🤖 Dear internet users and fellow Cyberdefenders,
SITUATION REPORT — January 2026.
The calm is over. Not so long ago, dozens of companies were obliterated without a single alarm going off. No missile. No explosion. Just an audio file, a fake video call, an AI assistant remotely manipulated. The enemy is already inside.
Since the first incidents of 2025 — Salt Typhoon, React2Shell, the collapse of CISA — digital defense lines have fallen one by one. In 2026, attacks no longer need to code: they think.
And you? You authorize a transfer at 2:00 p.m. You talk to your CEO over video at 3:00 p.m. You open an innocent-looking link at 3:30 p.m. By 4:00 p.m., your information system is locked down, your customers panic, your image collapses.
54% of executives have understood it: this is no longer a firewall issue — it’s a strategic survival issue. They are rearming their companies, outsourcing critical functions, securing identities, and training employees like an army on campaign.
Intelligence confirms that hostile AI can replicate your manager’s voice, hijack your internal assistants, or infiltrate your systems by exploiting your own business tools.
Now is the time to choose: be a spectator of the fall… or an actor in the resistance. This newsletter is your combat manual. It delivers the gaps, the enemy’s tactics, and concrete responses to restore your defensive superiority.
Highlights :
👉 CEOs are finally taking cybersecurity seriously... and they’re right! 🛡️
👉 Salt Typhoon, React2Shell, deepfakes… 2025 spared no one 🚨
👉 AI-boosted phishing, Shadow AI, hijacked identities: 2026 is shaping up to be toxic 🤖
If this letter was forwarded to you, subscribe by clicking this link
🗞️ Guess what ?
Cybersecurity is no longer an IT matter. As a result, 54% of executives rank cybersecurity above other risks. Outsourcing, business continuity, and the talent shortage are redefining the security/business balance.
The year 2025 was a true global stress test. APT attacks, critical vulnerabilities like React2Shell, and CISA restructurings exposed systemic cybersecurity weaknesses.
AI turns every threat into a war machine. Ultra-targeted phishing, credible deepfakes, assistant hijacking... The attack surface is exploding, and companies must take back control.
🤓 Would you like to know more ?
1️⃣ CEOs are finally taking cybersecurity seriously... and they’re right !
Summary : A global study conducted by Rimini Street reveals a strategic turning point : cybersecurity is now a top priority at the executive level, far beyond the IT department. Facing a talent shortage, growing systemic risks, and regulatory pressure, leaders are reshaping their technology, HR, and budget decisions by making security a central pillar. Outsourcing, business continuity plans, and proactive vulnerability management are becoming the new standards for companies exposed to persistent, sophisticated threats.
Details :
Cybersecurity, a board-level priority : The study highlights that 54% of executives rank cyber threats above macroeconomic risks, supply chain issues, or regulation. This is no longer a side topic, but a business priority. All sectors — finance, energy, telecoms — confirm this trend, integrating cybersecurity into long-term strategic plans.
Outsourcing : a resilience lever : 43% of companies already outsource cybersecurity, and 46% are preparing to do so. This shift reflects both the difficulty of recruiting qualified experts and the need to ensure service continuity in the face of growing attacks. In critical sectors, outsourcing is becoming a cornerstone of defense architecture.
Talent shortage : a structural weakness : Leaders report a severe lack of qualified professionals. This gap makes it harder to detect technical flaws, proactively analyze incidents, and implement transformation projects. Result: teams are under pressure, and budgets get absorbed by crisis management rather than innovation.
Security, the #1 criterion for IT investments : When choosing new technologies, security robustness becomes a major selection criterion. The ROI of a cybersecurity project is now measured through reduced risk exposure, operational resilience, and reputation protection in the face of potential incidents.
Vendor dependence : an Achilles’ heel : 35% of executives identify pressure from IT vendors as an operational risk. Forced updates, rigid roadmaps, and hidden costs divert critical budgets. A trend is emerging: regaining control over ERP infrastructure to invest in strategic initiatives better aligned with business needs.
What should be remembered ?
Cybersecurity has crossed a symbolic threshold: it is now governed at the highest level. This shift reflects new maturity in cyber risk management, no longer confined to IT but extending to strategy, HR, compliance, and innovation — an imperative to stay competitive in 2026.
2️⃣ Salt Typhoon, React2Shell, deepfakes… 2025 spared no one
Summary : The year 2025 was marked by a series of major cyber threats, revealing the growing sophistication of APT groups, critical flaws in ubiquitous frameworks like React, and the weakening of key institutions such as CISA. The self-replicating Shai-Hulud malware, attacks on the Salesforce ecosystem, and Salt Typhoon espionage maneuvers show a strategic turn among cybercriminals, now able to exploit both open-source code and software supply chains. These events outline a new era of systemic threats, where even the strongest defense structures were shaken.
Details :
Salt Typhoon : the Chinese APT keeps going : Salt Typhoon, affiliated with the Chinese state, intensified its espionage campaigns by targeting critical infrastructure such as the U.S. National Guard and major telecom companies. Techniques include exploiting poorly protected routers, VPNs, and network appliances — highlighting the urgent need for cross-domain visibility and proactive detection in hybrid IT/OT environments.
