The median threat actor researched or used AI assistance in 15 different documented techniques, with some Actors leveraging as many as 40 or 50.

40% higher click rates make mobile devices the new favorite target.

Only 26% of critical vulnerabilities were fully remediated by organizations in 2025, a drop from the previous year’s 38%.

The median time for full resolution of critical vulnerabilities went up to 43 days, almost two weeks more than the previous year’s 32 days.

69% of ransomware victims didn’t pay.

265 unique automotive-specific vulnerabilities identified in Q1 2026

28% increase in automotive vulnerabilities in Q1 2026 compared to Q4 2025

102% year-on-year increase in automotive vulnerabilities (Q1 2026 vs Q1 2025)

Q1 2026 automotive vulnerabilities span 77 unique CWEs

Q1 2026 automotive vulnerabilities map to 25 distinct TTPs in the Auto-ISAC Automotive Threat Matrix

Web and Local Shell combined for 33% of Q1 2026 automotive attack vectors

In-vehicle and Backend systems accounted for more than 81% of Q1 2026 automotive vulnerability targets

PCA identified 14 unique methods of entry in the Q1 2026 automotive threat landscape

77 distinct CWEs mapped in Q1 2026, up from 64 in Q4 2025

Pwn2Own Automotive 2026 had a record 73 entries

Quarkslab's audit of EVerest open-source EV charging stack found 6 high-severity, 6 medium-severity, 5 low-severity and 3 informational issues

Ultra-Fast Wireless Charging hack drained 76% of EV power on the Alpitronic HYC50 commercial DC fast charger

DefenseWeaver multi-agent LLM identified 11 critical attack paths across four automotive projects in TARA testing

Quarkslab bypassed the 16-byte RH850 debug password protection using voltage fault injection

Kenwood DNR1007XR aftermarket head unit exposes a Linux login prompt over UART at 115200 bps via a hidden board-edge connector