Intel 471: 2026 Cyber Threat Trends & Outlook

Our latest annual report is here. Explore our comprehensive assessment of 2025’s cyber threat landscape and a forward-looking view of what these developments signal for defenders in 2026. Use these insights prioritize monitoring and collections, align hunting to the techniques that surfaced rapidly.

Key Findings — 2025 at a Glance:

• AI is an accelerator, not the engine: AI is boosting adversary efficiency — but it’s not the core driver of profit-motivated operations.
• Forum gravity shifted: The DarkForums cybercrime forum emerged as the primary choice for English-speaking threat actors in 2025.
• Key ransomware-as-a-service groups: Qilin emerged as the most dominant force in the market.
• Extortion at an all time high: Supply chain attacks drove extortion figures up by 63% from last year, continuing an upward trend that began in 2022.
• IAB activity declined: Although a commodity on the underground, we observed a 27% decrease in claims compared to 2024, but an increase in new entrants
• Top stealers by downloads: Three information stealers dominated downloads this year: Lumma, Stealc and Vidar strains.
• Weaponized CVEs: We reported over 500 vulnerabilities and 80% of these either were weaponized or productized.
• Hacktivism disruption and noise: We tracked 700+ hacktivist responses in the cybercrime underground, of which over 80% were driven by propaganda and DDoS attacks,