2026 Cyber Trend Report | Hunt & Hackett Discover key cybersecurity trends for 2026, including the rise in identity-based attacks, exploitation of technical debt, and how attackers are using AI to scale their operations.

The 2026 edition of our Trend Report is out now ⬇️

Underpinned by data from more than 54,000 investigations conducted by our SOC and Incident Response team in 2025, the report provides a bottom-up view of the threats facing Dutch organisations.

Download here: www.huntandhackett.com/2026-cyber-t...

ENISA released its Threat Landscape 2025.

It offers a detailed look at how Europe’s cyber ecosystem is evolving. The picture that emerges shows growing strain, where interconnected systems and persistent threats keep testing resilience.

Read the report here: www.enisa.europa.eu/publications...

Raising security with organization-wide YubiKey (FIDO2) in Entra ID Find out how Hunt & Hackett transforms incident response challenges into scalable solutions using open-source software and a DevOps mindset.

🔐 New #blogpost

At H2, we recently moved from authenticator apps to #YubiKey (FIDO2) for company-wide MFA in Entra ID.

Why? Because it enables phishing-resistant, passwordless sign-ins at scale, raising the bar for our security.

Read about our journey here: www.huntandhackett.com/blog/raising...

Cyber espionage impacts more organisations than you think.

Join our next CyberConnect on Sept 9 in The Hague to learn how these operations work, who gets targeted, and see a live demo of tracking campaigns.

Sign up today: www.huntandhackett.com/understandin...

Hope you enjoy these as much as we did!

What’s the best thing you’ve read, watched, or tinkered with lately? Drop it in the comments! Our Hunters are always looking for their next rabbit hole. 🔍

🧵 7/7

Security Challenges in AI Agent Deployment: Insights from a Large Scale Public Competition Recent advances have enabled LLM-powered AI agents to autonomously execute complex tasks by combining language model reasoning with tools, memory, and web access. But can these systems be trusted to f...

𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐂𝐡𝐚𝐥𝐥𝐞𝐧𝐠𝐞𝐬 𝐢𝐧 𝐀𝐈 𝐀𝐠𝐞𝐧𝐭 𝐃𝐞𝐩𝐥𝐨𝐲𝐦𝐞𝐧𝐭
The largest AI agent red team ever: 1.8 million prompt-injection attacks, 60k policy violations, and proof that most agents still have a long way to go.

👉 arxiv.org/abs/2507.20526

🧵 6/7

CIS-Hardened Debian 12 AMI with Packer and Ansible How I built a CIS-hardened Debian 12 AMI using Packer and Ansible, with notes on IAM permissions and automation for reproducibility.

𝐂𝐈𝐒-𝐇𝐚𝐫𝐝𝐞𝐧𝐞𝐝 𝐃𝐞𝐛𝐢𝐚𝐧 12 𝐀𝐌𝐈

A reproducible recipe for spinning up a CIS-benchmarked Debian AMI. Cloud-init friendly, and only skips the rules that actually make sense to skip.

👉 behzadan.com/posts/0004-c...
🧵5/7

FortiWeb Pre-Auth RCE (CVE-2025-25257) Hey! and welcome to another THEY BURNED MY BUG episode. This time, we introduce CVE-2025-25257. An SQLi that I spotted back in Feb. in case someone burn them before i get my bragging rights8157d429953...

𝐅𝐨𝐫𝐭𝐢𝐖𝐞𝐛 𝐏𝐫𝐞-𝐀𝐮𝐭𝐡 𝐑𝐂𝐄

From SQL injection to RCE in Fortinet’s WAF. Creative payloads, root-level fun, and a few laughs along the way.

👉 pwner.gg/blog/2025-07...

🧵 4/7

Cracking the Vault: how we found zero-day flaws in authentication, identity, and authorization in HashiCorp Vault - Cyata | The Control Plane for Agentic Identity Introduction: when the trust model can’t be trusted Secrets vaults are the backbone of digital infrastructure. They store the credentials, tokens, and certificates that govern access to systems, servi...

𝐂𝐫𝐚𝐜𝐤𝐢𝐧𝐠 𝐭𝐡𝐞 𝐕𝐚𝐮𝐥𝐭

Nine zero-days in HashiCorp Vault. Subtle logic flaws, the first public RCE in Vault, and a reminder that “secure” isn’t always secure.

👉 cyata.ai/blog/crackin...

