Netcraft Identifies Five Trends Poised to Redefine Cybersecurity in 2026

News provided by

Netcraft

Dec 11, 2025, 08:03 ET

Insights equip security leaders with forward-looking intelligence to prepare for rising threats and evolving digital risks

SALT LAKE CITY and LONDON, Dec. 11, 2025 /PRNewswire/ -- Netcraft, the global leader in brand protection tools and services, website takedowns and threat disruption, today announced a quintet of predictions for the coming year from some of its expert team of threat researchers.

New AI vulnerabilities will continue to emerge 
As AI systems evolve from chatbots to autonomous agents and agentic browsers, new security and data integrity risks are continuing to emerge. The growing complexity of these systems will likely result in data leakage, workflow manipulation, and unintended access to sensitive information. Threat actors may leverage AI agents for reconnaissance, data exfiltration, and even automation of some ransomware operations. At the same time, the possibility of manipulating AI agents themselves presents a lucrative opportunity for fraudsters if developers fail to bake in robust protections.

Phishing-as-a-Service will gain more traction, further complicating fraud detection
Phishing-as-a-Service emerged as a defining shift in 2025, dramatically lowering the technical barrier for cybercriminals and enabling widespread, coordinated phishing campaigns across industries. The trend of "OAuth phishing" also gained traction, where attackers manipulate users into granting malicious third-party app access instead of stealing credentials outright. This represents a new layer of deception and signals a likely expansion to more online platforms in 2026.

Proactive attack surface management will mitigate the impact of persistent vulnerabilities in 2026 
Pervasive, high-severity vulnerabilities across web-facing services will continue to affect the software supply chain. 2025 has seen React2Shell and several vulnerabilities across network devices including FortiWeb and F5 BIG-IP. While some issues can be partially mitigated by web application firewalls, proactive attack surface management (ASM) tools both at nation and enterprise level will increasingly become the buffer that mitigates, contains, or delays large-scale exploitation.

Seasonal events to drive more crime, 2025 attack hot-spots will grow hotter 
Seasonal and event-driven attack patterns, including phishing waves aligned with tax deadlines, the 2026 Winter Olympics, and the U.S. midterm elections, are all likely to be exploited for social engineering lures. Additionally, holiday travel and hospitality brands are expected to be impersonated in large-scale scams. The continued rise of scam call operations, fake investment platforms, and cross-group collaboration among threat actors is another area of the threat landscape to see expansion. Growing partnerships between ransomware and hacktivist groups, such as DragonForce and Scattered Spider, highlight the ongoing convergence of ideological and profit-driven cybercrime, a trend that will likely intensify through 2026.

Industries with downstream impact will remain most attractive targets for bad actors 
In 2026, industries with broad downstream impact, such as managed service providers (MSPs), insurance, and consulting, will remain prime targets for threat actors seeking access to other victims. Fintech, especially segments tied to under-regulated assets and crypto markets, will continue to struggle with maturing their security infrastructure. Meanwhile, logistics, shipping, and retail sectors may see phishing lures tied to tariffs or shipping-related themes.

Robert Duncan, vice president of product strategy, Netcraft, said: "In 2026, we'll see continued growth in Chinese Phishing-as-a-Service operations, more convincing video deepfakes, and increasingly coordinated multi-channel scams. AI will introduce new risks, such as prompt injection, while enhancing the quality and scale of existing fraud. Defenders will need to adapt just as quickly, relying on earlier insight and faster disruption to stay ahead. At Netcraft, we're concentrating on shortening that gap and surfacing threats earlier and minimizing the window in which they can cause harm."

About Netcraft
Netcraft is a global leader in online brand protection and digital risk management, trusted by CISOs and security teams at many of the world's most valuable companies, largest banks, government organizations, and emerging enterprises. Leveraging AI, machine learning, and automation to process more threat data than any other provider, Netcraft takes down nearly one-third of the world's phishing sites and has blocked 225+ million malicious URLs to date. Backed by a deep network across the internet infrastructure ecosystem, Netcraft delivers unmatched visibility, speed, and accuracy at scale. Learn more at www.netcraft.com.  

Media Contact:  
Corey Eldridge
Force4 Technology Communications
[email protected] 

SOURCE Netcraft

21%

more press release views with 
Request a Demo

Also from this source

Netcraft Launches Phone Scam Disruption to Protect Organizations from Growing Threat

Netcraft Launches Phone Scam Disruption to Protect Organizations from Growing Threat

Netcraft, the global leader in brand protection and threat disruption, today announced the launch of a new solution to help protect organizations'...
AI-Powered Phishing, Quishing and Scalable Spoofing: Netcraft Uncovers Emerging Cyber Threats in 2025

AI-Powered Phishing, Quishing and Scalable Spoofing: Netcraft Uncovers Emerging Cyber Threats in 2025

Netcraft, the global leader in brand protection and threat disruption, has uncovered new trends for emerging threats in the first half of 2025,...
More Releases From This Source

Explore

Computer & Electronics

Computer & Electronics

High Tech Security

High Tech Security

Computer Software

Computer Software

Computer Software

Computer Software

News Releases in Similar Topics