Global Incident Response Report 2026
AI accelerates Cyber Attacks
The "Global Incident Response Report 2026" by the Unit 42 team at Palo Alto Networks analyzes over 750 serious security incidents in more than 50 countries. The evaluation shows faster, more complex attacks, increasing use of AI and growing risks in identity and supply chain structures.
The "Unit 42 Global Incident Response Report 2026" documents a significant acceleration in cyberattacks. In the fastest cases investigated, only 72 minutes passed between initial access and data exfiltration - four times faster than in the previous year. AI is now being used operationally for reconnaissance, phishing, scripting and attack execution.
Identity-based vulnerabilities continue to play a central role. Compromised credentials, tokens or incorrect identity configurations were involved in almost 90% of the incidents investigated. Attackers use legitimate credentials to move laterally and extend privileges without triggering traditional security mechanisms.
The risk in the software supply chain is also increasing. In 23% of cases, the attack was carried out via third-party SaaS providers. Since 2022, the number of such incidents has increased by a factor of 3.8. Attackers circumvent conventional perimeter security concepts by abusing trusted integrations and dependencies.
The complexity of attacks continues to increase. 87% of the incidents investigated spanned multiple attack surfaces, in complex cases up to ten different environments. Endpoints, networks, cloud infrastructures, SaaS applications and identity systems are often affected simultaneously.
The browser is becoming a central point of attack: almost 48% of incidents involved browser-based activities. Everyday work processes such as email use, web access and SaaS applications are becoming a gateway.
A change can be seen in blackmail attacks. The proportion of encryption-based attacks has fallen from 92% to 78%. Increasingly, perpetrators are foregoing encryption and instead focusing directly on data theft and operational disruptions.
The report identifies misconfigurations, insufficient transparency and excessive trust relationships in complex IT environments as recurring causes. In over 90% of the cases analyzed, configuration errors or gaps in security coverage facilitated the attack. Many organizations operate 50 or more security solutions, making consistent implementation and evaluation difficult.
Palo Alto Networks is also presenting MSIAM (Managed XSIAM 2.0), a managed version of its SOC platform Cortex XSIAM. The offering includes a round-the-clock Security Operations Center with continuous attack detection and processing, proactive threat hunting, automated response and support for various EDR systems.
You might also be interested in
Authorities, industry and IT targeted by cyber criminals
Authorities, industry and IT were most frequently targeted by cyber criminals in 2025. Authorities remained the main target of cyber attacks, as the latest report and situation report "Anatomy of a Cyber World: Global Report by Kaspersky Security...
read more...Post-quantum cryptography: time window is running out
Companies are facing a strategic dilemma: quantum computers will soon be able to crack today's encryption, while many organizations will need years to switch to new security standards. A recent survey shows: The window of opportunity is narrowing,...
read more...Shutdown after only 20 Hours
German companies believe they are inadequately prepared for hybrid threats. According to a Bitkom survey, they would only be able to continue working for an average of 20 hours in the event of an internet outage. 83% of respondents expect a serious...
read more...Three new OT Attacker Groups identified
The new OT/ICS report from Dragos documents a growing number of specialized attacker groups and a significant increase in ransomware activity in industrial environments. Three new OT groups have been identified.
read more...16 % more Cyber Attacks in Germany in January
As Check Point's Monthly Cyber Threat Report shows, there were 16 percent more cyber attacks in Germany in January. In Europe, the volume of attacks rose by 18 percent to 1755 weekly attacks per company. In Austria, they rose by 14 percent to 1676,...
read more...Edge Security for Industrial Plants
Advantech uses AI EdgeLabs for Runtime Security
Advantech integrates the AI EdgeLabs platform to implement security and governance functions directly into edge and industrial platforms. The aim is to comply with European cybersecurity regulations such as CRA and NIS2.
read more...Criminals use AI Systematically
Trend Micro warns in a new study of the increasing professionalization of AI-supported cybercrime. Deepfakes, fraud and malware are gaining in importance.
read more...Trend Micro warns of Darknet AI 'Xanthorox'
AI writes Malware at the Touch of a Button
The AI tool 'Xanthorox' is supposed to generate malicious code automatically and is advertised in criminal forums. According to Trend Micro, it is less powerful than claimed, but shows how easily attackers can use generative AI for cyberattacks.
read more...These Groups shaped the Malware Landscape in 2025
The "Nastiest Malware Report 2025" from OpenText names the most dangerous players of the year. AI, social engineering and identity theft are shaping a new wave of targeted attacks - from ransomware to data theft.
read more...