CISA weakened : a gap in national defense : Budget cuts imposed on CISA by the Trump administration led to the dissolution of the CSRB and reductions in critical services for local communities. As threats rise, weakening one of the pillars of U.S. cybersecurity creates a dangerous vacuum, especially for smaller administrations lacking internal protection resources.
React2Shell : the nightmare vulnerability of the year : Affecting React Server Components, CVE-2025-55182 received a CVSS score of 10, triggering a wave of exploitation within hours. Its ubiquity in web apps and frameworks like Next.js revealed the unprecedented scale of the cloud attack surface. It illustrates the latent risk tied to popular open-source components.
Shai-Hulud : the viral open-source supply chain attack : This self-replicating malware infected thousands of open-source packages, exploiting CI/CD automation mechanisms. Its ability to spread autonomously by contaminating libraries used by enterprise developers exposed the fragility of software supply chains and triggered emergency countermeasures on platforms like GitHub.
Salesforce : cascading attack via OAuth integration : A compromised GitHub account enabled the theft of OAuth tokens used to access hundreds of Salesforce instances. Major companies were affected, proving that SaaS integrations are now critical targets. This attack marks a turning point in the exploitation of enterprise APIs as primary intrusion vectors.
What should be remembered ?
2025 confirmed that supply chains, open-source components, and SaaS integrations are the new cybersecurity battlefields. Against adversaries able to exploit the smallest software or organizational weakness, the response must be systemic, fast, and embedded in business processes. More than ever, cybersecurity is a matter of global strategy.
3️⃣ AI-boosted phishing, Shadow AI, hijacked identities: 2026 is shaping up to be toxic
Summary : In 2026, AI does not reinvent cyberattacks — it industrializes them. Ultra-targeted phishing, credible deepfakes, assistant hijacking, and Shadow AI push cyber threats to an unprecedented scale. Identity becomes the first attack surface, vulnerabilities are detected and exploited at lightning speed, and companies must now secure every assistant, every interaction, every access token. This new hybrid ecosystem, supercharged by generative AI, forces a complete rethink of cybersecurity practices, combining segmentation, multi-channel validation, and stronger governance of business use cases.
Details:
Tailor-made phishing reaches a new level : Thanks to AI, phishing attacks become ultra-targeted, contextualized by sector, role, or behavior. Attackers generate hundreds of automated variants, test responses, and adapt scenarios. A simple click becomes a formidable entry point. Only robust methods — like out-of-band authentication and behavioral alerts — can limit the damage.
Deepfakes : visual trust is no longer a security guarantee : AI-modeled voices and faces are now credible enough to fool internal processes. Approvals via video calls, voice messages, or phone calls become targets for social engineering. The mistake no longer comes from the content, but from the context. Companies must move from “recognition” to formal verification based on multiple, unforgeable signals.
Shadow AI : the new invisible danger : Like Shadow IT, unapproved AI tools are spreading inside companies: assistants used with personal accounts, informal document sharing, uncontrolled prompts… This generates massive, accidental data leaks outside any control. Clear governance, approved tools, and a precise usage policy become essential to protect business content.
Digital identity, the center of gravity of attacks : Tokens, credentials, API keys, service accounts… cybercriminals target anything that lets them act “on behalf of.” AI makes it easier to spot poorly protected access, create credible fake identities, and orchestrate lateral movement. To counter these attacks, companies must adopt strict access management policies, granular segmentation, and stronger traceability.
Prompt injection and compromised assistants : the enemy is already inside: AI connected to internal tools becomes an attack vector through malicious prompt injection. A simple hidden sentence in an email can trigger unwanted actions. This threat requires an architecture where every assistant is segmented, monitored, and constrained in its interactions, with usable logs and human validation thresholds.
What should be remembered ?
2026 marks a structural transformation of the cyber threat : attacks are faster, better targeted, and infiltrate through everyday usage. Cybersecurity can no longer be purely defensive or reactive — it must become predictive, contextual, and embedded into every layer of the information system. Offensive AI demands a response equal to the stakes.
⚙️ Digital Combat Ops
Deepfakes in business : how to anticipate the shock before it hits
Deepfakes, generated by artificial intelligence, blur the line between reality and manipulation. For businesses, especially SMBs, the risk goes far beyond a simple trick: financial fraud, identity theft, or reputational damage can emerge in just a few clicks.
To protect yourself, it is essential to strengthen authentication, notably through double validation or biometric tools. Training employees also plays a key role by building reflexes when faced with suspicious content. Internal and external communications must be encrypted and centralized, limiting exploitable channels.
In the event of an attack, responsiveness is critical: identify the fake, block access, alert authorities, inform teams, then analyze and fix vulnerabilities. A global approach, combining human vigilance and technological tools, is the best defense to protect the company from the invisible — but very real — threat of deepfakes.
Which AI-boosted cyber threat do you think will be the most critical in 2026 ?
The era of offensive AI is here, and threats are evolving faster than ever. Don't let your organization fall behind in the face of these escalating risks.
Subscribe to our weekly newsletter !
Receive the essential strategic analysis every week to decipher cybersecurity trends, anticipate vulnerabilities, and position your company at the forefront of digital resilience.
