December 2025
This report explores React2Shell’s rapid weaponization and GRU-aligned campaigns targeting misconfigured cloud and edge environments.
Shifting Power, Expanding Attack Paths, and Infrastructure Turned Against Itself
January’s activity illustrates how quickly geopolitical events translate into real targeting and how emerging automation layers can become unexpected privilege pathways. This report breaks down the operations, vulnerabilities, and campaigns defining the start of 2026.
Inside the report:
- Cyber-enabled action around the Venezuela operation and follow-on activity from aligned actors
- AI agent access risks highlighted by weak permissions and a critical ServiceNow impersonation flaw
- Ink Dragon converting compromised IIS servers into relay infrastructure to mask operations
Download the full report to understand the evolving threat landscape and how to fortify your defenses.
Questions or comments about the report are welcome! Please email us at [email protected] to get in touch.