🧵3/7

Training Specialist Models | Outflank Training specialized LLMs with reinforcement learning with verifiable rewards (RLVR), using evasive malware development as a case study.

𝐓𝐫𝐚𝐢𝐧𝐢𝐧𝐠 𝐒𝐩𝐞𝐜𝐢𝐚𝐥𝐢𝐬𝐭 𝐌𝐨𝐝𝐞𝐥𝐬
Small, self-hosted LLMs that can outshine the big guys — if you train them for one very specific, very sneaky job.

👉 www.outflank.nl/blog/2025/08...

🧵2/7

𝐖𝐡𝐚𝐭 𝐚𝐫𝐞 𝐨𝐮𝐫 𝐇𝐮𝐧𝐭𝐞𝐫𝐬 𝐢𝐧𝐭𝐨 𝐫𝐢𝐠𝐡𝐭 𝐧𝐨𝐰? 👀

We stumble across so many good things from the cybersecurity community and beyond, and we thought it'd be nice to share them.

So, here are some of the things our Hunters have been diving into lately:

🧵1/7

SEO Poisoning Campaign Targets 8,500+ SMB Users with Malware Disguised as AI Tools SEO poisoning delivers trojanized tools, targeting SMBs and spreading malware via fake websites

⚠️ Malware campaigns are hijacking SEO to trick users into downloading fake tools like PuTTY and ChatGPT.

A recent article by @thehackernews.bsky.social shows over 8,500 SMB users were targeted.

Head over to their website to read the full article: thehackernews.com/2025/07/seo-...

Threat Actor Profile: Sandworm

Linked to Russia’s GRU and active in 60+ countries, Sandworm targets critical infrastructure with sabotage, espionage, and disruption. Curious to learn more about this APT? Explore their threat profile in our Members' Portal:

www.huntandhackett.com/members/acto...

Turning incident response challenges into scalable solutions Find out how Hunt & Hackett transforms incident response challenges into scalable solutions using open-source software and a DevOps mindset.

🚨New #blogpost: This week we’re unpacking our journey using open-source software to build a cloud-based IR lab from scratch, highlighting key obstacles and how we turned them into opportunities.

🔗www.huntandhackett.com/blog/turning-incident-re...

#detectionsfromthesoc #captcha #infostealer #cryptbot #soc #bec | Hunt & Hackett Launching #DetectionsFromTheSOC 🚀 We're happy to announce our new series, 𝘋𝘦𝘵𝘦𝘤𝘵𝘪𝘰𝘯𝘴 𝘧𝘳𝘰𝘮 𝘵𝘩𝘦 𝘚𝘖𝘊, in which we share a behind-the-scenes look of how our SOC detects, investigates, and responds t...

Launching #DetectionsFromTheSOC 🚀

We're excited to announce our new series, 𝘋𝘦𝘵𝘦𝘤𝘵𝘪𝘰𝘯𝘴 𝘧𝘳𝘰𝘮 𝘵𝘩𝘦 𝘚𝘖𝘊, in which we share a behind-the-scenes look of how our SOC detects, investigates, and responds to real-world threats.

Head on over to our LinkedIn to check it out: www.linkedin.com/feed/update/...

🎤 We’re taking the stage at Hague TIX on June 10!

Hunt & Hackett is proud to sponsor and speak at one of Europe’s leading threat intel events. Diving into strategic cyber defence, Lazarus & SeaTurtle ops, and Europe’s cyber resilience.

#HagueTIX #ThreatIntel

Our next CyberConnect session is coming up: Security in Motion!

Visit our website for more information, and to sign-up:
www.huntandhackett.com/security-in-...

Improving AFD Socket Visibility for Windows Forensics & Troubleshooting This blog post explains the basics of Ancillary Function Driver API and how it can help explore networking activity on Windows systems.

🚨 New blog!

We dive into reverse-engineering AFD.sys (a hidden part of Windows networking) to surface live socket data from other processes. This unlocks new capabilities for forensics, debugging, and reverse engineering.

Read it here: www.huntandhackett.com/blog/improvi...

We've updated our threat landscape on the logistics sector 🚛

On it, you'll find detailed actor overviews, analyses of recent cyberattacks in the logistics sector, and insights into emerging cybersecurity trends.

Curious? Take a look: www.huntandhackett.com/members/sect...

