.svg){kind=spacer}
April 3, 2026
The article says Darktrace’s 2026 threat report found a clear shift away from classic exploit-driven break-ins toward identity-led intrusions, where attackers log in using stolen or misused accounts instead of “breaking in” through software flaws. That is happening even though publicly disclosed vulnerabilities still rose 20% year over year. Darktrace says this pattern is especially visible in cloud and SaaS environments: in the Americas, nearly 70% of incidents started with stolen or abused accounts, and in Europe 58% began with compromised cloud accounts and email. The report’s core point is that cloud adoption has moved the main battleground from network perimeters to user identities, SaaS access, and privileged accounts.
It also says attackers are using AI and better social-engineering tradecraft to make that identity abuse faster and harder to detect. Darktrace analyzed 32 million phishing emails and found more AI-assisted and more convincing campaigns in 2025, including longer personalized lures, a 28% increase in QR-code phishing, heavy use of newly registered malicious domains, and the fact that 70% of phishing emails still passed DMARC checks. The article’s practical takeaway is that traditional perimeter defenses are no longer enough on their own: organizations need stronger monitoring of user behavior, account misuse, and abnormal access patterns, especially across cloud, Microsoft 365, and other connected services where one compromised account can quickly turn into a much larger breach.
