 17.1%, and StealC at 6.9%.

Human element was present in 62% of breaches

206 unique automotive vulnerabilities identified in Q4 2025, a 19% increase over Q3 2025