Cert-IST 2026 report on attacks and vulnerabilities in 2025
Date : March 06, 2026
The aim of this report is to highlight the general tendencies and threat evolution to help the community to enhance their protections.
This document is available:
- In French : Bilan Cert-IST 2026 sur les failles et attaques de 2025
- In English : Cert-IST 2026 report on attacks and vulnerabilities in 2025
The analysis begins by deconstructing the three most significant events of the past year:
- The ToolShell Crisis: SharePoint Red Alert
- Targeting the “Guardians”: F5 and Red Hat Consulting
- Delegated Identity Compromise: The Salesforce Wave
The report then provides a deep dive into threat actors:
- Focus on the state-sponsored threat
- An analysis of cybercrime
- A focus on hacktivism
- An examination of the increasingly blurred boundaries between these actors
It also reviews key trends observed throughout the year:
- Software Supply Chain integrity under pressure
- Human infiltration and insider threats
- Zero-days and the exploitation of edge devices
- DDoS: Reaching new thresholds of power
- Social Engineering: Automation and emerging techniques
- Artificial Intelligence: An operational accelerator
- The ongoing prevalence of crypto-asset theft
Finally, the document concludes with a review of Cert-IST productions (security advisories, alerts) and outlines projections and defense strategies for 2026.