Crisisworkshop voor advocaten Cyberincidenten zijn aan de orde van de dag – en als advocaat ben je vaak de eerste persoon die gebeld wordt. Maar wat zijn je eerder acties?

Op 16 mei organiseren we een interactieve workshop voor advocaten die cliënten adviseren op het gebied van privacy, informatiebeveiliging en incident response.

Meer informatie kun je vinden op onze website: www.huntandhackett.com/crisisworksh...

Securing Operational Technology: Fast Response, Strong Recovery In this session, Hunt & Hackett and Xebia will collaborate to strengthen Operational Technology security, ensuring rapid response and resilient recovery. Register now.

Join us at Google Amsterdam for our next session:

Securing Operational Technology: Fast Response, Strong Recovery

We’re hosting a session on how to boost operational resilience, secure OT environments, and align with evolving regulations.

Sign-up now:
www.huntandhackett.com/securing-ot

Yesterday, our security experts discussed the evolving threat landscape surrounding the upcoming NATO summit in The Hague.

A great opportunity to highlight cyber threats beyond the traditional security community; cross-domain awareness is key in today’s threat landscape.

Our hunters tackled the 44th edition NN Marathon Rotterdam! 🏁

Their legs might be sore today, but the bliss of victory was more than worth it. After all, every win starts with a challenge.

Huge respect to everyone who took on #demooiste with us. See you at the next one.

The Evolving Threat of OT: Do You Know Your Weak Spots? Discover how operational technology (OT) is becoming an increasingly attractive target for cyber threats—and learn how to identify and secure your organisation’s most vulnerable entry points.

New #blog post in collaboration with Xebia ⚔️

As businesses become more interconnected, Operational Technology (OT) is increasingly targeted by cyber threats. In this blog, we explore OT security and raise awareness about its growing risks.

Read it here: www.huntandhackett.com/blog/evolvin...

Hegseth orders pause in offensive US cyber operations against Russia The reported directive from the defence secretary comes during an American push to end the war in Ukraine.

🌎With the U.S. deprioritizing Russian cyber threats, barriers that once deterred Russian hackers from targeting Europe are fading.

Is your organization prepared?

www.bbc.com/news/article...

2025 Cyber Trend Report | Hunt & Hackett Discover key cybersecurity trends for 2025, including increasing nation-state attacks and the impact of Gen-AI, with expert insights and practical guidance for Dutch organizations to enhance resilienc...

Excited to share our 2025 Trend Report, which explores key themes shaping the cybersecurity landscape, including the #cybercrime economy, the impact of #GenAI, nation-state threats, the #NIS2 Directive, and more!

Download the full report here: www.huntandhackett.com/2025-trend-r...

Cybersecurity for the Agriculture sector | Hunt & Hackett We help you with the strategic, tactical and operational side of a cybersecurity program, fully optimized for the real threats in the agriculture sector.

🚜 We've updated our Threat Landscape of the Agriculture sector 🌱

Find out about all our latest insights - including APTs, TTPs, recent developments, and a look behind-the-scenes - here ➡️ huntandhackett.com/threats/sect...

#CyberSecurity #Agriculture #ThreatIntel #ThreatLandscape

Universiteiten kwetsbaar voor cyberaanvallen: ’Bevinden ons in kennisoorlog’ Zijn Nederlandse onderwijsinstellingen wel voldoende voorbereid op digitale aanvallen? Donderdag debatteert de Tweede Kamer over kennisveiligheid en de screeningswet die moet regelen dat onderzoekers ...

🚨Dutch universities are facing more cyberattacks than ever - but many still lack the security measures to stop them.

In an interview with @telegraaf.nl, our co-founder Ronald Prins stresses the need for a proactive cybersecurity approach.

Read the article here ➡️ www.telegraaf.nl/nieuws/29515...

Membership Request | Hunt & Hackett Gain exclusive access to detailed cyber threat research on sectors, countries, and threat actors. Sign up for free.

Find out more about how different threat actors operate and the evolving threat landscape by visiting our member portal.

Become a member: www.huntandhackett.com/members/regi...

Direct (member) link: www.huntandhackett.com/_hcms/mem/lo...

7/7

While TU Eindhoven works on mitigating the incident, it’s worth asking: how do we ensure that institutions leading in innovation can continue to do so securely? Are we doing enough to protect the data and research that drive progress? Or how can we help, let us know!

6/7