Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

2026 is here, and cybersecurity is defined by a critical paradox: despite widespread MFA adoption, credential-based breaches continue to surge. Traditional multi-factor authentication, static, friction-heavy, and often disconnected, no longer stands up to sophisticated threats, such as AI-powered phishing, MFA fatigue attacks, and prompt bombing campaigns, which exploit user behavior rather than technical vulnerabilities.

From real-time payment (RTP) scams to account takeovers to card testing, Visa reports that 98% of merchants experienced one or more types of fraud in 2025. No wonder it has gone down in history as the year these crimes exploded in scope. So what does 2026 have in store? According to the INETCO Team, the coming months will see payment fraud evolve like never before — into something more autonomous and far harder for banks and payment processors to detect using traditional approaches.

Whether pulling items together for a holiday dinner or prepping weekly meals, you need to have all the ingredients necessary to cook the meals you want to eat. Often, this means making a grocery list, checking off items as you take them from the shelves, and, possibly, grumbling when one of the items isn’t available. In the IT and business worlds, audit logging is the shopping list that helps organizations with compliance readiness.

When data programs fail, they usually fail in two very different ways. Weak data governance shows up as overexposed databases, long-lived credentials, and access that quietly expands far beyond intent, often until it’s exploited. Weak data management really breaks trust from the inside out with stale or inconsistent data, pipelines that stall under their own complexity, and bottlenecks that slow decision-making.

Claude Code, originally just auto-complete on steroids for IDEs, shows a lot of promise for becoming a major tool in the DFIR/detection engineering/security analyst’s toolbox. Whether it’s Claude Code’s support of MCP, agent skills, or general ability to quickly figure out how to accomplish a given task, it is rapidly becoming more than a code generation tool. This is the first of a three-part series.

Early 2026, Moltbot a new AI personal assistant went viral. GitGuardian detected 200+ leaked secrets related to it, including from healthcare and fintech companies. Our contribution to Moltbot: a skill that turns secret scanning into a conversational prompt, letting users ask "is this safe?".

Let’s catch up on the more interesting vulnerability disclosures and cyber security news gathered from articles across the web this week. This is what we have been reading about on our coffee break! Are you one of the “20%”?

As enterprises move toward agentic operations, speed without data accuracy becomes a liability. At Forward Networks, we recognized this challenge and set out to deliver a solution: speed backed by mathematical accuracy. In networking, acting on incomplete or approximate data is not an inconvenience, it is a cause of outages, security exposure, and operational risk.

In Pac-Man, ghosts seem pretty easy to dodge. You’re clearing the maze, racking up points, three more pellets away from leveling up. Then, out of nowhere, they close in and cut off all hope of escape. Womp womp. Game over. In today’s enterprise environments, “ghost” or orphaned accounts represent a similar hidden risk. They appear low-impact, lingering in forgotten corners of the IT maze.

One of my first intentional “to-dos” this year has been spending time with the World Economic Forum’s Global Cybersecurity Outlook 2026, a report I was privileged to actively contribute to over the past year. For KnowBe4 customers, this report offers more than trend analysis. It provides a baseline of where organizations stand today, what separates resilient organizations from less resilient ones, and why the human factor is now central to cyber resilience.